Familiar with the refrain “Hack the Planet”? Well, security researchers have made that phrase more literal.
Colby Moore, a researcher at the hacker-for-hire startup Synack, has uncovered a way to crack the global positioning system (GPS) satellite network of Globalstar, a multibillion dollar satellite communications company based in Covington, La.
Globalstar sells devices connected to its satellite network that track the locations of shipments and other goods. Since the company’s technology does not, according to Moore, encrypt data transmitted between such devices and its satellite network, a “man-in-the-middle” attacker can easily spoof the system.
In other words, a hacker can intercept communications beamed over the company’s Simplex data network, and then modify, fake, or jam them. The vulnerability could be exploited by intelligence agents, criminals, or enemy combatants to eavesdrop, steal cargo, or follow troop and supplies movements.
Moore described such systems as “kind of fundamentally broken from the get-go” in an interview with Reuters. Worse, the flaws are not easily addressable; they are architectural in nature, he said, and software patches would not fix them.
“We rely on these systems that were architected long ago with no security in mind, and these bugs persist for years and years,” Moore told Wired. “We need to be very mindful in designing satellite systems and critical infrastructure, otherwise we’re going to be stuck with these broken systems for years to come.”
Moore added that he suspects similar satellite communications systems, beyond Globalstar’s own, could be vulnerable, too.
Though Moore said he alerted Globalstar of the problems six months ago, the company has yet to take action in way of a solution.
Globalstar—which counts many companies in many critical industries among its customers, including oil and gas, shipping, military, and more—replied evasively to Fortune’s request for comment, sidestepping questions about a possible remediation plan and not confirming whether its data in transit are unencrypted:
Globalstar monitors the technical landscape and its systems to protect our customers. Our engineers would know quickly if any person or entity was hacking our system in a material way, and this type of situation has never been an issue to date.
Fortune recently wrote about how freight thieves are turning to cybercrime. This new research represents a chilling development in that trade. The research heralds a world in which products no longer “fall off the truck,” but rather entire trucks, planes, and cargo shipments can “fall off the map.”
Hack the planet, indeed.