Familiar with the refrain “Hack the Planet”? Well, security researchers have made that phrase more literal.
Colby Moore, a researcher at the hacker-for-hire startup Synack, has uncovered a way to crack the global positioning system (GPS) satellite network of Globalstar, a multibillion dollar satellite communications company based in Covington, La.
Globalstar sells devices connected to its satellite network that track the locations of shipments and other goods. Since the company’s technology does not, according to Moore, encrypt data transmitted between such devices and its satellite network, a “man-in-the-middle” attacker can easily spoof the system.
In other words, a hacker can intercept communications beamed over the company’s Simplex data network, and then modify, fake, or jam them. The vulnerability could be exploited by intelligence agents, criminals, or enemy combatants to eavesdrop, steal cargo, or follow troop and supplies movements.
Moore described such systems as “kind of fundamentally broken from the get-go” in an interview with Reuters. Worse, the flaws are not easily addressable; they are architectural in nature, he said, and software patches would not fix them.
“We rely on these systems that were architected long ago with no security in mind, and these bugs persist for years and years,” Moore told Wired. “We need to be very mindful in designing satellite systems and critical infrastructure, otherwise we’re going to be stuck with these broken systems for years to come.”
Moore added that he suspects similar satellite communications systems, beyond Globalstar’s own, could be vulnerable, too.
Though Moore said he alerted Globalstar of the problems six months ago, the company has yet to take action in way of a solution.
Globalstar—which counts many companies in many critical industries among its customers, including oil and gas, shipping, military, and more—replied evasively to Fortune’s request for comment, sidestepping questions about a possible remediation plan and not confirming whether its data in transit are unencrypted:
Globalstar monitors the technical landscape and its systems to protect our customers. Our engineers would know quickly if any person or entity was hacking our system in a material way, and this type of situation has never been an issue to date.
Fortune recently wrote about how freight thieves are turning to cybercrime. This new research represents a chilling development in that trade. The research heralds a world in which products no longer “fall off the truck,” but rather entire trucks, planes, and cargo shipments can “fall off the map.”
Hack the planet, indeed.
- Donald Trump Was Just Indicted. Here's What to Know About the Charges and the Case
- What Could Happen Next for Donald Trump
- Trump's Indictment Drama Showcased His Rivals' Weakness
- Inside Ukraine's Push to Try Putin For War Crimes
- Bad Bunny's Next Move
- Elon Musk Signs Open Letter Urging AI Labs to Pump the Brakes
- Eliezer Yudkowsky: Pausing AI Developments Isn't Enough. We Need to Shut it All Down
- 'How Is This Still Happening?' A Survivor Questions America's Gun Violence Problem
- Cheryl Strayed Will Always Be Here for You
- Who Should Be on the 2023 TIME100? Vote Now