Proving the Business Case for the Internet of Things

Globalstar transmissions can be hacked, claims Synack researcher

August 12, 2015
Location-tracking devices that communicate with a major satellite network operated by Globalstar can have their transmissions intercepted or mimicked with false data, a US security researcher told this week’s Black Hat security conference in Las Vegas.
Globalstar, of Covington, Louisiana, has sold hundreds of thousands or millions of the devices, which are widely used for tracking valuable shipments and assets.
The problem is that unlike Globalstar's satellite phone services, data from the devices are not encrypted in transit, said Synack researcher Colby Moore at the conference. Instead, the system changes frequencies and transmits a great deal of inconsequential data that can be discarded once an attacker figures out the methods involved, as Moore did.
Such systems "are kind of fundamentally broken from the get-go," Moore said in a phone interview. "I ended up figuring out how to decode the data in transit." In addition, the system does not make sure that the data are coming from the place they claim.
The flaw is an architectural issue that Moore said would be hard or impossible to patch. New software could be written to encrypt the traffic in future devices, but the technology is already embedded inside popular hardware without that functionality and no clear way to install it.
Moore said his work would be easy to replicate and that organised crime, intelligence agencies or others may already be eavesdropping on the network.
Tracking-system devices using the Globalstar network are handy for monitoring shipments, sending longitude and latitude coordinates through dozens of low-earth orbiting satellites. They can also carried by travellers and used for search-and-rescue missions.
Some devices send additional binary signals, for example reporting whether an alarm has been tripped, which can also be intercepted and decoded or imitated with false information.
Major oil and gas companies are among Globalstar's customers. Moore said he did not know how many other satellite networks could have similar vulnerability to eavesdropping or faked traffic.
Globalstar issued a statement responding to the criticism. It said: “There have been a myriad of recent press reports about hacking vulnerabilities at well-known companies including Chrysler, GM, Brinks, Target, Sony and others. Wired recently reported on alleged vulnerabilities in the Globalstar simplex system.
“These news stories about Globalstar are based on analysis by Synack, a start-up in the business of identifying possible security flaws for which they then propose remedial measures that they insist we implement. Absent our agreement to do so, they threaten to publically disclose their findings, accurate or not. Without having access to Globalstar's proprietary information, a Synack engineer wrote to the company in March 2015, claiming that Globalstar's simplex data service ‘may suffer’ from security issues. After a thorough review, Globalstar decided that Synack's claims were either incorrect or implausible in practice.
“For instance, one of Synack's claims was that ‘no one has implemented security’ or encryption. Many Globalstar devices have encryption implemented by our integrators, especially where the requirements dictate such because a customer is tracking a high-value asset. Synack was also incorrect when it stated, ‘the protocol for the communication would have to be re-architected’ when in fact, no such re-architecture is required. Synack made a presentation where they continued to make false statements, including that Globalstar has an ‘aging satellite network’, despite the fact that our network is the newest second-generation constellation, having recently been completed in August 2013. Many claims by Synack are simply incorrect, self-serving or misinterpret key information. Like an auto mechanic who discloses a minute problem in a car that he proposes to repair for a substantial price, the Synack representative uses a Rube Goldberg type of analysis and doomsday language to make something appear to be a vulnerability when it is not.
“We at Globalstar take these security threats seriously and are constantly monitoring the technical landscape and upgrading our systems to protect our customers. Globalstar works with a number of organisations in a variety of industries, including governments and militaries, primarily through our reseller network. These integrators customise the solution to the customer's needs, including encryption. For certain applications referenced in the article like nuclear materials and high-value shipping containers, encryption is generally a requirement. For individual customers tracking a jet ski or a family camping trip, encryption is generally not a requirement.
“We are in the business of saving lives daily. Our customers initiated 64 rescues last month alone and more than 3800 worldwide to date. These July rescues included a 14-year-old boy rescued from a New Zealand river on July 3, a gentleman transported out of a severe mountain climbing accident in Canada by helicopter on July 27 and a paraglider in Spain rescued from an accident just days ago on July 29. We will continue to optimise our offerings for security concerns and immediately address any illegal actions taken against our company.”