In a presentation at the Black Hat security conference in Las Vegas, Johannes Willbold, a PhD student at Germany’s Ruhr University Bochum, explained he had studied three types of satellites and found that many were utterly defenseless against remote takeover because they lack the most basic security systems:
“People think that satellites are secure,” he said. “Those are expensive assets and they should have encryption and authentication. I assume that criminals think the same and they are too hard to target and you need to be some kind of cryptography genius. Maybe it wasn’t a good idea to give this talk.”
Satellite operators have been lucky so far. The prevailing wisdom is that hacking this kit would be prohibitively expensive due to the high cost of ground stations that communicate with the orbital birds, and that such hardware benefited from security by obscurity — that getting hold of the details of the firmware would be too difficult. Neither is true, the research indicates.
For example, both AWS and Microsoft’s Azure now offer Ground Station as a Service (GSaaS) to communicate with LEO satellites, so communication is simply a matter of plonking down a credit card. As for getting details on firmware, the commercial space industry has flourished in recent years and many of the components used on multiple platforms are easy to buy and study. Willbold estimated a hacker could build their own ground station for around $10,000 in parts.
As an academic, Willbold took a more direct approach. He just asked satellite operators for the relevant details for his paper [PDF]. Some of them agreed (although he did have to sign an NDA in one case) and the results somewhat mirrored the early computing days, when security was sidelined because of the lack of computing power and memory.
He studied three different types of satellite: an ESTCube-1, a tiny CubeSat 2013 running an Arm Cortex-M3 processor, a larger CubeSat OPS-SAT operated by the European Space Agency as an orbital research platform, and the so-called Flying Laptop – a larger and more advanced satellite run by the Institute of Space Systems at the University of Stuttgart.
The results were depressing. Both the CubeSats failed at a most basic level, with no authentication protocols, and they were broadcasting signals without encryption. With some code Willbold would have been able to take over the satellites’ basic control functions and lock out the legitimate owner, which he demonstrated during the talk with a simulation.
The Flying Laptop was a different case, however. It had basic security systems in place and tried to isolate core functions from interference. However, with some skill, code, and standard techniques, this satellite too proved vulnerable.
Well “plonking down a credit card” to use Microsoft’s “Ground Station as a Service (GSaaS)” to hack a satellite obviously would make the hack completely traceable, so it seems the purpose of this guy’s talk is to convince a really dumb hacker to get caught.
Narcos, cartels, and random people in the jungle in South America have long been piggybacking transmissions off the old US Navy UHF FLTSATCOM satellites, since they operate more or less automatically as transponders.
This is just like when “security researchers” started talking about supply-chain attacks and then supply-chain attacks started appearing in the wild.