Kaspersky Global Research & Analysis Team analysed global navigation satellite systems (GNSS) equipment which is used across various industries around the world*. At the recent Security Analyst Summit, it was announced that almost 4,000 GNSS satellite receivers were vulnerable to attacks on the Internet in 2024, putting organisations and users at risk. This can be mitigated by ensuring GNSS receivers are inaccessible from outside networks, and by employing robust authentication mechanisms to access these systems.
GNSS are groups of satellite positioning systems: GPS (US), GLONASS (Russia), Galileo (EU), BeiDou Navigation Satellite System (BDS, China), Navigation with Indian Constellation (NavIC, India) and Quazi-Zenith Satellite System (QZSS, Japan). These systems are used for positioning, navigation and timing in agriculture, finance, transportation, mobile communications, banking and other industries. An attack against a system of this kind can cause significant damage to organisations that rely on them: operations disruption, data and financial loss. Such attacks can also erode customer trust and confidence, especially if services become unreliable or compromised.
In critical infrastructure sectors like transportation and energy, an extended outage or corrupted data due to GNSS manipulation could lead to regulatory scrutiny and possible legal repercussions. Additionally, for industries relying on autonomous systems — like drones, self-driving vehicles, or automated manufacturing — GNSS attacks can trigger malfunctions that not only harm assets but potentially endanger lives.
In March 2023 external research showed that 9,775 satellite receivers from 5 major vendors were exposed on the Internet. In July 2024, Kaspersky researchers found 3,937 GNSS instances (not limited to specific vendors) were accessible over the Internet. Exposed receivers were located across many regions, including LATAM, North America, Europe, and Asia.
“GNSS receivers connected to the web can be vulnerable to attacks. Most of the receivers we analysed ran various open-source and proprietary Linux-based systems, with some also running Windows. Since these devices use different versions of operating systems, it makes the attack surface very broad. Our research shows that, as of July 2024, there are still nearly four thousand vulnerable devices that can be exploited by cybercriminals. Timely and proactive security measures are essential to mitigate this threat,” commented Maria Isabel Manjarrez, Security Researcher at Kaspersky GReAT.
To protect GNSS from cyberattacks, Kaspersky recommends organisations:
- Carry out a cybersecurity audit of your networks and assets to reveal gaps and vulnerable systems, and address any weaknesses discovered in the perimeter or inside the network.
- Keep GNSS receivers offline where possible.
- If Internet access on receivers is a necessity, protect your devices with robust authentication mechanisms.
- Use specialised tools that are designed to address space-related threats, like the Space Attack Research and Tactic Analysis (SPARTA) matrix that covers possible countermeasures and defense tactics to space-related threats.
- Use centralised and automated solutions such as Kaspersky Next XDR Expert to enable comprehensive protection of all your assets.
- Provide your SOC team with access to the latest threat intelligence (TI). Kaspersky Threat Intelligence is a single point of access for the company’s TI, providing it with cyberattack data and insights gathered by Kaspersky spanning over 20 years.