Kaspersky GReAT analyzed global navigation satellite systems (GNSS) equipment which is used across various industries around the world*. At the Security Analyst Summit (SAS) it was announced that almost 4,000 GNSS satellite receivers were vulnerable to attacks on the internet in 2024, putting organizations and users at risk. This can be mitigated by ensuring GNSS receivers are inaccessible from outside networks, and by employing robust authentication mechanisms to access these systems.
GNSS are groups of satellite positioning systems: GPS (US), GLONASS (Russia), Galileo (EU), BeiDou Navigation Satellite System (BDS, China), Navigation with Indian Constellation (NavIC, India) and Quazi-Zenith Satellite System (QZSS, Japan). These systems are used for positioning, navigation and timing in agriculture, finance, transportation, mobile communications, banking and other industries. An attack against a system of this kind can cause significant damage to organizations that rely on them: operations disruption, data and financial loss. Such attacks can also erode customer trust and confidence, especially if services become unreliable or compromised.
In critical infrastructure sectors like transportation and energy, an extended outage or corrupted data due to GNSS manipulation could lead to regulatory scrutiny and possible legal repercussions. Additionally, for industries relying on autonomous systems — like drones, self-driving vehicles, or automated manufacturing — GNSS attacks can trigger malfunctions that not only harm assets but potentially endanger lives.
In March 2023 external research showed that 9,775 satellite receivers from 5 major vendors were exposed on the internet. In July 2024, Kaspersky researchers found 3,937 GNSS instances (not limited to specific vendors) were accessible over the internet. Exposed receivers were located across many regions, including LATAM, North America, Europe, and Asia.
“GNSS receivers connected to the web can be vulnerable to attacks. Most of the receivers we analyzed ran various open-source and proprietary Linux-based systems, with some also running Windows. Since these devices use different versions of operating systems, it makes the attack surface very broad. Our research shows that, as of July 2024, there are still nearly four thousand vulnerable devices that can be exploited by cybercriminals. Timely and proactive security measures are essential to mitigate this threat,” commented Maria Isabel Manjarrez, Security Researcher at Kaspersky GReAT.
