How Even the Smallest Microchip Can Be A Supply Chain Vulnerability

Globalstar’s Simplex satellite network has become a leader in tracking and communications uplinks. Many organizations use Globalstar products to monitor assets in remote locations, from military personnel abroad in the field to cargo trucks traveling cross-country.

So when a researcher at the Black Hat cybersecurity conference reported that he could not only hack into and see data on the Globalstar’s Simplex satellite network, but he could upload his own data — that caught a lot of attention.

Colby Moore, of the network security company Synack, says with about $1,000 worth of equipment he was able to access the Simplex system, as the company’s STX3 transmitter doesn’t encrypt the data before it sends it.

Globalstar says that most of its business comes from small satellite phones, both mobile and stationary in remote areas. But its technology is also used in trackers on Congo shipments and trucks. Hacking the system, as Moore says he was able to do, offers the frightening potential to track a cargo or military shipment, and also potentially upload misleading information.

Imagine a terror scenario of someone tracking a shipment of military hardware — and then uploading information so the government believes the truck is in-bound, when in fact it’s been taken. The same could potentially happen with a drug cartel invading a food shipment to sneak illegal substances across the border.

Besides the ability for adversaries to see where assets may be located, if they can change what you see, the threat becomes so broad it is much more difficult to respond effectively.

Moore’s research has touched off a controversy that has pitted security experts against each other, with outsiders demanding more proof of the safety of Globalstar’s security protocols and others see this as exemplifying a worse case scenario in a connected world that’s not protected nearly enough.

Globalstar has fiercely defended the security of the network and data. Leaders point to all of the good work it has done, including a touching story of the connection a soldier in a remote location made with his family back home.

The company has also countered that it is continuously updating its security. For larger purposes, such as major cargo or government needs, Chairman and CEO Jay Monroe says that those agencies add their own layers of security as well.

“Globalstar is, in the simplex world, a purveyor of a little piece of end technology that someone builds into something else that they want to do,” he told Satellite Today. “So, if they are going to be tracking nuclear waste for the federal government, you can be very certain that that signal is encrypted.”

Of course, that puts more pressure on agencies that handle sensitive materials such as nuclear waste to make sure they understand any potential risks involved with all of the equipment they’re using, down to the smallest tracking chip — and that the agencies are doing their best to mitigate those risks, including establishing their own risk assessments, vendor vetting, and security protocols.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s