The Global star satellite constellation underpins the SPOT messenger Satellite messenger system so this article is of interest to all of you who use SPOT trackers for your high altitude balloon flights.
A widely used location-tracking system can be intercepted or fooled with fake data, claims a security researcher.
Many firms use Globalstar’s satellite-based system to keep an eye on trucks, cars, containers and ships as they move around.
However, said Colby Moore from security firm Synack, the way it passes data around is “fundamentally broken” making it vulnerable to attack.
Globalstar has not yet issued any comment on Mr Moore’s findings.
Mr Moore said the problems with Globalstar’s network arise because it does not encrypt the data passing between devices and satellites. Instead, he said, the system attempts to conceal what it does by changing frequencies and padding transmissions with useless data.
The system also does not check that data was coming from where it claimed, he said.
“I ended up figuring out how to decode the data in transit,” Mr Moore told Reuters, adding that it might prove hard to fix the flaws as existing hardware was not easy to update.
Globalstar has been told about the flaws, he added, but so far has not issued any updates or fixes.
Attackers can easily find out these flaws, he said, making it easy to spoof data or keep an eye on assets being tracked. Organised crime gangs, police and intelligence agencies might already be listening in, he said.
Mr Moore is planning to release more details about his work at the Black Hat hacker conference in Las Vegas next week. This month has seen the early release of other investigations into the security of cars and Android phones that will also feature at Black Hat.