Avoidable Viasat Satellite Hack Causes Headaches Across Europe And Ukraine
from the as-predicted dept
For literally more than a decade researchers have been warning that global satellite telecommunications networks were vulnerable to all manner of attacks. These attacks vary in nature but allow an intruder miles away to both intercept and disrupt satellite communications. In 2020 hackers again clearly demonstrated how these perpetually unresolved vulnerabilities were putting millions of people at risk.
Fast forward to 2022 and a major hack of Viasat’s satellite systems has caused, you guessed it, massive problems for an estimated 27,000 users. The attack on Viasat’s KA-SAT satellite system, suspected to be the work of the Russian government, appears to have been intended to disrupt Ukraine communications in the lead up to war, but managed to impact a very large chunk of Europe:
Viasat told Reuters that the cyberattack Viasat says was made possible courtesy of a misconfiguration in a “management section” of its network. The impact was severe enough that many users of the satellite in Germany, the UK, France, the Czech Republic, and elsewhere found that their modems had effectively been bricked and “rendered unusable.”
Thousands still remain offline across Europe—around 2,000 wind turbines are still disconnected in Germany—and companies are racing to replace broken modems or fix connections with updates. Multiple intelligence agencies, including those in the US and Europe, are also investigating the attack. The Viasat hack is arguably the largest publicly known cyberattack to take place since Russia invaded Ukraine, and it stands out for its impact beyond Ukraine’s borders. But questions about the details of the attack, its purpose, and who carried it out remain—although experts have their suspicions.
Such spillover impact is routine in such attacks. The attack not only impacted basic broadband connectivity, 5,800 wind turbines in Germany were knocked offline, preventing them from being reset remotely should problems develop.
Again, this could have been avoided if companies had heeded researchers and white-hat hacker warnings. But instead, the dominant paradigm tends to be to try and silence those researchers, or misdirect our attention toward security and privacy issues that grab easy headlines, but are less of a direct threat (see: the two year long Trump-era freak out about TikTok).
Vulnerabilities such as the ones in satellite networks, or the massive, obvious security and privacy problems in the “internet of broken things” sector, tend to be downplayed and ignored because they’re “boring” for the press and politicians. As a result, there’s little incentive to do better. Wash, rinse, and repeat.
Filed Under: broadband, cybersecurity, hack, hacking, russia, satellite, telecom, ukraine, vulnerability
Comments on “Avoidable Viasat Satellite Hack Causes Headaches Across Europe And Ukraine”
Unless there are punishments forthcoming for Viasat, nothing will change.
We like to pretend its wrong to kick the victim when they are down, but these assholes left the keys in the running mercedes, while they just popped into the store for a ‘second’ despite 300 signs warning them the car will be stolen.
The fact that researchers can show that they were warning of something like this happening long before it happened, should increase penalties.
If the cost of doing nothing is less than any fine, what motivation do corporations have?
Corporations don’t have morals, corporations don’t have our best interests at heart, corporations exist to make money and until such time that non-action costs them they will keep ignoring the issue.
A fix that would have cost them pennies to implement, should end up costing them enough that the next company decides perhaps a 1 cent loss per shareholders dividend is worth it to avoid the fines for doing fuckall.
This also reminds me of satellite TV providers
I recall a time when at least one satellite TV provider had the opportunity to render a customer’s modem permanently unusable upon an accusation of theft of service. Not just cease recognizing the subscriber’s card, but actually get the modem into a state where it would not work again, even if the dispute were resolved.
A person I know had his modem bricked in this fashion. (He’d paid his bills; the fault was entirely on the provider’s side.) There was no compensation for the fact that he had to purchase a new modem. He never did business with that provider again.
Somehow, it appears to be legal, or at least unchallenged, for a provider to damage customer-owned equipment upon an unproven accusation. A system that’s set up for that sort of corporate retaliation is always going to have a path to be hijacked in just this way.
Dunno about modems, but satellite TV has a bad history of providers willfully broadcasting malware.
The two most infamous:
“Black Sunday attack” (DreckTV) was malware which damaged smartcards by overwriting a one-time-programmable (OTP) area with “GAME OVER” and corrupting the card so that its embedded processor would go into an endless loop on power-up. Infamously, the first sighting of this on-air was on a Superb Owl Sunday during the big game.
“Americas Top One” (a reference to DishNetwork, although ExpressVu in Canada was a bastardisation of the same equipment and had the same problem) was malware which damaged the contents of the TSOP flash memory which contained the receiver firmware. It would corrupt five bytes of flash so that the receiver would only receive one channel – usually 101 or whatever the first channel was on DN at the time. The receiver is the property of the viewer in most cases, so on the face of this there probably is some illegality in doing this, but the providers tried to keep themselves out of jail by claiming that they still owned the firmware. A bit of a stretch, given that the box won’t work without the firmware and there’s no provision for the box’s rightful owner to load some other firmware to tune standard DVB-S broadcasts outside the package. There was some message to the effect of “a serious problem has been detected with your receiver”, call 1-800-EAT-POOP (I don’t remember what the actual number was, but it was a trick to fool victims into identifying themselves to the offending provider).
No idea why the providers who did this sort of thing are still in business. Most likely they have too much money and too many lawyers. It’s not as if we don’t have enough mischief to data laws on the books, after all.
Fairly predictable, then. Digital communications and satellite infrastructure isn’t built to adhere to national borders, so there will be collateral damage outside of the target nation.
The question is how such things are considered by the unwitting targets. With traditional types of infrastructure, breaking a neutral state’s resources could very well be considered an act of war. If this is shown to definitely be a sanctioned act from the Russian government and it proves to be something other than a mild inconvenience, things could get messy very quickly, even if Russian only intended to silence Ukrainian comms.
From what I’ve read it seems modems were rendered useless by malicious firmware updates because why would anyone sign firmware stuff with strong cryptographic keys to avoid such attacks eh? This war is a shitshow no matter the angle you look at it but a lot of what is happening could have been prevented if people simply took… wait for it… specialists all over the world warnings a bit more seriously.
A strong cryptographic signature only tells where the firmware came from.
If the origin server is compromised (as occurred with the malicious Russian attack on Ukraine’s MeTax update server) all bets are off. If the original vendor is doing something malicious (such as DreckTV’s “Black Sunday attack”, Dish’s “America’s Top One” malware or the bastardised versions of the same on ExpressVu) again all bets are off.
This isn’t the first time an update mechanism has been used to send out something malicious. There’s a whole spectrum of supply chain attacks which could come into play.
This could make things much worse
“The attack on Viasat’s KA-SAT satellite system, suspected to be the work of the Russian government, appears to have been intended to disrupt Ukraine communications in the lead up to war, but managed to impact a very large chunk of Europe”
And as Russia escalates its physical attacks on Ukraine there’s no reason to think it won’t also escalate its cyber attacks. So the next one that hits targets a bit further afield than intended could end up doing real damage in a NATO country, or worse, causes actual deaths. That could be a trigger that turns this into much larger and more terrifying war.
> For literally more than a decade researchers have been warning that global satellite telecommunications networks were vulnerable to all manner of attacks.
Quite a lot more than a decade. [Captain Midnight](https://en.wikipedia.org/wiki/Captain_Midnight_broadcast_signal_intrusion) hacked HBO’s satellite signal in 1986.