The Dismal State of SATCOM Security

As reported by Help Net Security: Satellite Communications (SATCOM) play a vital role in the global telecommunications system, but the security of the devices used leaves much to be desired, says Ruben Santamarta, principal security consultant with IOActive.

The list of security weaknesses he and his colleagues found while analyzing and reverse-engineering firmware used on the most widely deployed Inmarsat and Iridium SATCOM terminals does not include only design flaws, but also features in the devices themselves that could be of use to attackers.

"We live in a world where an ever-increasing stream of digital data is flowing between continents. It is clear that those who control communications traffic have an upper-hand," Santamarta pointed out in a recently released whitepaper documenting their research. "The ability to disrupt, inspect, modify, or re-route traffic provides an invaluable opportunity to carry perform surveillance or conduct cyber-attacks."

Many important industries depend on satellite networks, including the maritime and aerospace sectors, emergency services, the energy and military sectors, and the media. IOActive researchers have concentrated on analyzing the terminals used on the ground segment of the SATCOM infrastructure.

"Our research was not intended to stress the software in search of common memory corruptions, but rather to understand the devices’ native security strengths and weaknesses," he pointed out, and unfortunately, the weaknesses abound.

"The vulnerabilities we uncovered what would appear to be multiple backdoors, hardcoded credentials, undocumented and/or insecure protocols, and weak encryption algorithms. These vulnerabilities allow remote, unauthenticated attackers to compromise the affected products. In certain cases no user interaction is required to exploit the vulnerability; just sending a simple SMS or specially crafted message from one ship to another ship would be successful for some of the SATCOM systems," Santamarta shared.

Technical details that would allow attackers to take advantage of the found vulnerabilities have, of course, not yet been widely shared. The company is working with government CERT Coordination Center and the vulnerable vendors to fix them before making those details public.

In the meantime, they advised SATCOM manufacturers and resellers to remove all publicly accessible copies of device firmware updates from their websites, so that attackers can't download them freely and scour them for usable vulnerabilities.

Despite all this, the aforementioned whitepaper is an extremely interesting read, as it details a variety of possible attack scenarios.

GLONASS Fails Again, Briefly

As reported by Inside GNSS: Russia's GLONASS satellite navigation system reportedly suffered another major disruption on Tuesday (April 15, 2014), with eight satellites malfunctioning and another going off the air entirely.

According to the Russian Interfax news agency as reported by the Moscow Times, eight GLONASS satellites malfunctioned for a half-hour period beginning shortly after 1 a.m. Moscow Time.

A ninth satellite, GLONASS #730 stopped working completely at 10:20 p.m. on Monday, and remained in maintenance status as of today (August 16, 2014), leaving the system with only 23 operational satellites on the air. The constellation has four on-orbit spares, which system operators can call on to restore GLONASS to full operational capability.

Russia’s Izvestia news quoted Nikolai Testoyedov, general director at JSC Reshetnev Information Satellite Systems, which manufactures the satellites, as saying that the glitches occurred while work was being carried out to update the system.

The latest problems came just two weeks after all GLONASS satellites broadcast inaccurate data for more than 10 hours earlier this month.

Also on Tuesday, the GLONASS System Control Center announced that the most recently launched satellite, GLONASS-M #754 had been added to the GLONASS operational constellation as of 20:01 Moscow Time (UTC+4) on Tuesday (April 14, 2014).

The earlier lengthy outage, also blamed on an erroneous data uploaded, had prompted expressions of concern from GNSS experts.

Professor Chris Rizos of the School of Civil and Environmental Engineering at the University of New South Wales, Australia, said, “This catastrophic failure of one of the world’s two global satellite navigation constellations is a wakeup call for all of us. We ignore the possibility of these ‘Black Swan’ events at our own peril.”

Nunzio Gambale, CEO of Locata Corporation, which offers a terrestrial positioning technology, said, “There is no way you can iminterpret this clear sign of the elephant in the room. We have been telling the industry for years that you cannot have a critically important capability like GPS without also having a backup.”

We Need Phones That Help Us Stop Killing Each Other While Distracted

As reported by IT World: We U.S. drivers, for the most part, like our cars, our smartphones, and our freedom of choice. We also truly dislike boredom.  

This leads to some of us, too many of us, being injured or dying, because we are far too confident we can handle our familiar phones while driving. That is why we have not demanded that our phones offer us a smart way to let us drive and ignore all the things they beg us to do. Nothing—not research, statistics, stories, or fancier car systems—can seem to stop us.  

This must change. We have to have phones that respect when we are driving, offer easy means of automatically blocking or responding to texts and other notifications, and offer smart hands-free operation, regardless of whether you've paid for a cutting-edge new car with Apple CarPlay integration.

More people phone-while-driving than will admit

To watch people try to stop typing things on their phones while moving many miles per hour in a ton of hard steel is to see the human comedy and tragedy during Act One. Many of us are convinced that it is everybody else who can't multi-task on driving while texting a friend or checking email or Facebook; we ourselves, of course, are responsible and coordinated enough to pull it off.

The math and research, however, put the lie to our confidence.

The number of people in the U.S. injured in crashes involving distractions decreased ever so slightly from 3,360 to 3,328 from 2011 to 2012, while the number of people increased nine percent to 421,000. A University of Michigan study found that 20 percent of teens and 10 percent of parents admitted that they regularly have extended, multi-message text conversations while driving; the Centers for Disease Control in March 2013 got 31 percent of licensed drivers to admit to "texting or e-mailing" while driving.

Those that text while drive, whether they admit it or not, increase their chances of "safety-critical events" by a multiple of 23.2, according to the Virginia Tech Transportation Institute. That's from a 2009 study, but a quick perusal of Google Scholar shows new texting-while-driving research rolling out constantly, showing the same things over and over again: we cannot handle the visual, manual, and cognitive commitment of using a phone while driving.

We pass laws, then we keep texting

More phone use, behind even more high-speed steel.

Photo via Lord Jim/Flickr.

If statistics and research were primary motivators, I would not see, every single time I drive around the city of Buffalo, the tops of people's heads in cars across the intersection. I would not see cars in the next lane over-compensate and jolt from a stop when the driver finally sees the green light.

If a better knowledge of one's body and mind and its limits could sway us, there might not have been an accident near my town that killed an 18-year-old girl riding home from work on her skateboard. A prominent doctor (since acquitted) was intoxicated, yes, but also alleged to have called and texted five different people during the time frame of the accident.

Andrew Cuomo, the governor of my state, is continually raising the penalties on texting while driving, to the point where teenage drivers caught texting while driving may lose their license for a year, and adults picking up notable fines and license penalties. Yet I heard Cuomo say in a news segment last year that, while driven in his official car, likely surrounded by state police, he himself almost always saw someone texting while driving.

What phones could be doing to help us be better

There are hands-free connections in some cars, and other have built-in navigation and phone management schemes. Almost all of them are, if not painful or difficult to understand, at least as distracting to use as the phone itself. They require you to memorize an arcane path of voice commands, or demand physical touches of a screen that is just to the right of your view of the road.

To wit: I managed to remotely log into a small server at my office yesterday, restart it from the command line, then open a server function in a screen session. Yet I still do not know, without looking, how to reply to a text message while driving my car using the Bluetooth-connected system, using one of the automatic replies I painstakingly pre-typed using the semi-responsive screen keyboard.

I think the next good phone, the next phone that makes some variant of the claim that it "Fits the way you live," needs to know that we don't know what is good for us when it comes to driving.

We want to be entertained and shown new things while doing the often mundane or stressful task of driving. More specifically, those phones should know when we are driving, quiet or otherwise obscure updates from most apps, and be able to offer their most basic functions without needing to turn on a screen or type a single letter.

Personal responsibility is certainly a factor in distracted driving. No phone should truly lock you out of your phone while driving, because exceptions will arise. But smartphones exist in a difficult realm: they are meant to give you lots of information, allow instant communication, and encourage interaction, and those things, done while driving, are killing people.

Perhaps it is only a matter of time before our society regards driving while using a smartphone as taboo as driving while intoxicated. In the meantime, our phones could be better bartenders, so to speak, and cut us off when it's time to stop.

The 2,000-Year History of GPS Tracking

As reported by Mother Jones: Boston Globe technology writer Hiawatha Bray recalls the moment that inspired him to write his new book, You Are Here: From the Compass to GPS, the History and Future of How We Find Ourselves. "I got a phone around 2003 or so," he says. "And when you turned the phone on—it was a Verizon dumb phone, it wasn't anything fancy—it said 'GPS'. And I said, 'GPS? There's GPS in my phone?'" He asked around and discovered that yes, there was GPS in his phone, due to a 1994 FCC ruling. At the time, cellphone usage was increasing rapidly, but 911 and other emergency responders could only accurately track the location of land line callers. So the FCC decided that cellphone providers like Verizon must be able to give emergency responders a more accurate location of cellphone users calling 911. After discovering this, "It hit me," Bray says. "We were about to enter a world in which…everybody had a cellphone, and that would also mean that we would know where everybody was. Somebody ought to write about that!"

So he began researching transformative events that lead to our new ability to navigate (almost) anywhere. In addition, he discovered the military-led GPS and government-led mapping technologies that helped create new digital industries. The result of his curiosity is You Are Here, an entertaining, detailed history of how we evolved from primitive navigation tools to our current state of instant digital mapping—and, of course, governments' subsequent ability to track us. The book was finished prior to the recent disappearance of Malaysia Airlines flight 370, but Bray says gaps in navigation and communication like that are now "few and far between."

Here are 13 pivotal moments in the history of GPS tracking and digital mapping that Bray points out in You Are Here:

1st century: The Chinese begin writing about mysterious ladles made of lodestone. The ladle handles always point south when used during future-telling rituals. In the following centuries, lodestone's magnetic abilities lead to the development of the first compasses.

Model of a Han Dynasty south-indicating ladle Wikimedia Commons

2nd century: Ptolemy's Geography is published and sets the standard for maps that use latitude and longitude. 

Ptolemy's 2nd-century world map (redrawn in the 15th century) Wikimedia Commons

1473: Abraham Zacuto begins working on solar declination tables. They take him five years, but once finished, the tables allow sailors to determine their latitude on any ocean.

The Great Composition by Abraham Zacuto. (A 17th-century copy of the manuscript originally written by Zacuto in 1491.) Courtesy of The Library of The Jewish Theological Seminary

1887: German physicist Heinrich Hertz creates electromagnetic waves, proof that electricity, magnetism, and light are related. His discovery inspires other inventors to experiment with radio and wireless transmissions. 

The Hertz resonator John Jenkins. Sparkmuseum.com

1895: Italian inventor Guglielmo Marconi, one of those inventors inspired by Hertz's experiment, attaches his radio transmitter antennae to the earth and sends telegraph messages miles away. Bray notes that there were many people before Marconi who had developed means of wireless communication. "Saying that Marconi invented the radio is like saying that Columbus discovered America," he writes. But sending messages over long distances was Marconi's great breakthrough.

Inventor Guglielmo Marconi in 1901, operating an apparatus similar to the one he used to transmit the first wireless signal across Atlantic Wikimedia Commons

1958: Approximately six months after the Soviets launched Sputnik, Frank McLure, the research director at Johns Hopkins Applied Physics Laboratory, calls physicists William Guier and George Weiffenbach into his office. Guier and Weiffenbach used radio receivers to listen to Sputnik's consistent electronic beeping and calculate the Soviet satellite's location; McLure wants to know if the process could work in reverse, allowing a satellite to location their position on earth. The foundation for GPS tracking is born.

​1969: A pair of Bell Labs scientists named William Boyle and George Smith create a silicon chip that records light and coverts it into digital data. It is called a charge-coupled device, or CCD, and serves as the basis for digital photography used in spy and mapping satellites.

1976: The top-secret, school-bus-size KH-11 satellite is launched. It uses Boyle and Smith's CCD technology to take the first digital spy photographs. Prior to this digital technology, actual film was used for making spy photographs. It was a risky and dangerous venture for pilots like Francis Gary Powers, who was shot down while flying a U-2 spy plane and taking film photographs over the Soviet Union in 1960.

KH-11 satellite photo showing construction of a Kiev-class aircraft carrier Wikimedia Commons

1983: Korean Air Lines flight 007 is shot down after leaving Anchorage, Alaska, and veering into Soviet airspace. All 269 passengers are killed, including Georgia Democratic Rep. Larry McDonald. Two weeks after the attack, President Ronald Reagan directs the military's GPS technology to be made available for civilian use so that similar tragedies would not be repeated. Bray notes, however, that GPS technology had always been intended to be made public eventually. Here's Reagan's address to the nation following the attack: 

1989: The US Census Bureau releases (PDF) TIGER (Topologically Integrated Geographic Encoding and Referencing) into the public domain. The digital map data allows any individual or company to create virtual maps. 

1994: The FCC declares that wireless carriers must find ways for emergency services to locate mobile 911 callers. Cellphone companies choose to use their cellphone towers to comply. However, entrepreneurs begin to see the potential for GPS-integrated phones, as well. Bray highlights SnapTrack, a company that figures out early on how to squeeze GPS systems into phones—and is purchased by Qualcomm in 2000 for $1 billion.

1996: GeoSystems launches an internet-based mapping service called MapQuest, which uses the Census Bureau's public-domain mapping data. It attracts hundreds of thousands of users and is purchased by AOL four years later for $1.1 billion.

2004: Google buys Australian mapping startup Where 2 Technologies and American satellite photography company Keyhole for undisclosed amounts. The next year, they launch Google Maps, which is now the most-used mobile app in the world.

2012: The Supreme Court ruling in United States v. Jones (PDF) restricts police usage of GPS to track suspected criminals. Bray tells the story of Antoine Jones, who was convicted of dealing cocaine after police placed a GPS device on his wife's Jeep to track his movements. The court's decision in his case is unanimous: The GPS device had been placed without a valid search warrant. Despite the unanimous decision, just five justices signed off on the majority opinion. Others wanted further privacy protections in such cases—a mixed decision that leaves future battles for privacy open to interpretation.

FMCSA to Debut Wireless Truck Inspections

As reported by Go By Truck News: As part of a 10-year effort to improve technology in the safety inspection arena, the Federal Motor Carrier Safety Administration (FMCSA) is coordinating a field test to see if wireless technology can be used to conduct roadside inspections.

The focus will be on maintaining quality while providing a more efficient way of conducting inspections, enabling the compliant driver to continue on rather than stop, states Chris Flanigan, manager of the wireless roadside inspection program at FMCSA. Drivers will be able to stay at speed while the commercial mobile radio service technology actually does the inspections.

The testing will be ongoing for the next three years and will encompass approximately 1,000 trucks and 2,400 miles of roads in Kentucky, Tennessee, North Carolina, Georgia and Mississippi. FMCSA is working together with the Oak Ridge National Laboratory to choose the radio service provider, which in turn will choose carriers to take part in the evaluation process.

“[The processing system] will have to show that the system can manage the volume of data and provide a benefit to compliant carriers,” says Flanigan. The wireless system will process data from the truck, transmitting it to the inspection facility, federal and state databases, and the carrier.

All of this will take place in what will be called a “geofence area.” These are trigger points for the wireless system that will be in place on the road. Once the drivers enter the geofence area, data immediately starts to route to the operations center. The operations center then takes this information, including driver credentials, truck information and hours of service, and adds more data such as carrier information. It then sends this safety data message to the processing system.

Once the wireless system takes account of all the received information, it sends a message back to the operations center, which in turn sends a message to the driver. That message may be to turn into an inspection area or continue on the road. All of that information is also sent to the inspection officials and to FMCSA’s Safety Measurement System.

Details are still yet to be worked out. For example, the message to the driver may be in the form of a stoplight. A red light would tell the driver to stop, green would mean continue on and yellow may mean that there is insufficient data to proceed.

The data will likely be used to help determine carrier Compliance, Safety, Accountability scores, as well, specifically in the areas of driver fitness and hours of service compliance.

Humans Are Taking Automotive Jobs From Robots In Japan

As reported by The Japan Times:  Inside Toyota Motor Corp.’s oldest plant, there’s a corner where humans have taken over from robots in thwacking glowing lumps of metal into crankshafts. This is Mitsuru Kawai’s vision of the future. 

“We need to become more solid and get back to basics, to sharpen our manual skills and further develop them,” said Kawai, a half century-long company veteran tapped by President Akio Toyoda to promote craftsmanship at Toyota’s plants. “When I was a novice, experienced masters used to be called gods, and they could make anything.”

These gods, or “kami-sama” in Japanese, are making a comeback at Toyota, the company that long set the pace for manufacturing prowess in the auto industry and beyond. Toyota’s next step forward is counterintuitive in an age of automation: Humans are taking the place of machines in plants across the nation so workers can develop new skills and figure out ways to improve production lines and the car-building process.

“Toyota views their people who work in a plant like this as craftsmen who need to continue to refine their art and skill level,” said Jeff Liker, who has written eight books on Toyota and visited Kawai last year. “In almost every company you would visit, the workers’ jobs are to feed parts into a machine and call somebody for help when it breaks down.”

The return of the kami-sama is emblematic of how Toyoda, 57, is remaking the company founded by his grandfather as the chief executive officer has pledged to tilt priorities back toward quality and efficiency from a growth mentality. He’s reining in expansion at the world’s-largest automaker with a three-year freeze on new car plants.

The importance of following through on that push has been underscored by the millions of cars General Motors Co. has recalled for faulty ignition switches linked to 13 deaths.

“What Akio Toyoda feared the company lost when it was growing so fast was the time to struggle and learn,” said Liker, who met with Toyoda in November. “He felt Toyota got big-company disease and was too busy getting product out.”

While the freeze and spread of manual work may bear fruit in the long run, it could come at the expense of near-term sales growth and allow GM to Volkswagen AG challenge Toyota by deepening their foothold in markets such as China.

The effort comes as Toyota overhauls vehicle development, where the carmaker will shift to manufacturing platforms that could cut costs by 30 percent. It also underscores Toyota’s commitment to maintain annual production of 3 million vehicles in Japan.

Learning how to make car parts from scratch gives younger workers insights they otherwise wouldn’t get from picking parts from bins and conveyor belts, or pressing buttons on machines. At about 100 manual-intensive workspaces introduced over the last three years across Toyota’s factories in Japan, these lessons can then be applied to reprogram machines to cut down on waste and improve processes, Kawai said.

In an area Kawai directly supervises at the forging division of Toyota’s Honsha plant, workers twist, turn and hammer metal into crankshafts instead of using the typically automated process. Experiences there have led to innovations in reducing levels of scrap and shortening the production line 96 percent from its length three years ago.

Toyota has eliminated about 10 percent of material-related waste from building crankshafts at Honsha. Kawai said the aim is to apply those savings to the next-generation Prius hybrid.

The work extends beyond crankshafts. Kawai credits manual labor for helping workers at Honsha improve production of axle beams and cut the costs of making chassis parts.

Though Kawai doesn’t envision the day his employer will rid itself of robots — 760 of them take part in 96 percent of the production process at its Motomachi plant in Japan — he has introduced multiple lines dedicated to manual labor in each of Toyota’s factories in its home country, he said.

“We cannot simply depend on the machines that only repeat the same task over and over again,” Kawai said. “To be the master of the machine, you have to have the knowledge and the skills to teach the machine.”

Kawai, 65, started with Toyota during the era of Taiichi Ono, the father of the Toyota Production System envied by the auto industry for decades with its combination of efficiency and quality. That means Kawai has been living most of his life adhering to principles of “kaizen,” or continuous improvement, and “monozukuri,” which translates to the art of making things.

“Fully automated machines don’t evolve on their own,” said Takahiro Fujimoto, a professor at the University of Tokyo’s Manufacturing Management Research Center. “Mechanization itself doesn’t harm, but sticking to a specific mechanization may lead to omission of kaizen and improvement.”

Toyoda turned to Kawai to replicate the atmosphere at Toyota’s Operations Management Consulting Division, established in 1970 by Ono. Early in his career, Toyoda worked in the division, whose principles are now deployed at Toyota plants and its parts suppliers to reduce waste and educate employees.

Newcomers to the division such as Toyoda would be given three months to complete a project at, say, the loading docks of a parts supplier, which their direct boss could finish in three weeks, Liker said. The next higher up could figure out the solution in a matter of three days.

“But they wouldn’t tell him the answer,” Liker said of Toyoda’s time working within the division. “He had to struggle, and they’d give him three months. He told me that’s what he thought Toyota lost in that period of time when it was growing so fast. That was his main concern.”

During its rise to the top of the automotive industry — Toyota has set a target for 2014 to sell more than 10 million vehicles, a milestone no automaker has ever crossed — the company was increasing production at the turn of the century by more than half a million vehicles a year.

A year after the failure of Lehman Brothers Holdings Inc. in 2008 sent car demand tumbling, Toyota began recalling more than 10 million vehicles to fix problems linked to unintended acceleration, damaging its reputation for quality.

Last month, the company agreed to pay a record $1.2 billion penalty to end a probe by the U.S. Justice Department, which said Toyota had covered up information and misled the public at the time. Lawmakers are now considering fines and suggesting criminal penalties for companies after GM took more than a decade to disclose defects with its cars.

In the aftermath of its crisis, Toyota has paused from announcing any new car assembly plants as GM and VW push for further spending on new capacity.

In the years leading up to the recalls, Kawai had also been increasingly concerned Toyota was growing too fast, he said. One way for him to help prevent such a recurrence is to help humans keep tabs on the machines.

“If there is ever a technology that’s flawless and could always make perfect products, then we will be ready and willing to install that machine,” Kawai said. “There’s no machine that is eternally stable.”

Glow-In-The-Dark Roads Make Debut In Netherlands

As reported by Wired UK: Light-absorbing glow-in-the-dark road markings have replaced streetlights on a 500m (0.3 mile) stretch of highway in the Netherlands.

Studio Roosegaarde promised the design back in 2012, and after cutting through rather a lot of government red tape we can finally see the finished product.

One Netherlands news report said, "It looks like you are driving through a fairytale," which pretty much sums up this extraordinary project. The studio aims to bring technology and design to the real world, with practical and beautiful results.

Back in October 2012, Daan Roosegaarde, the studio's founder and lead designer, told us: "One day I was sitting in my car in the Netherlands, and I was amazed by these roads we spend millions on but no one seems to care what they look like and how they behave. I started imagining this Route 66 of the future where technology jumps out of the computer screen and becomes part of us."

Part of that vision included weather markings—snowdrops, for instance, would appear when the temperature reached a certain level. For now though, the stretch of the N329 highway in Oss features only the glow-in-the-dark road markings, created using a photo-luminescent powder integrated into the road paint, developed in conjunction with road construction company Heijmans.

Roosegaarde told Wired.co.uk that Heijmans had managed to take its luminescence to the extreme—"it's almost radioactive", said Roosegaarde. You can get some sense of that in this embedded tweet, which appears to show three stripes of varying shades of radioactive green along both the highway's edges.

According to a report in Dutch News, Heijmans wants to expand the project but has not yet secured any further contracts. There's no news yet on how the paint holds up against wear and tear—the glow lasts up to eight hours once powered throughout the day, but a patchy inconsistent strip would not pave the way as effectively as energy-guzzling street lights.

But it's of course in the interest of road operators and local government to employ these types of trials, considering the cost savings. However, when Roosegaarde spoke with Wired.co.uk a few months ago about his proposed smog-attracting electrostatic fields, to be deployed in Beijing (yes, he's helped create a smog vacuum), he explained that bureaucracy has been a big problem. In October, Roosegaarde said the project had been ready for months, but it was being held up because of a license application and approvals from local government.

"There needs to be a call to ministers all over the world—this is a problem, and we should not accept it," said Roosegaarde. "We should create labs in the city where we can experiment and explore these kinds of solutions. Like a free zone. We want to do it safely, but just give us a park [for the smog project] and we'll prove it to you. Be more open."