VSAT terminals are opened for targeted cyber attacks

Pierluigi Paganini January 09, 2014

Security researchers at IntelCrawler, a Los-Angeles based cyber intelligence company, discovered that VSAT terminals are opened for targeted cyber attacks.

VSAT terminals (very-small-aperture terminal) used for satellite communications are vulnerable to external cyber attacks, the discovery was made by security researchers at IntelCrawler, a Los-Angeles based cyber intelligence company.

The VSAT vulnerability appears serious and have a significant impact on distributed critical infrastructures and network environments.

VSATs are most commonly used to transmit:

  • narrowband data (a channel in which the bandwidth of the message does not significantly exceed the channel’s coherence bandwidth), typical applications are the transmission of payment transaction from point of sales, or transmission of data from/to SCADA systems.
  • broadband data (a channel with wide bandwidth characteristics of a transmission medium and the ability to transport multiple signals and traffic types simultaneously), typical applications are the provision of satellite Internet access to remote locations, VoIP or video data transmissions.

vsat 1

VSATs are also used for transportable, on-the-move (utilizing phased array antennas) or mobile maritime communications.

VSAT statistics included in The Comsys VSAT report confirm that there are 2,931,534 active VSAT terminals in the world now, primarily in the industrial sector, such as energy, oil and gas, because the infrastructure is based on distributed environments located in different geographic locations.

 vsat 2


IntelCrawler has scanned the overall IPv4 address space to conduct intelligence analysis on the data retrieved.

“We have scanned the whole IPv4 address space since 2010 and update the results in our Big Data intelligence database, including details about satellite operators network ranges, such as INMARSAT, Asia Broadcast Satellite, VSAT internet iDirect, Satellite HUB Pool, and can see some vulnerabilities,” states Dan Clements, IntelCrawler President.

Within the huge amount of data collected by IntelCrawler there are also approximately 313 open UHP VSAT Terminals, 9045 open HUGHES Terminals, 1142 SatLink VSAT and many others . It is important for the network engineers and system administrators to self-assess and close or plug any possible exploits.

vsat 2

VSAT devices are connected to many interesting devices all over the world, starting from Alaska climate metering systems to industrial control devices in Australia, and many work with the help of C, Ka, Ku and X-Band satellite ranges.

IntelCrawler researchers have noted, many VSAT devices have telnet access with very poor password strength, many times using default factory settings. The fact that one can scan these devices globally and find holes is similar to credit card thieves in the early 2000’s just googleing the terms “order.txt” and finding merchant orders with live credit cards. The onus is on the enterprises, governments, and corporations to police themselves.

vsat 8

An attack against those devices could have serious repercussion as explained by Dan Clements.

“Intrusions to such open devices can allow you to monitor all the network traffic related to the exact device or host, sometimes with very sensitive information, which can lead to a compromise of the internal network,” – said Dan Clements, IntelCrawler’s President.

vsat 3

vsat 4

Some of the VSATs are readily visible in Google maps and Google Earth. Again, system administrators should assess the physical security to these locations and make sure all is secure.

vsat 5a

Satellite network ranges have lots of interesting objects, including government and classified communications. For example, during some research IntelCrawler found Ministry of Civil Affairs of China infrastructure in the ranges belonging to Shanghai VSAT Network Systems Co. LTD, and Ministry of Foreign Affairs of Turkey in Turksat VSAT Services, which is a clear and present danger for hacks.

vsat 6


vsat 7

About IntelCrawler

IntelCrawler.com is a multi-tier intelligence aggregator, which gathers information and cyber prints from a starting big data pool of over 3, 000, 000, 000 IPv4 and over 200, 000, 000 domain names, which are scanned for analytics and dissemination to drill down to a desired result. This finite pool of cyber prints is then narrowed further by comparing it to various databases and forum intelligence gathered from the underground and networked security company contacts. The final result could be the location of a particular keyboard or a computer housing the threat.

Pierluigi Paganini

(Security Affairs –  VSAT, hacking)

you might also like

leave a comment