Researcher Ruben Santamarta discusses major vulnerabilities discovered in SATCOM equipment; Researcher Josep Rodriguez discloses security flaws in Extreme Networks WingOS, used in millions of devices globally
Las Vegas, NV – August 10, 2018 — IOActive, Inc., the worldwide leader in research-driven security services, today announced two new research papers that were fully disclosed this week at Black Hat Las Vegas and DEF CON 26. Ruben Santamarta, Principal Security Consultant, presented his Black Hat talk “Last Call for SATCOM Security” on Thursday, August 9 at 2:30pm PT and Josep Pi Rodriguez, Senior Security Consultant, will present his DEF CON talk, “Breaking Extreme Networks WingOS: How to Own Millions of Devices Running on Aircrafts, Government, Smart Cities and More” on Sunday, August 12 at 11am PT.
“Even though they are two unique bodies of research, both Ruben and Josep’s talks address supply chain risks that underscore the importance of why we must prioritize security for mission critical networks that many vital industries, including aviation and transportation, rely upon,” said Jennifer Steffens, CEO of IOActive. “As we celebrate our 20th anniversary this year, IOActive’s commitment has never been stronger in helping vendors find and fix major vulnerabilities like these ones. Our mission is and always has been to improve security overall and make the world a safer place.”
Santamarta’s research builds on his 2014 findings, describing theoretical scenarios that could result from the weak security posture of satellite communications products. Four years later, Santamarta’s Black Hat research reveals how hundreds of in-flight aircraft, military bases and maritime vessels are accessible through vulnerable SATCOM infrastructure.
IOActive’s team worked with the aviation industry, in conjunction with the Aviation Information Sharing and Analysis Center (A-ISAC), to ensure that the potential risks identified but couldn’t be tested were satisfactorily addressed. In addition, they confirmed that no critical flight operation systems were affected.
“The consequences of these vulnerabilities are shocking. Essentially, the theoretical cases I developed four years ago are no longer theoretical,” said Santamarta. “To my knowledge, my Black Hat talk is the first public demonstration of taking control, from the ground and through the Internet, of SATCOM equipment running on an actual aircraft.”
Santamarta tested additional devices in his latest research and examined attacks using SATCOM antennas, finding that several of the largest airlines in the U.S. and Europe had their entire fleets accessible from the Internet with hundreds of connections exposed. Maritime vessels around the world could also be placed at risk to attackers, as their SATCOM antennas could be used to expose the crew to RF radiation. Ultimately, this turns SATCOM devices into tools to cause radiation hazards and disruptive RF transmissions.
In related research, Rodriguez’s DEF CON presentation will highlight several critical vulnerabilities he found in Extreme Networks embedded WingOS, which was originally created by Motorola. This operating system is used globally in millions of Motorola, Zebra and Extreme Networks devices.
“This research actually started with a focus on an access point widely used in many aircrafts in worldwide airlines,” Rodriguez said. “As time went by, we realized this embedded operating system is not only used in access points for aircrafts, but also in healthcare, government, transportation, smart cities, small to big enterprises and more.”
To learn more about Santamarta’s research, please download his white paper.
To learn more about Rodriguez’s research, please read his blog.
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from security advising to penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 1000 companies across every industry trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions. Visit www.ioactive.com for more information. Read the IOActive Labs Research Blog: http://blog.ioactive.com. Follow IOActive on Twitter: http://twitter.com/ioactive.
Michelle Schafer, Merritt Group for IOActive
Augustus Walton, Spark Communications for IOActive
US: +44 (0) 207.436.0420