Satellite links for remote networks may pose soft target for attackers

VSATs send data to satellites from remote systems but may not be secured properly, according to IntelCrawler

IntelCrawler, a security company, found thousands of terminals that send data to satellites that may be vulnerable to hackers.

IntelCrawler, a security company, found thousands of terminals that send data to satellites that may be vulnerable to hackers.

Land-based terminals that send data to satellites may pose a soft target for hackers, an analysis from a computer security firm shows.

VSATs, an abbreviation for "very small aperture terminals," supply Internet access to remote locations, enabling companies to transmit data from an isolated network to an organization's main one. The devices are used in a variety of industries, including energy, financial services and defense.

VSATs face the Internet just like any other server, and the terminals have IP address ranges that can be scanned. That's what Los Angeles-based security firm IntelCrawler did to get a feel if the terminals were vulnerable to attack.

Their scan, conducted about three months ago, was benign and the equivalent of walking down a street and knocking on a few doors to see who answers. Depending on the response from the VSAT, cyber investigators can, within legal bounds, get an idea of what attacks could open the device up to spying.

"The door might be six inches open, and of course you're not going go in, but you can see there's a vulnerability there," said Dan Clements, IntelCrawler's president. The company specializes in studying the source of cyberattacks.

It found near 3 million VSATs, mostly in the U.S., of which more than 10,000 were "open," either using default passwords or had open ports, according to a writeup on IntelCrawler's blog.

The issues don't appear to be an inherent problem with the VSATs but rather that the devices have been configured insecurely, a common IT security mistake. Some of the VSATs have telnet, a network communication protocol, enabled while others have default factory password settings

"There's a lot of information that could be used in a nefarious way," Clements said. "Certainly you could put together a plan to go after certain grids or dams or power plants and have access to the centralized network at some point."

One of the largest manufacturers of VSAT is Hughes, a division of EchoStar of Englewood, Colorado, which specializes in satellite and video-delivery services. IntelCrawler found 9,045 open Hughes VSATs.

VSATs from Hughes are used in offsite ATMs, several national central banks, nine out of 10 of Brazil's largest banks and on 90,000 financial sites in countries from Azerbaijan to Zimbabwe, according to a 2012 report from Comsys, a satellite industry consultancy.

IntelCrawler found 313 open UHP VSAT terminals, made by Romantis Satellite Communications of Berlin, and 1,142 VSATs from SatLink, which is owned by Emerging Market Communications.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwaredata protectionintrusionComsysExploits / vulnerabilitiesEchostarIntelCrawlerHughesEmerging Market CommunicationsRomantis Satellite Communications

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Cool Tech

Toys for Boys

Skywatcher Dobsonian 8″ Collapsible Telescope

Learn more >

Family Friendly

Whodunnit™ Duo-Scope MFL-007 Microscope Kit

Learn more >

Stocking Stuffer

Logitech Ultimate Ears Wonderboom 2 Bluetooth Speaker

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?