Nearly 4,000 Vulnerable Satellite Signal Receivers Discovered Worldwide

By Riley ThompsonTechnology News

Researchers Identify Nearly 4,000 Vulnerable Satellite Signal Receivers

Experts from Kaspersky Lab have analyzed equipment used in global navigation satellite systems (GNSS) across various industries worldwide. As of November 2024, nearly 4,000 satellite receivers from 70 different manufacturers were found to be vulnerable to internet-based attacks. These vulnerable devices are located in regions including Latin and North America, Europe, and Asia, with some also found in Russia.

What Are GNSS and Why Are They Important?

GNSS refers to groups of satellite navigation systems such as GPS (USA), GLONASS (Russia), Galileo (European Union), BeiDou Navigation Satellite System (BDS, China), Navigation with Indian Constellation (NavIC, India), and Quasi-Zenith Satellite System (QZSS, Japan). These systems are used for location tracking, navigation, and time synchronization in industries like agriculture, finance and banking, transportation, and mobile communications.

Attacks on these systems can cause significant harm to companies, including operational disruptions, financial losses, and data leaks. If organizations using autonomous systems (like drones, self-driving vehicles, or automated manufacturing) are affected, human lives could be at risk.

Who Is Most at Risk?

After analyzing anonymized data from organizations using unprotected devices, experts concluded that most vulnerable receivers belong to companies in telecommunications, cloud computing, and energy sectors.

How Can GNSS Systems Be Attacked?

  • Jamming: Attackers can jam satellite signals. When the signal reaches a ground receiver, its power is relatively low. If a stronger signal from another device appears in the same or adjacent frequency range, the receiver may not detect the GNSS signal. Such interference can be accidental or intentional, and there are many ready-made, inexpensive GNSS jammers available online.
  • Signal Obstruction: Large structures like skyscrapers can block GNSS signals. While this is unlikely to be used for targeted attacks, the growing number of tall buildings increases the affected area.
  • Spoofing: Unlike jamming, spoofing is always intentional. Attackers use ground-based equipment to mimic a satellite, sending false information to the GNSS receiver, causing it to determine the wrong location.
  • Physical Attacks: While unlikely, physical attacks on satellites themselves cannot be completely ruled out.
  • Direct Attacks on Receivers: Hackers can exploit vulnerabilities in GNSS receivers accessible via the internet.

Recent Cyberattacks on GNSS Receivers

In 2023, at least two hacker groups carried out attacks on GNSS receivers. In May, the hacktivist group SiegedSec gained access to satellite receivers in Colombia in response to the arrest of a hacker by local authorities. Another group, GhostSec, attacked numerous GNSS receivers in various countries, including Russia and Israel. In some cases, hackers claimed not only to have accessed the devices but also to have deleted data from compromised receivers.

How the Research Was Conducted

Kaspersky Lab analyzed data on vulnerable GNSS receivers available online, without using company-specific data collection solutions. Initially, experts searched for all network-accessible devices from five major GNSS receiver manufacturers, regardless of device type. In July 2024, they found 10,128 such devices worldwide.

Later, in July 2024, a broader study included 70 GNSS receiver manufacturers. This time, the search was narrowed to devices specifically related to GNSS. The result: 3,028 internet-accessible receivers vulnerable to attacks.

Geographic Distribution of Vulnerable Receivers

Most identified receivers (over 700) were located in Ecuador. Jamaica was second (about 500), followed by the United States. Around 400 unprotected receivers were found in the Czech Republic and China, and nearly 300 in Brazil. Japan, Russia, Canada, and Germany were also among the most affected countries.

By November 2024, a repeat global study found that the number of internet-accessible GNSS receivers had grown to 4,183. Compared to July, the geographic distribution changed slightly: Ecuador remained first, but countries like Jamaica, the Czech Republic, and Russia dropped out of the top 10, while Germany rose to second place and Iran entered the top four.

Countries with the Most Vulnerable GNSS Receivers as of November 2024

  • Ecuador
  • Germany
  • United States
  • Iran
  • China
  • Brazil
  • Japan
  • Canada
  • France
  • United Kingdom

Technical Details and Vulnerabilities

Most discovered devices ran on Linux-based operating systems (both open-source and proprietary), but some vulnerable receivers used Windows. Various OS versions were found, increasing the potential attack surface.

The devices had several types of vulnerabilities, including:

  • Denial of service (which can render the device useless)
  • Information disclosure (leading to leaks of confidential data)
  • Privilege escalation
  • Buffer overflow
  • Code injection and execution vulnerabilities (which can give attackers full control over the receiver)

Top 10 Vulnerabilities Found in GNSS Receivers

  1. Denial of service
  2. Information disclosure
  3. Privilege escalation
  4. Buffer overflow
  5. Remote code execution
  6. Authentication bypass
  7. Command injection
  8. Cross-site scripting (XSS)
  9. SQL injection
  10. Insecure default configurations

Leave a Reply