Dan Goodin

Software used by law enforcement organizations to intercept the communications of suspected criminals contains a litany of critical weaknesses, including an undocumented backdoor secured with a hardcoded password, security researchers said.

In a scathing advisory, the researchers recommended people stop using the Nice Recording eXpress voice-recording package. It is one of several software offerings provided by Ra’anana, Israel-based Nice Systems, a company that markets itself as providing "mission-critical lawful interception solutions to support the fight against organized crime, drug trafficking and terrorist activities."

The advisory warned that critical weaknesses in the software expose users to attacks that compromise investigations and the security of the agency networks.

"Attackers are able to completely compromise the voice recording/surveillance solution as they can gain access to the system and database level and listen to recorded calls without prior authentication," the researchers from security consultancy SEC Consult wrote. "Furthermore, attackers would be able to use the voice recording server as a jumphost for further attacks of the internal voice VLAN [virtual local area network], depending on the network setup."

Mission-critical satellite communications relied on by Western militaries and international aeronautics and maritime systems are susceptible to interception, tampering, or blocking by attackers who exploit easy-to-find backdoors, software bugs, and similar high-risk vulnerabilities, a researcher warned.

Ground-, sea-, and air-based satellite terminals from a broad spectrum of manufacturers -- including Iridium, Cobham, Hughes, Harris, and Thuraya -- can be hijacked by adversaries who send them booby-trapped SMS text messages and use other techniques, according to a 25-page white paper published by penetration testing firm IOActive. Once a malicious hacker has remotely gained control of the devices, which are used to communicate with satellites orbiting in space, the adversary can completely disrupt mission-critical satellite communications (SATCOM).

Other malicious actions include reporting false emergencies or misleading geographic locations of ships, planes, or ground crews; suppressing reports of actual emergencies; or obtaining the coordinates of devices and other potentially confidential information.

"If one of these affected devices can be compromised, the entire SATCOM infrastructure could be at risk," wrote Ruben Santamarta, IOActive's principal security consultant. "Ships, aircraft, military personnel, emergency services, media services, and industrial facilities (oil rigs, gas pipelines, water treatment plants, wind turbines, substations, etc.) could all be impacted by these vulnerabilities."