Not a good example of a security document
Having read this I can say that this is less than a shining example of how to publish this type of research. It is long on claims (which anyone can make) but pretty short on proof, and as has been pointed it it contains some pretty significant errors regarding Thuraya - the sort of errors that anyone with any real knowledge of the industry would simply never make. Saying that however, some of the allegations are pretty believable; having worked on early development models of the Cobham (ex Thrane & Thrane) BGAN terminals when testing the system as a whole, I actually knew the hidden passwords that are hardcoded in the systems, although they are not that easy to guess. The fact that other manufacturers have also used hardcoded passwords is no real surprise since they typically use these for development and maintenance purposes.
I do wonder whether this is such an important issue as the author makes out, or whether he is just trying to make a name for himself. The fact is this is the sort of equipment that you do not find in everyday use; the vast majority of people will live their lives without ever seeing a satellite terminal. Many of the terminals models cited in the report are either not directly connected to the Internet as a whole, or only connected at random intervals. In both cases they would be very difficult targets for hackers to attack, and even if attacked and compromised it would be difficult for someone to do more than just disrupt the satellite link (easy to reset if necessary). You certainly could not insert malware into these devices simply because they do not use "standard" PC-type hardware platforms.
IMHO, a storm in a teacup.