Security flaws in the Globestar satellite systems makes it easy for hackers to break into Semi-trailers

Imagine a scenario where a truck carrying valuable items is hijacked by some bandits. Seems to be a scene taken directly from the thriller movie, ‘Furious 7’ which recently hit the theaters; however these incidents are occurring in real life due to the vulnerabilities in the asset tracking system of valuable shipments and assets which is being exploited by the hackers.

According to the WIRED, Colby Moore, a security researcher working with Synack has discovered certain vulnerabilities in the asset tracking systems of the valuable shipments and cargo which he plans to discuss at the Blackhat and DefCon security conference which would be held next week in Las Vegas.

As per Moore, asset tracking systems developed by Globalstar and its subsidiaries have certain security flaws which allows a hacker to trace the valuable and sensitive cargo, disable the location tracking system which monitors it and then fool the coordinates in such a way that the hijacked shipment would appear as if it is safely traveling the allocated route. The sensitive cargo could include materials such as gas, volatile chemicals, electronics, military supplies and even nuclear materials.

Moore feels that there could be another possibility wherein hackers could also succeed in confusing the companies and military monitoring check points by feeding wrong coordinates which could result in chaos and ultimately make them believe that their shipment has been hijacked.

Moore adds that this tracking system is not only used for tracking cargo and assets but it is also used for tracking people, for instance, the tracking system is used for search and rescue missions, also in SCADA (Supervisory Control And Data Acquisition) environments wherein the system helps to monitor the high tech engineering projects in remote areas such as pipelines and oil rigs where communication with phones and internet service is impossible. Moore feels that hackers can possibly exploit the vulnerabilities and thus interfere in these systems as well.

Actual working of the Globalstar’s tracking system: 

Basically, the Globalstar’s tracking systems comprises of small device just the size of a hand which needs to be attached to the shipping container, vehicle or equipment. This device communicates with the low-earth orbiting satellite of Globalstar and it keeps sending the latitude and longitude communicates to the satellite.

The SCADA systems on the other hand would send information regarding the operations carried out.

An article published in 2003, gave the details regarding the working of this asset tracking technology. It seems companies could configure the asset trackers in such a way that it would not only monitor the cargo but also trigger an alert in case some events occur in the shipment. For example, suppose due to rise in temperature the level of liquid rises above safe level or say lock of the container gets opened. The tracking device sends message to the satellite which then relays the information to the ground stations which is then conveyed through internet or phone network to the computers of customers.

Another most important hitch in the system is that Globalstar it uses ‘Simplex data network’ which does not use encrypted method of communication. According to Moore, all the communication between the asset tracking devices, orbiting satellites and the ground stations does not authenticate the data which indicates that any kind of data can be transmitted to and fro and thus it is much easier for the hijacker to intercept the communication, spoof it and or even fool the coordinates with mock data.

Moore says: “The integrity of the whole system is relying on a hacker not being able to clone or tamper with a device. The way Globalstar engineered the platform leaves security up to the end integrator, and so far, no one has implemented security.”

In the commonly used asset tracker of Globalstar, the Simplex data transmissions are usually one-way wherein data is transmitted from device -satellite – ground station. This means it is next to impossible to ping back to a device in case one wants to verify if the device is safe and the data transmitted is accurate.

In case of the expensive devices, it works on a combination of satellite and cellular network communication.

Moore says its been around six months that he informed Globalstar regarding the vulnerabilities; however it seems the company has not carried out any steps to fix these vulnerabilities.

Moore adds that Globalstar would need to take serious action for which they might have to re-architect the entire protocol for the tracker-satellite-ground station communication with the appropriate addition of encryption and authentication. If Globalstar plans to just mend the vulnerabilities with some simple software patches that would not help them.

When WIRED contacted Globalstar for comment, the company did not respond.

About Globalstar and its services: 

Globalstar is world’s largest providers of satellite voice and data communications with around four dozen satellites in the space. Besides, it also handles the satellite asset tracking systems which includes SmartOne, SmartOne B, SmartOne C. Some of the top companies which rely on these Globalstar satellites are the oil and gas industry, mining, forestry, commercial fishing, utilities and the military.

The asset tracking devices are developed by Globalstar and its subsidiaries: Geforce and Axon. These trackers are specially used to track the cargo shipping containers, maritime vessels, fleets of armored cars, military equipment and any other expensive goods. The customers of Geforce includes BP, Halliburton, GE Oil and Gas, Chevron and Conoco Philips.

Mostly Geforce markets its trackers to the ‘frac tanks’ which are used in fracking operations such as railway cars, acid and fuel tanks etc.

During a press release held this year, Globalstar mentioned that the SmartOne asset tracking system was launched in 2012 and since then the company has marketed more than 150,000 units in various industries which includes aviation, military and alternative energy.

SPOT Satellite Messenger, is another product developed by Globalstar specifically for hikers, pilots and sailors who travel in remote areas where the cellular network might not be available and hence in case of any emergency this tracker would enable the the search team to find these people in case they are separated from their vehicle.

Moore says he has tested all the tracking devices manufactured by Globalstar, be it for cargo or people, and he found that the basic communication used by Globalstar satellite uses the same Simplex protocol which has the flaws and thus it is vulnerable and can be easily exploited.

Moore also believes that these vulnerabilities are not only confined to Globalstar trackers but probably in other trackers as well. He says: “I would expect to see similar vulnerabilities in other systems if we were to look at them further.”

Moore explained that all the data sent through the Simplex protocol is encoded using the same secret code which can be easily determined by using reverse engineering. He thus says: “The secret codes are not generated on the fly and are not unique. Instead, the same code is used for all the devices.”

During his study Moore build a transceiver for which he spent around $1000, with this device he intercepted the data from the tracking devices which he purchased. He then spent another $300 in the software and hardware which he used to analyze the data and mimic the tracking device.

Moore says he had to build a transceiver; however the hackers would simply use a proper antenna and a universal software radio peripheral to exploit the vulnerability. He believes that the hijackers would identify any shipment containing valuable cargo by intercepting the satellite signals and thus track the movement of the expensive cargo and transmit spoofed data.

Further, these thieves would just physically disable the vehicle’s tracking device or jam the signals and thus send spoofed data of cargo’s location from their laptop which would appear to the customers as if the shipment is travelling its pre allocated route, thus crooks would successfully seize the goods.

Moore mentions that in reality every device has an unique ID which has been printed on its outer casing. The device is also programmed to transmit its unique ID during its communication with the satellites. Thus the hijacker would just need to know this ID and then they can easily target the particular shipment and exploit the communication vulnerability.

Attackers mostly do the research work to know what is being transported in a particular shipment before they carry out the process of hijacking. On the contrary, they can even set up a receiver in a particular area which falls in the route of valuable shipments and thus track the assets as they are moving.

Moore says: “I put this on a tower on a large building and all the locations of devices [in the area] are being monitored. Can I find a diamond shipment or a nuclear shipment that it can track?”

The answer is YES. Because, most of the times the unique IDs on the tracking device is in a particular sequence. Thus, if a commercial or military customer owns multiple devices for tracking assets then it becomes easy for the attacker to determine the IDs of other devices which belong to the same company depending on the ID numbers.

As of now, Moore is not aware as to for what purpose the military is making use of Globalstar’s asset trackers; however if these are used in transportation of goods related to the war zones then these vulnerabilities could be misused by adversaries to track the supplies and use them against the military.

As per Moore’s opinion these technologies are quite outdated as they were designed during the times when security protocols were lax; however taking into consideration the threats faced by the security protocols in the present scenario, it is essential that the company re-architects its protocols as per current requirement.

He thus adds: “We rely on these systems that were architected long ago with no security in mind, and these bugs persist for years and years. We need to be very mindful in designing satellite systems and critical infrastructure, otherwise we’re going to be stuck with these broken systems for years to come.”