WebsiteGear Logo Log In
New User? Sign Up
About | Contact | FAQ
  Home News Technology Internet Technology Sunday, August 19, 2018 
Add Press Release News | News Feeds Feeds | Email This News Email

IOActive Reveals Major Satellite Communication and Operating System Vulnerabilities at Black Hat USA 2018 & DEF CON 26
Friday, August 10, 2018

Researcher Ruben Santamarta discusses major vulnerabilities discovered in SATCOM equipment; Researcher Josep Rodriguez discloses security flaws in Extreme Networks WingOS, used in millions of devices globally

LAS VEGAS, Aug. 10, 2018 /PRNewswire/ -- IOActive, Inc., the worldwide leader in research-driven security services, today announced two new research papers that were fully disclosed this week at Black Hat Las Vegas and DEF CON 26. Ruben Santamarta, Principal Security Consultant, presented his Black Hat talk "Last Call for SATCOM Security" on Thursday, August 9 at 2:30pm PT and Josep Pi Rodriguez, Senior Security Consultant, will present his DEF CON talk, "Breaking Extreme Networks WingOS: How to Own Millions of Devices Running on Aircrafts, Government, Smart Cities and More" on Sunday, August 12 at 11am PT.

"Even though they are two unique bodies of research, both Ruben and Josep's talks address supply chain risks that underscore the importance of why we must prioritize security for mission critical networks that many vital industries, including aviation and transportation, rely upon," said Jennifer Steffens, CEO of IOActive. "As we celebrate our 20th anniversary this year, IOActive's commitment has never been stronger in helping vendors find and fix major vulnerabilities like these ones. Our mission is and always has been to improve security overall and make the world a safer place."

Santamarta's research builds on his 2014 findings, describing theoretical scenarios that could result from the weak security posture of satellite communications products. Four years later, Santamarta's Black Hat research reveals how hundreds of in-flight aircraft, military bases and maritime vessels are accessible through vulnerable SATCOM infrastructure.

IOActive's team worked with the aviation industry, in conjunction with the Aviation Information Sharing and Analysis Center (A-ISAC), to ensure that the potential risks identified that couldn't be tested were satisfactorily addressed. In addition, they confirmed that no critical flight operation systems were affected.

"The consequences of these vulnerabilities are shocking. Essentially, the theoretical cases I developed four years ago are no longer theoretical," said Santamarta. "To my knowledge, my Black Hat talk is the first public demonstration of taking control, from the ground and through the Internet, of SATCOM equipment running on an actual aircraft."

Santamarta tested additional devices in his latest research and examined attacks using SATCOM antennas, finding that several of the largest airlines in the U.S. and Europe had their entire fleets accessible from the Internet with hundreds of connections exposed. Maritime vessels around the world could also be placed at risk to attackers, as their SATCOM antennas could be used to expose the crew to RF radiation. Ultimately, this turns SATCOM devices into tools to cause radiation hazards and disruptive RF transmissions.

In related research, Rodriguez's DEF CON presentation will highlight several critical vulnerabilities he found in Extreme Networks embedded WingOS, which was originally created by Motorola. This operating system is used globally in millions of Motorola, Zebra and Extreme Networks devices.

"This research actually started with a focus on an access point widely used in many aircrafts in worldwide airlines," Rodriguez said. "As time went by, we realized this embedded operating system is not only used in access points for aircrafts, but also in healthcare, government, transportation, smart cities, small to big enterprises and more."

To learn more about Santamarta's research, please download his white paper here:

To learn more about Rodriguez's research, please visit our blog here:

About IOActive
IOActive is the industry's only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from security advising to penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 1000 companies across every industry trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions. Visit for more information. Read the IOActive Labs Research Blog: Follow IOActive on Twitter:

View original content:


Email This News Email | Submit To Slashdot Slashdot | Submit To Digg | Submit To | News Feeds Feeds

Nav First Smart China Expo to be Held in Chongqing, Highlighting Smart Technologies' Role to Empower Economy, Enrich Life | Aug 17, 2018
Nav Polygoons Inc. Announces the Launch of its Advanced Augmented Reality Game | Aug 17, 2018
Nav ej4 Recognized by Inc. 5000 for Second Year in a Row | Aug 17, 2018
Nav NetDragon powers the education industry in Africa with leading technology | Aug 17, 2018
Nav Money Magazine Ranks Babson No. 15 Among Best Small Colleges | Aug 17, 2018
Nav Franchise 500 Brands Rank Fishman PR as No. 1 Public Relations Firm in Franchising | Aug 17, 2018
Nav Minister Bains to visit Nanaimo, British Columbia | Aug 17, 2018
Nav United Legwear & Apparel Co. Partners With Epic Games To Launch Fortnite(TM) Bags And Accessories | Aug 17, 2018
Nav The 2018 Global Electronic Contract Manufacturing Services Market: Strategic Business Report to 2024 - Rapid Rise in Demand for Consumer Electronics is a Key Growth Driver | Aug 17, 2018
Nav Sisense Continues to Receive Top Honors For Excellence | Aug 17, 2018

Submit News | View More News View More News