Evaesdrop On Anyone Anywhere for $300- ThreatWire CrossPost
Added 2020-08-11 18:56:24 +0000 UTCAcademic researcher and doctoral candidate at Oxford, James Pavur spoke at Black Hat 2020 as well as DEFCON about the ability for attackers to eavesdrop on signals from pretty much anywhere on the globe with $300 of readily available equipment. Remote camps, planes, and ships at sea use Satellite ISPs for connectivity. Users connect with a satellite and the satellite beams the signal back down to a hub, which is routed to the internet. Traffic sent downlink is broadcast with many other customers, and Pavur discovered this data is sent in a wide beam format. That data could hit not only the ISP’s satellite, but also an attacker’s dish listening in from some other location.
Using a satellite dish, like ones used for TV, a PCIe satellite tuner card, and software called EPS Pro which helps customers figure out where to point TV receiver dishes, then looking for artifacts in a radio spectrum, he was able to find feeds. An attacker could record and analyze the feed to determine if it’s a TV channel or internet traffic, and whether its sent in a format easily parsed by WireShark, or using the newer protocol called Generic Stream Encapsulation or GSE for short. Enterprise users use GSE, so Pavur’s team wrote a tool called GC Extract to reconstruct any corrupted GSE data.
Pavur’s team was able to see communications from wind turbines, between a lawyer and their client, ship information and fishing boats, a subsea repair ship, cargo vessels, and a billionaire’s yacht, many of which were transmitting data in clear text. Their findings have been responsibly disclosed to the tested individuals, and the FBI even released an advisory about VSAT signals.
Good News from BlackHat on Voting
We got some good news during BlackHat this year: While voting machine hacking villages have been around at hacker cons for the last several years, it took this long for one of the major manufacturers to finally get on board with security researchers by implementing a vulnerability disclosure policy and program. Election Systems & Software (ES&S for short), announced their new policy on Wednesday, releasing a PDF about their program which covers all digital assets including IT networks and public facing websites run by the company.
While their policy doesn’t cover testing of state and local government election related networks or assets, ES&S stated for anything not owned by their company, they’ll still accept reports as a result of research under their policy. This news will allow security researchers to find vulnerabilities without the threat of legal action from ES&S, and it waives restrictions with regards to any work done under the policy. Back in 2018, ES&S criticized DEFCON attendees for trying to test their voting machines against hacks, so this is a complete turn around from their previous opinions of security researchers.
In 2019, a total of 35 systems were found to be connecting to the internet, and several voting machines seen at these cons have had vulnerabilities. With this news, hopefully we’ll see more election system companies building their own policies and programs to swiftly handle election security.
Support me on alternative platforms! https://snubsie.com/support
Shop ThreatWire Merch Directly! - https://snubsie.com/shop
Shop ThreatWire Merch on Teespring! - https://teespring.com/stores/shannons-store-24
http://www.youtube.com/ShannonMorse?sub_confirmation=1 -- subscribe to my tech channel!
ThreatWire is only possible because of our Patreon patrons! Sign up now for ACTION ALERTS! Help me reach our next ThreatWire goal to unlock merch tiers and an audio podcast! https://www.patreon.com/threatwire
Links:
BlackHat / DEF CON RoundUp!
Satellite comms can be hacked:
https://www.youtube.com/watch?v=ku0Q_Wey4K0
https://threatpost.com/black-hat-satellite-comms-eavesdropping-hack/158146/
Voting machines:
https://threatpost.com/black-hat-voting-machine-vendor-embraces-hackers/158085/
https://www.cyberscoop.com/ess-election-security-vulnerability-disclosure-black-hat/
