This has been revealed by a cybersecurity researcher from the University of Oxford called James Pavur, which has demonstrated how it can intercept real-time traffic from ships, companies and Internet of Things devices; and all from the same fixed point in the UK.
Current satellite connections are not encrypted
The vulnerability has been published after affected parties have been informed of the bug. And it is that there were a multitude of organizations affected, whose traffic could be intercepted through sniffing, being able to obtain sensitive information such as usernames and passwords.
Many companies depend on these connections in areas where fixed networks are very slow or do not exist. And since encrypting the data slows down connections, much of the data sent over satellite is not encrypted, making it vulnerable to anyone who can “hear” the data.
Pavur used a $ 90 antenna and a $ 200 satellite decoder to get the signal. Being geostationary satellites, simply by aiming the antenna at the correct satellite, it could capture all the traffic used by the HTTP protocol.
It is possible to intercept any traffic they emit
Among the information that Pavur found during his tests were data on maritime transport, being able to identify ships, what they transport, what operating systems they use or personal information about the crew, which was transmitted before reaching the port. He also discovered private information about the captain of a millionaire’s yacht, as well as communications sent through the WiFi from an airplane from a law firm.
Although it would be difficult to attack a specific company, it would not be impossible to do so. Aircraft antennas are visible, and by knowing the manufacturer, it is possible to identify which satellite an airplane uses on a trade route in order to hear its communications. Many companies using these communications had the satellite network incorporated as if it were an internal network, without any type of firewall or encryption. Thus, information that the company believed was private was being sent to the world without encryption.
Pavur has informed the affected satellite manufacturers, operators and organizations to use correct encryption on the connections as the connections are currently good enough to guarantee good encryption. In addition, companies must have protection mechanisms in their networks.