vax_Oct 16
Vinoth (Datacenter security)

This is insane! A few researchers from UCSD and UMCP scanned bunch of satellite links, found much of the traffic is not encrypted, and went on to decode them. It's amazing what came out.

- T-Mobile backhaul: Users' SMS, voice call contents and internet traffic content in plain text.
- AT&T Mexico cellular backhaul: Raw user internet traffic
- TelMex VOIP on satellite backhaul: Plaintext voice calls
- U.S. military: SIP traffic exposing ship names
- Mexico government and military: Unencrypted intra-government traffic
- Walmart Mexico: Unencrypted corporate emails, plaintext credentials to inventory management systems, inventory records transferred and updated using FTP

While it is important to work on futuristic threats such as Quantum cryptanalysis, backdoors in standardized cryptographic protocols, etc. - the unfortunate reality is that the vast majority of real-world attacks happen because basic protection is not enabled. Lets not take our eyes off the basics.

Great work, Wenyi Zhang, Annie Dai, Keegan Ryan, Dave Levin, Nadia Heninger and Aaron Schulman!

https://satcom.sysnet.ucsd.edu/docs/dontlookup_ccs25_fullpaper.pdf

Oct 14 at 4:51amWeb
Show threadKevin Karhan Oct 14
@vinoth this is nothing new at all - like for real, this is like early 2000s / late 1990s SIGINT and this is still a huge problem for not just (US) NatSec...
DrDish - Satellite Espionage, part 1

YouTube
Show threadColinOct 14
@kkarhan @vinoth same thought.
Yeah this is a feature, not a bug, for the SIGINT collecting sector.
Show threadKevin Karhan Oct 14
@colinstu @vinoth in fact proper security is being gatekept if not banned by the #USA using #ITAR as a #cyberfascist means to enshrine the #NOBUS doctrine...
NOBUS - Wikipedia

Show threadKevin Karhan Oct 16

@colinstu @vinoth Or to put it into other perspectives:

Anyone expected #Iridium to be secure?

  • I didn't, at least not the commercial offerings!

https://infosec.space/@kkarhan/115334029464968596

Kevin Karhan :verified: (@[email protected])

@[email protected] Yeah, except #Iridium too [is](https://www.youtube.com/watch?v=linNxisuCFU&t=1934s) *#unencrypted*! And I've yet to see @[email protected] actually respond to me [hinting at them](https://infosec.space/@kkarhan/114743525896151807) that their #ComSec is *compromized*!

Infosec.Space
Show threadfosdembsdOct 14
@vinoth
Thanks Mr @bortzmeyer, I just surprise myself browsing the internet looking for a cheap Ku band dish and a TBS5927 tuner 😅
That's how addiction works.
Show threadF4GRX SébastienOct 14
@fosdembsd @vinoth @bortzmeyer you wont go far. You need a rtlsdr instead.
Show threadHenning Paul DC4HPOct 14
@f4grx @fosdembsd @vinoth @bortzmeyer The RTL-SDR won't capture the 40+MHz of a DVB-S transponder, I'm afraid...
Show threadF4GRX SébastienOct 14
@hennichodernich @fosdembsd @vinoth @bortzmeyer ah dang yes.
Show threadvascorsdOct 14
@vinoth ohh cool, so basically all the fascist satellites deployed can just be actively reading and processing everything with nobody knowing 
Show threaduisOct 14
@vinoth
> AT&T Mexico cellular backhaul: Raw user internet traffic
Internet middleboxes not adding their own encryption to traffic is amazing and unexpected how?
Show threadVincent SparksOct 14
@vinoth thank god we've gotten people on board with application layer encryption (e.g. HTTPS, VPNs etc) because holy FUCK
Show threadshironekoOct 14
@vinoth don't look up 
Show threadsergio_101Oct 14

@vinoth @ubik

I bet it would be bad form to refrain from publishing this and financially benefit from the data. Dam.

Show threadTim Ward ⭐🇪🇺🔶 #FBPEOct 14

@vinoth Time was when there was apparently felt to be no need to encrypt stuff because no bad guy was going to have access to the specialised radio equipment needed to intercept it.

This applied to 2G phones, access control systems, street lights, and those are just the ones I've worked on ... so it's not entirely surprising that it also applied to satellites.

Show threadVinoth (Datacenter security)Oct 14
@TimWardCam Very true! I hate to think that in every industry, there are known attack vectors that are underappreciated by the industry today, for whatever reason, but will be big a few years later. I know there are a couple in my industry :-(
Show threadmyrmepropagandistOct 16

@vinoth

And I thought the packet sniffing subplot in my scifi story was maybe too unrealistic because it involves just happening to find that some of the traffic isn't encrypted.

I thought "this is silly no one would do that" ... but

maybe it's fine?

Show threadRachelOct 16
@futurebird @vinoth

Relevant:

https://federate.social/@mattblaze/115339234462315512
Matt Blaze (@[email protected])

30 years ago, Bob Morris, then a senior scientist at NSA, gave a keynote talk at the CRYPTO conference (the leading conference for academic cryptographers). He opened by telling us he would reveal the NSA's first rule for cryptanalysis (which certainly got our attention). "First", he said, "look for cleartext. You'll usually find it." True words, and enduring, too.

federate.social
Show threadDaniel LakelandOct 16

@futurebird
Yeah its fine. Maybe even quote that line from the Matt Blaze thread linked by others.

I remember in the 90s we would just telnet all around the Iowa State campus. It was exceptional because instead of clear text passwords we were using kerberized telnet so there was at least a password less login system. But basically all my terminal sessions were just clear text, you could read my email off my screen with a packet sniffer... ssh only came in later towards like 1996 or 97
@vinoth

Show threadDaniel LakelandOct 16
@futurebird
These days theres still plenty of clear text if you have the right packet sniffing vantage point. Lots of database connections probably plaintext inside companies etc
@vinoth
Show threadChristopher EvansOct 16
@dlakelan it makes me wonder about ham radio, we can’t send traffic encrypted because it obscures the meaning. I wonder how much stuff we could do that could be done with authentication in a sane manner, while still exposing what’s being transferred.
Show threadDaniel LakelandOct 16
@becomingwisest
If it were up to me ham radio would be eliminated, as would all but the most essential licensed radio (like maybe things where the physics determines the necessary frequency, certain radars etc). Literally all radios would become frequency hopping spread spectrum with beacon frequencies for coordination. Encryption would be effectively mandatory to enable the system to work.
Show threadFlyingManaOct 16

@futurebird @vinoth apparently it is a lesson which needs to be relearned every decade when a new set of IT companies develop their own software.

The same as currently AI tools are falling prey to the same injection patterns which in the past happened via sql injections

Show threadCraig StewartOct 16
@vinoth "it was a sophisticated hack"
Show threadChristian Berger DECT 2763Oct 16
@vinoth Well it's something fairly normal. Satellite links often aren't encrypted. After all public key encryption is hard on that latency, and, I know that sounds crazy where it's normal to encrypt everything properly no matter the content, but those things are probably not that security critical.
Show threadVinoth (Datacenter security)Oct 17

@casandro Yes, it looks like it's normal, but it should not be though.

For example: Voice call contents should not be broadcasted to half the continent in the clear.

Show threadCiencia Al PoderOct 17
@bandaancha a lo mejor esto te interesa
@vinoth