• Terms and Conditions
  • Privacy Policy
Tuesday, April 13, 2021
No Result
View All Result
The Information Super Highway
  • Home
  • World
    COVID-19 deaths exceed $ 17,000 in the United States: report

    WHO Says COVID-19 Pandemic Is One Large Wave, Not Seasonal

    Flipkart enters the hyperlocal service area with a delivery in 90 minutes

    Flipkart Enters Hyperlocal Service Area With Supply In 90 Minutes

    Life After Lockdown in Mexico City

    Life After Lockdown in Mexico Metropolis

    Indian activist joins the UN chief's youth advisory group on climate change

    Indian Activist Archana Soreng Joins UN Chief’s Youth Advisory Group On Local weather Change

    Chinese Reserve Forces Led by Xi Jinping: Report

    China Discusses 4-Level Plan With Pakistan, Nepal, Afghanistan Amid Pandemic

    France closes the legendary Grand Rex Cinema Hall as the audience drops over COVID

    France Shuts Iconic Grand Rex Cinema Corridor As Viewers Plummets Over COVID

    First volunteer with the British College College's COVID-19 vaccine

    Vaccine Alliance Eyes Value Vary For COVID-19 Photographs, Says $40 Most

    No Evidence That Recovered COVID-19 Patients Won't Be Reinfected: WHO

    Holding Worldwide Borders Sealed Unsustainable COVID-19 Technique: WHO

    Outrage over the live broadcast of the COVID-19 patient by the Bolivia Channel

    World Coronavirus Loss of life Depend Crosses 6.5 Lakh

  • Politics
    Loading the video player

    Live Updates: Biden Signs Executive Orders for Covid Response

    On a Fourth Day of Counting, an Anxious Nation Keeps Waiting

    On a Fourth Day of Counting, an Anxious Nation Keeps Waiting

    Thomas Kaplan

    Joe Biden’s 2020 – The New York Occasions

    Annie Karni

    President Trump’s 2020 – The New York Occasions

    Alexander Burns

    Voters Favor Biden Over Trump on Nearly All Main Points, Ballot Exhibits

    Shane Goldmacher

    How Joe Biden Grew to become the Unlikeliest of On-line Fund-Elevating Superstars

    Ruth Bader, left, on a James Madison High School field day in 1949. She graduated from Brooklyn school in 1950.

    Remembering Ruth Bader Ginsburg – The New York Occasions

    Future Supreme Court Justice in its 1950 James Madison High School yearbook.

    Ruth Bader Ginsburg: Images of Her Rise to the Supreme Court docket

    ‘They Stand on the Shoulders of Giants’: The Next Generation to March on Washington

    ‘They Stand on the Shoulders of Giants’: The Subsequent Era to March on Washington

  • Business
    Equities gain ground as investors wait for US inflation data

    Shares gain ground as investors await U.S. inflation data By Reuters

    Exclusive: Goldman Risk Group examines market events for educational sources in 2021

    Exclusive: Goldman risk group examines 2021 market events for lessons

    SK Innovation shares rise after deal with rival, improving outlook for the US

    Shares in SK Innovation surge after settlement with rival brightens U.S. prospects By Reuters

    Nadal shakes off fitness problems before Monte Carlo returns

    Nadal shrugs off fitness concerns ahead of Monte Carlo return By Reuters

    The US has given 183.5 million doses of COVID-19 vaccines, according to the CDC

    U.S. has administered 183.5 million doses of COVID-19 vaccines, CDC says By Reuters

    Tenderbake Testnet started on Tezos

    Tenderbake Testnet Launched on Tezos By CoinQuora

    No putter, no problem for Kim after snapping at the club angrily

    No putter, no problem for Kim after he snaps club in anger By Reuters

    Canada creates 303,100 jobs in March, unemployment rate drops to 7.5%

    Canada adds 303,100 jobs in March, unemployment rate falls to 7.5% By Reuters

    EOS up 10% in bullish trading

    EOS Climbs 10% In Bullish Trade By Investing.com

  • Science
    A union supporter stands in front of the Amazon Fulfillment Center before sunrise on March 29, 2021 in Bessemer, Alabama.

    Partial count shows Amazon workers rejecting union by a 2-to-1 margin

    An A-frame sign tells guests how to behave on a terrace in the city center.

    US COVID cases “disturbingly high” as Michigan sees dire spike

    The Apple Watch Series 6 has dropped to its lowest price ever

    Apple Watch deals brings red Series 6 to lowest price at Amazon

    An icon for the Twitch app that appears on a smartphone screen.

    Twitch takes additional steps to punish “off-Twitch” user harassment

    Illustration of President Trump's face and a Twitter logo

    Twitter won’t let federal archivists host Trump’s tweets on Twitter

    How a VPN vulnerability allowed ransomware to disrupt two manufacturing facilities

    How a VPN vulnerability allowed ransomware to disrupt two manufacturing plants

    Little cartoon people explain the benefits of Best Buy membership.

    Best Buy takes aim at Amazon Prime with its own membership program

    Portrait of driver wearing protective medical mask

    Riders face long waits as Uber and Lyft struggle to recruit drivers

    According to a new complaint, Google is illegally tracking Android users

    Google illegally tracking Android users, according to new complaint

  • Tech
    Light bulb flickers on and off

    Lecturers are leaving faculties. Will they arrive to startups subsequent? – theinformationsuperhighway

    How to sign up for Apple One

    How to enroll in Apple One

    Coronavirus causes likely PC shipment decline – TechCrunch

    Google had an excellent quarter – theinformationsuperhighway

    Tesla raises price of ‘Full Self-Driving’ option to $10,000

    Tesla raises value of ‘Full Self-Driving’ choice to $10,000

    WhatsApp is now delivering roughly 100 billion messages a day – TechCrunch

    WhatsApp is now delivering roughly 100 billion messages a day – theinformationsuperhighway

    Amazon pegs COVID-19 costs at an estimated $4 billion next quarter – TechCrunch

    Amazon pegs COVID-19 prices at an estimated $Four billion subsequent quarter – theinformationsuperhighway

  • Entertainment
    Kid Cudi Wore A Dress On 'SNL' To Pay Tribute To This Dead Legend | Music

    Kid Cudi Wore A Dress On ‘SNL’ To Pay Tribute To This Dead Legend | Music

    LONDON, UNITED KINGDOM - JUNE 014: (Embarrassed for publication in UK newspapers within 48 hours of date and time set) Prince Philip, Duke of Edinburgh and Prince Harry watch the flyby from the balcony of Buckingham Palace during Trooping the Color, Queen Elizabeth II Birthday Parade on June 14, 2014 in London, England. (Photo by Max Mumby / Indigo / Getty Images)

    Prince Harry Released a Touching Message to Prince Philip

    Lamar Odom Says DMX’s Death Is Part Of ‘A Bigger Plan’ | Celebrities

    Lamar Odom Says DMX’s Death Is Part Of ‘A Bigger Plan’ | Celebrities

    POUNDBURY, ENGLAND - OCTOBER 27: Prince Philip, Duke of Edinburgh and Prince Charles, Prince of Wales attend the unveiling of a statue of Queen Elizabeth the Queen Mother during a visit to Poundbury on October 27, 2016 in Poundbury, Dorset. (Photo by Mark Cuthbert / UK Press via Getty Images)

    Watch Prince Charles Pay Tribute to Prince Philip

    After 44 Years In A North Carolina Prison, Wrongfully Convicted Man Only Receives $750,000

    After 44 Years In A North Carolina Prison, Wrongfully Convicted Man Only Receives $750,000

    Regé-Jean Page Reacts to Krypton Racist Casting Allegations

    Regé-Jean Page Reacts to Krypton Racist Casting Allegations

    Mike Smiff featuring Hotboii - "Cheese"

    Mike Smiff featuring Hotboii – “Cheese”

    PASADENA, CA - MAY 18: Taylor Swift performs on stage during the Taylor Swift Reputation Stadium Tour at the Rose Bowl on May 18, 2018 in Pasadena, California (Photo by Christopher Polk / TAS18 / Getty Images)

    When Will Taylor Swift Be Able to Rerecord Reputation Album?

    DMX’s Brain Activity Test Results Have Been Released

    DMX’s Brain Activity Test Results Have Been Released

  • Lifestyle
    lomotif app

    Lomotif CEO Built A Video App That Rivals TikTok

    M'sian Startup Selling Fine Dining Food In Taco Cups

    M’sian Startup Selling Fine Dining Food In Taco Cups

    Lazada Comfort del Gro

    You Can Now Book A ComfortDelGro Cab On Lazada App

    Surviving MCO With No Ticket Sales & Tourists

    Surviving MCO With No Ticket Sales & Tourists

    Malaysian Online Shop For Turmeric Cold Pressed Juices

    Malaysian Online Shop For Turmeric Cold Pressed Juices

    how bitcoin works

    These Bizs Accept Crypto Payments, But Nationwide Adoption Is Unlikely

    4 Malaysians Added To Forbes Billionaires 2021 List & Their Achievements

    4 Malaysians Added To Forbes Billionaires 2021 List & Their Achievements

    DoctorOnCall Expands Services To Bring M'sian Public Healthcare Online

    DoctorOnCall Expands Services To Bring M’sian Public Healthcare Online

    Naiise pillow

    S’pore Retailer Naiise To Close Its Last Outlet At Jewel Changi Airport

    S'pore Startup GoBear's Brand Acquired By Australian Fintech Firm Finder

    S’pore Startup GoBear’s Brand Acquired By Australian Fintech Firm Finder

  • Shop
  • Home
  • World
    COVID-19 deaths exceed $ 17,000 in the United States: report

    WHO Says COVID-19 Pandemic Is One Large Wave, Not Seasonal

    Flipkart enters the hyperlocal service area with a delivery in 90 minutes

    Flipkart Enters Hyperlocal Service Area With Supply In 90 Minutes

    Life After Lockdown in Mexico City

    Life After Lockdown in Mexico Metropolis

    Indian activist joins the UN chief's youth advisory group on climate change

    Indian Activist Archana Soreng Joins UN Chief’s Youth Advisory Group On Local weather Change

    Chinese Reserve Forces Led by Xi Jinping: Report

    China Discusses 4-Level Plan With Pakistan, Nepal, Afghanistan Amid Pandemic

    France closes the legendary Grand Rex Cinema Hall as the audience drops over COVID

    France Shuts Iconic Grand Rex Cinema Corridor As Viewers Plummets Over COVID

    First volunteer with the British College College's COVID-19 vaccine

    Vaccine Alliance Eyes Value Vary For COVID-19 Photographs, Says $40 Most

    No Evidence That Recovered COVID-19 Patients Won't Be Reinfected: WHO

    Holding Worldwide Borders Sealed Unsustainable COVID-19 Technique: WHO

    Outrage over the live broadcast of the COVID-19 patient by the Bolivia Channel

    World Coronavirus Loss of life Depend Crosses 6.5 Lakh

  • Politics
    Loading the video player

    Live Updates: Biden Signs Executive Orders for Covid Response

    On a Fourth Day of Counting, an Anxious Nation Keeps Waiting

    On a Fourth Day of Counting, an Anxious Nation Keeps Waiting

    Thomas Kaplan

    Joe Biden’s 2020 – The New York Occasions

    Annie Karni

    President Trump’s 2020 – The New York Occasions

    Alexander Burns

    Voters Favor Biden Over Trump on Nearly All Main Points, Ballot Exhibits

    Shane Goldmacher

    How Joe Biden Grew to become the Unlikeliest of On-line Fund-Elevating Superstars

    Ruth Bader, left, on a James Madison High School field day in 1949. She graduated from Brooklyn school in 1950.

    Remembering Ruth Bader Ginsburg – The New York Occasions

    Future Supreme Court Justice in its 1950 James Madison High School yearbook.

    Ruth Bader Ginsburg: Images of Her Rise to the Supreme Court docket

    ‘They Stand on the Shoulders of Giants’: The Next Generation to March on Washington

    ‘They Stand on the Shoulders of Giants’: The Subsequent Era to March on Washington

  • Business
    Equities gain ground as investors wait for US inflation data

    Shares gain ground as investors await U.S. inflation data By Reuters

    Exclusive: Goldman Risk Group examines market events for educational sources in 2021

    Exclusive: Goldman risk group examines 2021 market events for lessons

    SK Innovation shares rise after deal with rival, improving outlook for the US

    Shares in SK Innovation surge after settlement with rival brightens U.S. prospects By Reuters

    Nadal shakes off fitness problems before Monte Carlo returns

    Nadal shrugs off fitness concerns ahead of Monte Carlo return By Reuters

    The US has given 183.5 million doses of COVID-19 vaccines, according to the CDC

    U.S. has administered 183.5 million doses of COVID-19 vaccines, CDC says By Reuters

    Tenderbake Testnet started on Tezos

    Tenderbake Testnet Launched on Tezos By CoinQuora

    No putter, no problem for Kim after snapping at the club angrily

    No putter, no problem for Kim after he snaps club in anger By Reuters

    Canada creates 303,100 jobs in March, unemployment rate drops to 7.5%

    Canada adds 303,100 jobs in March, unemployment rate falls to 7.5% By Reuters

    EOS up 10% in bullish trading

    EOS Climbs 10% In Bullish Trade By Investing.com

  • Science
    A union supporter stands in front of the Amazon Fulfillment Center before sunrise on March 29, 2021 in Bessemer, Alabama.

    Partial count shows Amazon workers rejecting union by a 2-to-1 margin

    An A-frame sign tells guests how to behave on a terrace in the city center.

    US COVID cases “disturbingly high” as Michigan sees dire spike

    The Apple Watch Series 6 has dropped to its lowest price ever

    Apple Watch deals brings red Series 6 to lowest price at Amazon

    An icon for the Twitch app that appears on a smartphone screen.

    Twitch takes additional steps to punish “off-Twitch” user harassment

    Illustration of President Trump's face and a Twitter logo

    Twitter won’t let federal archivists host Trump’s tweets on Twitter

    How a VPN vulnerability allowed ransomware to disrupt two manufacturing facilities

    How a VPN vulnerability allowed ransomware to disrupt two manufacturing plants

    Little cartoon people explain the benefits of Best Buy membership.

    Best Buy takes aim at Amazon Prime with its own membership program

    Portrait of driver wearing protective medical mask

    Riders face long waits as Uber and Lyft struggle to recruit drivers

    According to a new complaint, Google is illegally tracking Android users

    Google illegally tracking Android users, according to new complaint

  • Tech
    Light bulb flickers on and off

    Lecturers are leaving faculties. Will they arrive to startups subsequent? – theinformationsuperhighway

    How to sign up for Apple One

    How to enroll in Apple One

    Coronavirus causes likely PC shipment decline – TechCrunch

    Google had an excellent quarter – theinformationsuperhighway

    Tesla raises price of ‘Full Self-Driving’ option to $10,000

    Tesla raises value of ‘Full Self-Driving’ choice to $10,000

    WhatsApp is now delivering roughly 100 billion messages a day – TechCrunch

    WhatsApp is now delivering roughly 100 billion messages a day – theinformationsuperhighway

    Amazon pegs COVID-19 costs at an estimated $4 billion next quarter – TechCrunch

    Amazon pegs COVID-19 prices at an estimated $Four billion subsequent quarter – theinformationsuperhighway

  • Entertainment
    Kid Cudi Wore A Dress On 'SNL' To Pay Tribute To This Dead Legend | Music

    Kid Cudi Wore A Dress On ‘SNL’ To Pay Tribute To This Dead Legend | Music

    LONDON, UNITED KINGDOM - JUNE 014: (Embarrassed for publication in UK newspapers within 48 hours of date and time set) Prince Philip, Duke of Edinburgh and Prince Harry watch the flyby from the balcony of Buckingham Palace during Trooping the Color, Queen Elizabeth II Birthday Parade on June 14, 2014 in London, England. (Photo by Max Mumby / Indigo / Getty Images)

    Prince Harry Released a Touching Message to Prince Philip

    Lamar Odom Says DMX’s Death Is Part Of ‘A Bigger Plan’ | Celebrities

    Lamar Odom Says DMX’s Death Is Part Of ‘A Bigger Plan’ | Celebrities

    POUNDBURY, ENGLAND - OCTOBER 27: Prince Philip, Duke of Edinburgh and Prince Charles, Prince of Wales attend the unveiling of a statue of Queen Elizabeth the Queen Mother during a visit to Poundbury on October 27, 2016 in Poundbury, Dorset. (Photo by Mark Cuthbert / UK Press via Getty Images)

    Watch Prince Charles Pay Tribute to Prince Philip

    After 44 Years In A North Carolina Prison, Wrongfully Convicted Man Only Receives $750,000

    After 44 Years In A North Carolina Prison, Wrongfully Convicted Man Only Receives $750,000

    Regé-Jean Page Reacts to Krypton Racist Casting Allegations

    Regé-Jean Page Reacts to Krypton Racist Casting Allegations

    Mike Smiff featuring Hotboii - "Cheese"

    Mike Smiff featuring Hotboii – “Cheese”

    PASADENA, CA - MAY 18: Taylor Swift performs on stage during the Taylor Swift Reputation Stadium Tour at the Rose Bowl on May 18, 2018 in Pasadena, California (Photo by Christopher Polk / TAS18 / Getty Images)

    When Will Taylor Swift Be Able to Rerecord Reputation Album?

    DMX’s Brain Activity Test Results Have Been Released

    DMX’s Brain Activity Test Results Have Been Released

  • Lifestyle
    lomotif app

    Lomotif CEO Built A Video App That Rivals TikTok

    M'sian Startup Selling Fine Dining Food In Taco Cups

    M’sian Startup Selling Fine Dining Food In Taco Cups

    Lazada Comfort del Gro

    You Can Now Book A ComfortDelGro Cab On Lazada App

    Surviving MCO With No Ticket Sales & Tourists

    Surviving MCO With No Ticket Sales & Tourists

    Malaysian Online Shop For Turmeric Cold Pressed Juices

    Malaysian Online Shop For Turmeric Cold Pressed Juices

    how bitcoin works

    These Bizs Accept Crypto Payments, But Nationwide Adoption Is Unlikely

    4 Malaysians Added To Forbes Billionaires 2021 List & Their Achievements

    4 Malaysians Added To Forbes Billionaires 2021 List & Their Achievements

    DoctorOnCall Expands Services To Bring M'sian Public Healthcare Online

    DoctorOnCall Expands Services To Bring M’sian Public Healthcare Online

    Naiise pillow

    S’pore Retailer Naiise To Close Its Last Outlet At Jewel Changi Airport

    S'pore Startup GoBear's Brand Acquired By Australian Fintech Firm Finder

    S’pore Startup GoBear’s Brand Acquired By Australian Fintech Firm Finder

  • Shop
No Result
View All Result
The Informaton Super Highway
No Result
View All Result
Home Science

Insecure satellite tv for pc Web is threatening ship and aircraft security

by Y9gvFGIPMP
August 5, 2020
in Science
0
An oversized communication satellite orbits a stylized globe.
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

More than a decade has passed since researchers identified serious privacy and security vulnerabilities in satellite-based Internet services. The vulnerabilities allowed attackers to search and sometimes manipulate data received by millions of users thousands of kilometers away. You might expect providers to fix these shortcomings in 2020 as satellite internet becomes more popular, but you'd be wrong.

In a briefing held online at the Black Hat Security Conference on Wednesday, researchers and Oxford Ph.D. Candidate James Pavur presented results that show that the satellite-based Internet is endangering millions of people, although providers are using new technologies that are said to be more advanced.

Over the course of several years, he has used his perspective on mainland Europe to intercept the signals from 18 satellites that send internet data to people, ships and planes in a 100 million square kilometer swath that stretches from the U.S. and the Caribbean, China and India. What he found is worrying. A small selection of the things he observed include:

  • A Chinese airliner that receives unencrypted navigation information and other avionics data. It was also worrying that the data came from the same connection through which passengers sent emails and searched websites, increasing the possibility of hacking passengers.
  • A system administrator logs on to a wind turbine in southern France, about 600 kilometers from Pavur, and discloses a session cookie that is used for authentication.
  • Intercepting communications from an Egyptian oil tanker who reported a malfunctioning alternator when the ship entered a port in Tunisia. The transfer not only allowed Pavur to know that the ship would be out of service for a month or more, he also received the name and passport number of the engineer who was supposed to fix the problem.
  • A cruise ship sends confidential information about its Windows-based local area network, including the credentials stored in the Lightweight Directory Access Protocol database
  • Email a lawyer in Spain sent a client about an upcoming case.
  • The password to reset the account used to access the network of a Greek billionaire yacht.

Hack satellite communications on a large scale

While researchers such as Adam Laurie and Leonardo Nve demonstrated the insecurity of satellite internet in 2009 and 2010, Pavur has investigated communications on a large scale, intercepting more than 4 terabytes of data from the 18 satellites he was listening to. He has also analyzed newer protocols such as generic stream encapsulation and complex modulations, including 32-ary amplitude and phase shift keying (APSK). At the same time, he has reduced the cost of eavesdropping on these new protocols from $ 50,000 to about $ 300.

"There are still many satellite Internet services today that are vulnerable to the precise attacks and methods used by previous researchers – although these attacks have been publicly known for more than 15 years," Pavur said before Wednesday's lecture. "We also found that some newer types of satellite broadband also had security bugging problems."

The equipment Pavur used consisted of a TBS 6983/6903 PCIe card / DVB-S tuner that allowed people to watch satellite television from a computer. The second piece was a flat panel dish, although he said that any dish that receives satellite television will work. The cost of both: about $ 300.

Pavur used public information that showed the location of geostationary satellites used for Internet transmission, pointed the dish at them, and then scanned the ku band of the radio spectrum until he found a signal that was hidden in the massive amount of noise . From there, he instructed the PCIe card to interpret the signal and record it as a normal TV signal. He then searched raw binary files for strings like "http" and those that correspond to standard programming interfaces to identify Internet traffic.

All unencrypted communications are mine

The setup allows Pavur to intercept almost any transmission that an ISP sends to a user via satellite, but monitoring signals in the other direction (from user to ISP) is much more limited. As a result, Pavur was able to reliably view the content of HTTP sites that a user was browsing or an unencrypted email that the user had downloaded, but was unable to receive customer GET requests or the passwords sent to the mail server.

Although the customer may be in the Atlantic off the coast of Africa and communicate with an ISP in Ireland, the signal they send can easily be intercepted from anywhere within tens of millions of square kilometers because providers have to do this due to the high cost of satellites Beam signals over a wide range.

An attacker from a radius of several tens of million square kilometers can hijack the connection between a ship off the coast of Africa and a ground station in Ireland. "Src =" https://cdn.arstechnica.net/wp-content/uploads/ 2020/08 / attacking-satelliten-comms-640x333.jpg "width =" 640 "height =" 333 "srcset =" https: / /cdn.arstechnica.net/wp-content/uploads/2020/08/attacking-satellite -comms.jpg 2xEnlarge /. An attacker from a radius of several tens of million square kilometers can hijack the connection between a ship off the coast of Africa and a ground station in Ireland.

Pavur explained:

There are several reasons why the other direction is more difficult to grasp. The first is that the beam that connects a satellite to an ISP's ground station is often narrower and more focused (meaning that you have to be within a few dozen miles from the ISP's system to pick up radio waves in that direction). In some cases, ISPs use a different frequency band for bandwidth and performance reasons to transmit these signals. This means that an attack may require devices that are much more difficult to capture commercially and inexpensively. Even if an ISP uses only a normal wide-beam K> u-band signal, it normally sends on a different frequency in each direction. This means that an attacker would need a second set of antennas (not too difficult) and would also have to combine the two feeds correctly (somewhat more difficult).

Et tu, avionics?

In recent years, Pavur has focused on broadcasts sent to everyday users on land and on large ships at sea. That year he turned to airplanes. With the onset of the COVID-19 pandemic, which caused the passenger flight to collapse, the researcher had less opportunity than planned to analyze passenger communication from entertainment systems, in-flight internet services, and on-board femtocells that were used to send and receive mobile signals . (However, he saw a text message in which a passenger received a coronavirus test.)

However, it turned out that the decline in passenger traffic made it easier to focus on the traffic sent to the crew in the cockpit. If one of the crew members fingered a login for a so-called electronic flight bag, the flight deck equipment repeatedly received an HTTP 302 redirection error on the login page of the Wi-Fi service. The redirect format contained the URL of the original request with the GET parameters of the flight bag API. The parameters described the specific flight number and its coordinates, information that gave Pavur a good sense of what the device was doing on board the aircraft.

An electronic flight bag that sends confidential avionics information over HTTP. "Src =" https://cdn.arstechnica.net/wp-content/uploads/2020/08/electronic-flight-bag-http-640x272.jpg "width =" 640 "height =" 272 "srcset =" https : //cdn.arstechnica.net/wp-content/uploads/2020/08/electronic-flight-bag-http.jpg 2xEnlarge /. An electronic flight bag that sends confidential avionics information over HTTP.

James Pavur

The flight bag data was transmitted via the same router for the translation of network addresses as the entertainment and Internet traffic of passengers. In other words, the same physical satellite antenna and the same modem delivered Internet traffic to both the flight bag and the passengers. This suggests that any network segregation that may have occurred was accomplished through software rather than physical hardware separation, which is less prone to hacking.

Hijacking session: The attacker always wins

The use of satellite-based Internet to receive the navigation data puts the crew and passengers at risk from an attack that Pavur developed that allows an attacker to pretend to be the plane with which the ground station communicates. The hack uses TCP session hijacking, a technique in which the attacker sends the ISP that the metadata customers use to authenticate.

Because user traffic is thrown back from a satellite 30 kilometers above the earth – a route that normally results in signal latency of around 700 milliseconds – and the attacker's data is not, the attacker always hits the customer when he reaches the ISP.

Session hijacking can be used to induce airplanes or ships to report incorrect locations or fuel levels, incorrect measurements for heating, ventilation, and air conditioning systems, or to transmit other sensitive data that is falsified. It can also be used to create denials of service that prevent the ship from receiving data that is critical to safe operation.

Features and limitations of hijacking TCP sessions on satellite Internet. "Src =" https://cdn.arstechnica.net/wp-content/uploads/2020/08/tcp-session-hijacking-640x369.jpg "width =" 640 "height =" 369 "srcset =" https: / /cdn.arstechnica.net/wp-content/uploads/2020/08/tcp-session-hijacking.jpg 2xEnlarge /. Features and limitations of hijacking TCP sessions on satellite Internet.

James Pavur

Pavur explained the kidnapping method as follows:

We can convert the bytes from the record in real time on the IP packet layer. Essentially, we wait until we record an entire IP packet from the stream (typically a matter of milliseconds), and then we immediately write that packet to disk. As an attacker, you need to know what kind of data you want to extract from the "noise" of Facebook visitors, etc. To do this, you can use IP addresses or other traffic signatures to identify only the most relevant traffic that you want to programmatically respond to.

A problem in search of a solution

The most common response Pavur receives after sharing his findings is that satellite-based Internet users should simply use a VPN to prevent attackers from reading or tampering with sent data. Unfortunately, the handshakes that each endpoint needs to authenticate with the others result in a slowdown of about 90 percent. The overhead increases the already high latency of 700 milliseconds to a waiting time that makes the satellite Internet almost unusable.

While HTTPS and email-level encryption prevent attackers from reading the page and message text, most domain search queries are still unencrypted. Attackers can learn a lot by checking the data. HTTPS certificates allow attackers to create fingerprint servers that customers connect to.

Left: An unencrypted DNS response indicates that a satellite Internet user is visiting Dropbox. Right: a breakdown of the most visited domains. "Src =" https://cdn.arstechnica.net/wp-content/uploads/2020/08/tls-privacy-640x284.jpg "width =" 640 "height =" 284 "srcset =" https: // cdn .arstechnica.net / wp-content / uploads / 2020/08 / tls-privacy.jpg 2xEnlarge /. Left: An unencrypted DNS response indicates that a satellite Internet user is visiting Dropbox. Right: a breakdown of the most visited domains.

James Pavur

With this information, attackers can identify users who deserve more targeted attacks. Out of 100 ships that Pavur looked at by pseudo-coincidence, he was able to decanonymize and bind them to certain ships.

Ships deanonymized Pavur. "Src =" https://cdn.arstechnica.net/wp-content/uploads/2020/08/deanonymizing-ships-640x296.jpg "width =" 640 "height =" 296 "srcset =" https: // cdn .arstechnica.net / wp-content / uploads / 2020/08 / deanonymizing-ships.jpg 2xEnlarge /. Ships deanonymized Pavur.

James Pavur

Interception of unencrypted navigation maps, device failures on the open sea and the use of Windows 2003 servers with security holes also endanger users considerably. Combined with the use of insecure channels like FTP, an attacker could potentially manipulate maritime data to hide a sandbar or use the data to plan physical interventions.

The magnitude of the problem put the researcher in a dilemma. With tens of thousands of users affected, Pavur was unable to privately notify the vast majority of them. He decided to contact the largest companies that transmitted particularly sensitive data in plain text. He ultimately chose not to identify any of the affected users or companies because the essence of the problem is the result of industry-wide protocols that are unsafe.

"The goal of my research is to highlight the unique dynamics that create the physical properties of space for cybersecurity, and it is an area that has not yet been explored," he said. "Many people think that satellites are just normal computers that are a little further away, but a lot is different with satellites. By highlighting these differences, we can improve security to protect the systems."

Y9gvFGIPMP

Y9gvFGIPMP

Next Post
Unagi, the iPhone of scooters, now has a subscription service – TechCrunch

Unagi, the iPhone of scooters, now has a subscription service – theinformationsuperhighway

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Products Search

Latest

  • Mommy Juice Funny Wine Glass - Best Gifts for Women, Mother, Mom - Unique Valentine's Day Wife Gift Idea from Husband… $16.97
  • Champion Sports Umpire Chest Protector $74.39
  • MICARSKY Digital Alarm Clock for Bedrooms with 3 Alarms Setting, 3 Levels Brightness, Wooden Electronic LED Display… $19.98

Popular News

  • Kid Cudi Wore A Dress On 'SNL' To Pay Tribute To This Dead Legend | Music

    Kid Cudi Wore A Dress On ‘SNL’ To Pay Tribute To This Dead Legend | Music

    0 shares
    Share 0 Tweet 0
  • For the second time this yr, Amazon Video games places a brand new title into hiding

    0 shares
    Share 0 Tweet 0
  • After 44 Years In A North Carolina Prison, Wrongfully Convicted Man Only Receives $750,000

    0 shares
    Share 0 Tweet 0
  • Watch Prince Charles Pay Tribute to Prince Philip

    0 shares
    Share 0 Tweet 0
  • Get Up To 70% Off On Magnificence, Way of life Offers Throughout Off-Peak

    0 shares
    Share 0 Tweet 0

Categories

  • Business
  • Entertainment
  • Lifestyle
  • Politics
  • Science
  • Tech
  • World

About

Theinformationsuperhighway.org provides you latest news and updates on events happening around the world

Category

  • Business
  • Entertainment
  • Lifestyle
  • Politics
  • Science
  • Tech
  • World

Popular

  • Boncas Waterproof Dry Bag, 10L 20L 30L Waterproof Backpack with Phone Pounch, Waterproof Roll Top Bag Dry Sack Perfect… $26.99

Latest

  • Shares gain ground as investors await U.S. inflation data By Reuters
  • Lomotif CEO Built A Video App That Rivals TikTok
  • Terms and Conditions
  • Privacy Policy

2020 Copyright | All Rights Resevred By Theinformationsuperhighway.org

No Result
View All Result
  • Home
  • World
  • Politics
  • Business
  • Science
  • Tech
  • Entertainment
  • Lifestyle
  • Shop

© 2021 JNews - Premium WordPress news & magazine theme by Jegtheme.