DEF CON 32 - Breaking the Beam:Exploiting VSAT Modems from Earth - Lenders, Willbold, Bisping

VSAT satellite communication systems are widely used to provide two-way data and voice communications to remote areas, including maritime environments, crisis regions, and other locations where terrestrial communication infrastructure is limited or unavailable. In this presentation, we report on our security findings from our reverse-engineering efforts to exploit VSAT satellite modems from the Earth. We will focus on the Newtec MDM2200 from iDirect as an example. First, we explain how we reverse-engineered the software stack running on the modem device to find 0-day vulnerabilities. Then, we show how we reverse-engineered the network stack to devise attacks that can be launched by injecting wireless signals through the antenna dish of a VSAT terminal. Finally, we demonstrate our software-defined radio end-to-end attacks to inject bogus firmware updates and to gain a remote root shell access on the modem. To the best of knowledge, this represents the first successful demonstration of signal injection attacks on VSAT modems using software-defined radios from the Earth, while previous attacks on VSAT systems such as the ViaSat hack in 2022 were based on exploiting the operator’s network through Internet VPN connections. Our work therefore enlarges significantly the attack surface of VSAT systems. Our presentation at DEF CON is part of a project that has three parts. In the first part, we focus on the inherent security issues in current VSAT system practices. This work will be appear in May at ACM WiSec 2024. VSAsTer: Uncovering Inherent Security Issues in Current VSAT System Practices, Johannes Willbold, Moritz Schloegel, Robin Bisping, Martin Strohmeier, Thorsten Holz, Vincent Lenders, 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), Seoul, Korea, May 2024. The second part deals with the systematic evaluation of wireless signal injection attacks using a software-defined radio. This work will appear in August at Usenix Security 2024: Wireless Signal Injection Attacks on VSAT Satellite Modems, Robin Bisping, Johannes Willbold, Martin Strohmeier, and Vincent Lenders, 33rd USENIX Security Symposium (USENIX Security), Philadelphia PA, USA, August 2024. The third part of the project deals with reverse-engineering of the software and network stack of satellite modems and the development of exploits that can be injected over the air through the antenna dish of a VSAT terminal from the ground. This part shall be presented at DEF CON this year.

DEF CON 33 - Cash, Drugs, and Guns - Why Your Safes Aren't Safe - Mark Omo, James Rowley
▶︎

DEF CON 33 - Cash, Drugs, and Guns - Why Your Safes Aren't Safe - Mark Omo, James Rowley

DEF CON 32 - Anyone can hack IoT- Beginner’s Guide to Hacking Your First IoT Device - Andrew Bellini
▶︎

DEF CON 32 - Anyone can hack IoT- Beginner’s Guide to Hacking Your First IoT Device - Andrew Bellini

When vulnerabilities go viral: how to respond to high-profile security issues
▶︎

When vulnerabilities go viral: how to respond to high-profile security issues

DEF CON 31 War Stories - Tracking the Worlds Dumbest Cyber Mercenaries - Cooper Quintin
▶︎

DEF CON 31 War Stories - Tracking the Worlds Dumbest Cyber Mercenaries - Cooper Quintin

VSAT Basics
▶︎

VSAT Basics

DEF CON 31 - Unlocking Doors from Half a Continent Away -  Trevor Stevado, Sam Haskins
▶︎

DEF CON 31 - Unlocking Doors from Half a Continent Away - Trevor Stevado, Sam Haskins

DEF CON 32 - Finding & exploiting local attacks on 1Password Mac desktop app - J. Hoffman, C. Morgan
▶︎

DEF CON 32 - Finding & exploiting local attacks on 1Password Mac desktop app - J. Hoffman, C. Morgan

DEF CON 32 - Inside the FBI’s Secret Encrypted Phone Company ‘Anom’ - Joseph Cox
▶︎

DEF CON 32 - Inside the FBI’s Secret Encrypted Phone Company ‘Anom’ - Joseph Cox

CYSAT '21: James Pavur "Adventures in VSAT hacking: lessons for space security"
▶︎

CYSAT '21: James Pavur "Adventures in VSAT hacking: lessons for space security"

Exposing The Dark Side of America's AI Data Center Explosion | View From Above | Business Insider
▶︎

Exposing The Dark Side of America's AI Data Center Explosion | View From Above | Business Insider

Mastering Bug Bounty: The Ultimate Ethical Hacking Guide for Beginners & Pros!  #education  #podcast
▶︎

Mastering Bug Bounty: The Ultimate Ethical Hacking Guide for Beginners & Pros! #education #podcast

Their Junior Tech Destroyed This $2000 Gaming Laptop In 60 Seconds!
▶︎

Their Junior Tech Destroyed This $2000 Gaming Laptop In 60 Seconds!

Cybersecurity Architecture: Five Principles to Follow (and One to Avoid)
▶︎

Cybersecurity Architecture: Five Principles to Follow (and One to Avoid)

CompTIA Network+ N10-009 Full Certification Course
▶︎

CompTIA Network+ N10-009 Full Certification Course

Something is jamming GPS over Europe. Here's what we found
▶︎

Something is jamming GPS over Europe. Here's what we found

I Built a $20,000 Military Router for $106.23
▶︎

I Built a $20,000 Military Router for $106.23

Unfortunately, You Need to Know What the Jevons Paradox is
▶︎

Unfortunately, You Need to Know What the Jevons Paradox is

The World's Most Important Machine
▶︎

The World's Most Important Machine

Before You Trash Your Old PC Power Supply... Build This!
▶︎

Before You Trash Your Old PC Power Supply... Build This!

Real-Time WebSockets Course | Build a Live Sports Dashboard with Node.js & PostgreSQL
▶︎

Real-Time WebSockets Course | Build a Live Sports Dashboard with Node.js & PostgreSQL