Researchers from cyber intelligence company IntelCrawler recently identified nearly 3 million VSATs, many of them in the United States, and found that about 10,000 of them could be easily accessed because of configuration weaknesses.
"We have scanned the whole IPv4 address space since 2010 and update the results in our Big Data intelligence database, including details about the satellite operator's network ranges, such as INMARSAT, Asia Broadcast Satellite, VSAT internet iDirect, Satellite HUB Pool, and can see some vulnerabilities,"
Researchers have warned that terminals having data transmission rate 4kbps to 16 Mbps used in narrow and broadband data transmission are vulnerable to cyber attack.
VSATs are most commonly used to transmit narrowband data such as credit card, polling or RFID data or broadband data for VoIP or video using the Satellites in geosynchronous orbit generally used for Television & Radio broadcast, direct broadcast, military communication. Its name originated from the relatively small dish antenna with a diameter no longer than 10 feet (3 meters).
IntelCrawler claimed that VSAT can be easily hacked because of poor password policy & default settings. Vulnerable terminals can be used for a planned cyber-attack, to be more precise on distributed network and infrastructure.
Dan Clements, IntelCrawler's President said:
“Many VSAT devices have Telnet access with very poor password strength, many times using default factory settings,”
"Intrusions to such open devices can allow you to monitor all the network traffic related to the exact device or host, sometimes with very sensitive information, which can lead to a compromise of the internal network,"
"The door might be six inches open, and of course you're not going in, but you can see there's a vulnerability there,"
"There's a lot of information that could be used in a nefarious way," Clements said. "Certainly you could put together a plan to go after certain grids or dams or power plants and have access to the centralized network at some point."
According to the report, there are more than 313 open UHP VSAT, 9045 open terminals (HUGHES) and 1,142 terminals (SatLink), that can be easily hacked by malicious attackers.
HUGHES is one of the largest manufacturers of VSATs which are mostly used in offline ATMs by several national central banks. Physical locations of a number of VSATs can be easily searched on Google maps and Google Earth, which could allow attackers to plan more sophisticated physical attacks.
“They are also widely spread in the industrial sector, such as energy, oil and gas, where the whole infrastructure is based on distributed environments located in different regions, cities or sometimes continents. According to statistics, there are 2,931,534 active VSAT terminals in the world now, with the majority installed in the US.” according to the The Comsys VSAT report.IntelCrawler also found network ranges of government and classified communications, e.g. Ministry of Civil Affairs of China infrastructure in ranges belongs to Shanghai VSAT Network Systems Co. LTD, and Ministry of Foreign Affairs of Turkey in Turksat VSAT Services, that poses critical threat to National Security.