Anything that is programmed can be hacked. This is the first law of cyber security, and we have yet more proof of the validity of this law today.
According to a respected digital security researcher, the location-tracking devices used in the giant satellite network operated by Globalstar Inc can be hacked and transmissions intercepted or even fed false data.
The issue here is that data from the the GPS location devices is not encrypted in transit like Globalstar’s satellite phone services are, notes Synack researcher Colby Moore, who is giving a paper on the exploit at next week’s Black Hat security conference.
Globalstar representatives did not respond to requests for comment about the vulnerability of its GPS systems.
Globalstar GPS tracking has fundamentally flawed security system
For security, Globalstar location-tracking GPS systems use a method involving rapid frequency changing and including lots of extraneous data in the transmission. Moore noted in a phone interview with Reuters that these systems “are kind of fundamentally broken from the get-go.”
He continued to note: “I ended up figuring out how to decode the data in transit.” Moore also points out that the GPS tracking system does not even make sure that the data is actually coming from where it says it is coming from.
Unfortunately, the vulnerability in this case is really architectural issue that Moore believes will be very difficult to fix with just a software patch. Although new software could be written to encrypt the traffic in the future, the technology is already embedded inside popular hardware without the ability to encrypt.
Worryingly, Moore commented that his research would not be difficult to replicate, and that criminals and intelligence agencies could well already be spying on Globalstar’s network.
Globalstar tracking devices based on GPS systems are commonly used to monitor shipments by sending longitude and latitude coordinates using low-earth orbit satellites. Tracking devices are also sometimes carried by travelers or used by parents or caregivers to track their charges, and have proven useful on many occasions for search-and-rescue missions.
Moore said it’s also possible that other satellite networks could have similar vulnerabilities to Globalstar’s, but he is not familiar with their networks.