Satellite tracking technology can be easily hacked with the help of a $1,000 device made of off the shelf components, according to a security researcher who found a flaw in the technology.
Taking advantage of this flaw, criminal hackers could track and hijack valuable cargo, such as military supplies or cash and gold stored in an armored car, according to Colby Moore, a researcher at security firm Synack, who plans to show off his findings at the upcoming Black Hat security conference.
Moore claims that the communications between trackers sold by GlobalStar and its constellation of satellites is insecure, allowing pretty much anyone to intercept it and even send its own spoofed signal to the satellites. This flaw, according to Moore, shows that satellite companies like GlobalStar aren’t taking basic steps to make their technologies secure.
“We’re only at the tip of the iceberg for the implications around this. It’s really critical that these companies start taking security seriously. It’s really critical that these companies start taking security seriously.” - Colby Moore
GlobalStar markets its satellite tracking devices to corporations and government agencies that want to track their valuable assets. They can also be used to monitor industrial critical infrastructure such as pipelines, or to track hikers and other adventurers who use GlobalStar’s consumer tracker called “Spot.”
All these devices, according to Moore, depend on the same, flawed technology, known as the Simplex data network, which is used to send data between the transmitters and the satellites.
More said he was able to reverse engineer the protocol underlying the network and find that all these devices use the same code to transmit data, making it “very easy’ to intercept data flowing from the devices to the satellites.