As I expected we keep finding more and more security vulnerabilities in devices that shouldn’t have them: essential control systems that govern the safety of critical infrastructure. The latest batch have been found by my IOActive colleagues in satellite communication (SATCOM) systems.
IOActive analyzed and reverse-engineered publicly-available firmware updates for technologies manufactured by Harris, Hughes, Cobham, Thuraya, JRC, and Iridium. They discovered multiple, high risk vulnerabilities in all SATCOM device firmware studied by IOActive. These vulnerabilities might enable a malicious hacker to intercept, manipulate, block, and in some cases take control of the physical device. The vulnerabilities included hardcoded credentials, undocumented protocols, insecure protocols, and backdoors.
As I’ve suggested before, we might find that Die Hard 4 was rather understated.