Researchers have warned that terminals that allow Internet access for remote networks by sending data to satellites may be a “soft target” for attackers.
The vulnerability in question centers around “very small aperture terminals” or VSATs which enable data to be relayed from a remote system to a centralized network, are basically like any other server connected to the Internet with IP addresses, and many have weak of factory default passwords.
“VSATs are most commonly used to transmit narrowband data (point of sale transactions such as credit card, polling or RFID data; or SCADA), or broadband data (for the provision of satellite Internet access to remote locations, VoIP or video),” according to the The Comsys VSAT report.
“They are also widely spread in industrial sector, such as energy, oil and gas, where the whole infrastructure is based on distributed environments located in different regions, cities or sometimes continents. According to statistics, there are 2,931,534 active VSAT terminals in the world now, with the majority installed in the US.”
The researchers scanned the entire IPv4 address space and discovered more than 300 open UHP VSAT Terminals, nearly ten-thousand open HUGHES Terminals, over eleven-hundred SatLink VSATs, among others.
Some of the VSATs are even visible in satellite images like those in Google maps and Google Earth.
“Many VSAT devices have telnet access with very poor password strength, many times using default factory settings. The fact that one can scan these devices globally and find holes is similar to credit card thieves in the early 2000’s just googleing the terms ‘order.txt’ and finding merchant orders with live credit cards,” the researchers stated.
“The onus is on the enterprises, governments, and corporations to police themselves.”
Read More Here…