Satellite-hacking boffin sees the unseeable
Lady Di gossip plucked from sky
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
White-hat hacker Adam Laurie knows better than to think email, video-on-demand, and other content from Sky Broadcasting and other satellite TV providers is a private matter between him and the company. That's because he's spent the past decade monitoring satellite feeds and the vast amount of private information they leak to anyone with a dish.
"Looking at what kind of data you can see being broadcast, some of that is quite surprising," he says. "Things you would expect to be secure turn out not to be secure. The most worrying thing is you can just see all this data going by."
Using off-the-shelf components Laurie assembled himself, it's not hard for him to spot private emails in transit, web browsing sessions, and live stock market data that's not supposed to be available for free. The most unforgettable thing he's seen came in 1997, when television reporters in Paris used unsecured feeds to beam back what was supposed to be closed-circuit coverage of Princess Diana's death to a UK television network.
"The journalists were smoking cigarettes and gossiping," Laurie says. "We were witnessing these journalists and the events unfolding in the raw, before they were edited. That's not something you normally get access to."
Laurie plans to share the findings of his research on Wednesday at the Black Hat security conference in Washington, D.C. He's not the only hacker to research satellite feeds. Researchers Jim Geovedi, Raditya Iryandi, and Anthony Zboralski have exposed similar weaknesses here (PDF).
Hacking into satellite receivers is a lot easier now than it used to be, thanks to their wide-spread embrace of Linux. In the old days, he had to build dedicated hardware to monitor transmissions. Now, Laurie's Dreambox has an ethernet interface and its own shell, making it a snap to pipe its feed into a laptop. From there, he can analyze packets using standard programs such as Wireshark.
Other equipment includes a 1-meter dish and a diseq motor to point it at particular satellites. The cost of the gear is under $1,000.
Laurie has also developed software that analyzes hundreds of channels to pinpoint certain types of content, including traffic based on TCP, UDP, or SMTP. The program offers a 3D interface that allows the user to quickly isolate email transmissions, web surfing sessions, or television feeds that have recently been set up.
"The visualization technique makes it easy to spot things that are trying not to be spotted," Laurie says.
Besides the risk to users' privacy, satellite transmissions are also susceptible to spoofing. With some modifications, Laurie's gear could be used to perform man-in-the-middle attacks.
"There is the potential, if you wanted to take it to the next level, of targeting a particular individual and spoof the feed," he says. "His equipment will just receive that data and take it as gospel that it's legitimate."
A resident in the UK, Laurie says he's careful to obey the country's privacy laws. While he is able to identify certain traffic as email, for instance, he doesn't actually read the contents of the message. Still, he says it isn't always easy to follow the letter of such laws because they prohibit people from receiving a message if they aren't the intended recipient.
"It's a bit of a quandary," Laurie says. "You can't tell you're not supposed to see that data until after you see it. I can't unsee what I'm not supposed to have seen." ®
COMMENTS
DeNiro
Ok, maybe it was DeNiro in heat.
Fact is, it was mature enough for hollywood to squeeze into a script headed by dinosaurs, so why the kerfuffle 10 years later?
@John PM Chappell
"I see Jake has backed down"
Not really, aside from my "draining the sun" crack. And I don't have time at the moment to research the actual power required, vs. lifetime output of the sun. I'll take Greg Trocchia's numbers as back-of-the-envelope good enough until I have time to play around with it myself. As I said, I see a really good end-of-term paper buried in there somewhere ... maybe.
"but I'm going to observe that this is fuel on the fire of "teachers are pretty crap today""
Probably. On the other hand, most "crap teachers" teach by rote and strictly follow a curriculum that they don't fully understand ... and never admit to mistakes. Me, I'm human. I make mistakes. I only teach to learn more about a given subject. This includes my work with dogs & horses & grapes/wine.
"as I appear to have a better grasp of the maths and technical details and I *don't* attempt to teach others about the topic."
If you've never taught the subject matter, you don't have even half a clue as to how weak a grasp of the subject matter you have. This includes ALL subjects, not just math.
"GCHQ really does monitor the entire RF spectrum"
All of it? Really? And here I thought counting to a big number was hard ... but us humans actually have the ability to monitor infinity? Cool! I guess SETI can close down, then.
In closing, my commentary on the NSA's ability I don't back down from at all. I don't know the truth about what they can and can't decrypt, and neither do you. All we know is what current published theory states. If they know better, they ain't talkin'.
@ first AC (3rd post)
"True, but if you're concerned you might be breaking the law you can stop looking you numpty."
Yeah, pay no attention to the man behind the curtain...
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
