Globalstar location-tracking network vulnerable to hacking – researcher
Category : CyberSecurity
Location-tracking devices that communicate with a major satellite network operated by Globalstar Inc can have their transmissions intercepted or mimicked with false data, a U.S. security researcher said on Thursday.
Globalstar, of Covington, Louisiana, has sold hundreds of thousands or millions of the devices, which are widely used for tracking valuable shipments and assets.
The problem is that unlike Globalstar’s satellite phone services, data from the devices is not encrypted in transit, said Synack Inc researcher Colby Moore, who will present his findings at next week’s Black Hat security conference in Las Vegas.
Instead, the system changes frequencies and transmits a great deal of inconsequential data that can be discarded once an attacker figures out the methods involved, as Moore did.
Such systems “are kind of fundamentally broken from the get-go,” Moore said in a phone interview. “I ended up figuring out how to decode the data in transit.” In addition, the system does not make sure that the data is coming from the place it claims.
The flaw is an architectural issue that Moore said would be hard or impossible to patch. New software could be written to encrypt the traffic in future devices, but the technology is already embedded inside popular hardware without that functionality and no clear way to install it.