Kaspersky reports almost 4,000 GNSS satellite receivers remain vulnerable in 2024

GNSS are groups of satellite positioning systems: GPS (US), GLONASS (Russia), Galileo (EU), BeiDou Navigation Satellite System (BDS, China), Navigation with Indian Constellation (NavIC, India) and Quazi-Zenith Satellite System (QZSS, Japan). These systems are used for positioning, navigation and timing in agriculture, finance, transportation, mobile communications, banking and other industries. An attack against a system of this kind can cause significant damage to organizations that rely on them: operations disruption, data and financial loss. Such attacks can also erode customer trust and confidence, especially if services become unreliable or compromised.

In critical infrastructure sectors like transportation and energy, an extended outage or corrupted data due to GNSS manipulation could lead to regulatory scrutiny and possible legal repercussions. Additionally, for industries relying on autonomous systems — like drones, self-driving vehicles, or automated manufacturing — GNSS attacks can trigger malfunctions that not only harm assets but potentially endanger lives.

In March 2023 external research showed that 9,775 satellite receivers from 5 major vendors were exposed on the internet. In July 2024, Kaspersky researchers found 3,937 GNSS instances (not limited to specific vendors) were accessible over the internet. Exposed receivers were located across many regions, including LATAM, North America, Europe, and Asia.

“GNSS receivers connected to the web can be vulnerable to attacks. Most of the receivers we analyzed ran various open-source and proprietary Linux-based systems, with some also running Windows. Since these devices use different versions of operating systems, it makes the attack surface very broad. Our research shows that, as of July 2024, there are still nearly four thousand vulnerable devices that can be exploited by cybercriminals. Timely and proactive security measures are essential to mitigate this threat,” commented Maria Isabel Manjarrez, Security Researcher at Kaspersky GReAT.

To protect GNSS from cyberattacks, Kaspersky recommends organizations:

• Carry out a cybersecurity audit of your networks and assets to reveal gaps and vulnerable systems, and address any weaknesses discovered in the perimeter or inside the network;
• Keep GNSS receivers offline where possible;
• If internet access on receivers is a necessity, protect your devices with robust authentication mechanisms;
• Use specialized tools that are designed to address space-related threats, like the Space Attack Research and Tactic Analysis (SPARTA) matrix that covers possible countermeasures and defense tactics to space-related threats;
• Use centralized and automated solutions such as Kaspersky Next XDR Expert to enable comprehensive protection of all your assets;
• Provide your SOC team with access to the latest threat intelligence (TI). Kaspersky Threat Intelligence is a single point of access for the company’s TI, providing it with cyberattack data and insights gathered by Kaspersky spanning over 20 years.

Read more on Securelist.

* During our research, we analyzed information on satellite receiver vulnerabilities that had already been available online. Kaspersky solutions were not used to gather the information on these vulnerabilities; instead, third-party search engines designed to map and gather information about internet-connected devices and systems were used.

About the Global Research & Analysis Team

Established in 2008, the Global Research & Analysis Team (GReAT) operates at the very heart of Kaspersky, uncovering APTs, cyber-espionage campaigns, major malware, ransomware, and underground cyber-criminal trends across the world. Today GReAT consists of 40+ experts working globally – in Europe, Russia, Latin America, Asia, Middle East. Talented security professionals provide company leadership in anti-malware research and innovation, bringing unrivaled expertise, passion and curiosity to the discovery and analysis of cyberthreats.