Johannes Willbold, a doctoral student at the Ruhr University in Bochum (Germany), spoke at the Black Hat cybersecurity conference in Las Vegas and shared the results of studying three types of orbital equipment. As it turned out, many satellites lack adequate means of protection against remote hacking — they lack even basic security measures.
Satellite operators have been mostly just lucky so far. There is an opinion that hacking orbiters is an exorbitantly expensive task due to the high cost of ground terminals. Cybercriminals did not work with these terminals due to the unknown factor, believing that it was too difficult to gain access to their software platform. Neither one nor the other corresponds to reality, a study by a German specialist showed.
AWS and Microsoft Azure already offer access to ground terminals for communication with low-orbit satellites as a service, that is, the issue rests only on money. As for detailed information about the firmware, the commercial space industry is flourishing today, and many components are already relatively easy to purchase and study: according to Willbold's calculations, a hacker can assemble his own ground terminal for communication with satellites for about $ 10 thousand.
The scientist chose an extremely direct approach. The researcher appealed to satellite operators with a request to provide separate data for his work. Some of them agreed, and only in one case had to sign a non-disclosure agreement. Willbold studied three types of vehicles: ESTCube-1, a miniature cubesat launched by Estonia in 2013 and equipped with an Arm Cortex-M3 processor; a larger OPS-SAT cubesat operated by the European Space Agency; and a 120-kg Flying Laptop satellite operated by the Institute of Space Systems at the University of Stuttgart.
The results were depressing. Both cubesats "gave up without a fight" — they did not have authentication protocols, and they transmit their data without encryption. Willbold had the opportunity to intercept the basic functions of satellite control and block their operators — during his speech, he demonstrated this in a simulation. Flying Laptop still demonstrated basic protection and tried to protect its main functions from third-party interference. But with the availability of technical skills, specialized code and the use of standard methods, it was possible to detect vulnerabilities in it.
 |
| Satellite. |
| Source: PIRO / pixabay.com |
Intrigued by the results, Willbold continued his research. He contacted the developers of satellite systems and received responses from nine suppliers who launched a total of 132 devices. It took four months to collect the information, but it turned out that the priority of cybersecurity functions in the development of satellites is extremely low — only two suppliers tested for hacking. The problem, the researcher is sure, is that space science is still an area relatively detached from the general cyberspace, and developers do not have significant skills in the field of digital security.
One of the unexpected conclusions turned out to be that the larger the satellite, the more expensive its development and launch were, the more vulnerable it is. More ready-made commercial components are installed on large devices, and this really means its vulnerability due to the greater availability of the code base. And for small cubesats, the code is more often written individually.
The consequences of hacking satellites can be different. In the best case, an attacker will start using the device to transmit malicious information or use access to it to capture the entire infrastructure and other satellites in the operator's grouping. At worst, a remotely hacked satellite can be sent to another device, generating a pile of debris and creating a threat to the failure of other systems.
Finally, it is unlikely that it will be possible to correct the situation with satellites already operating in orbit. "From a technical point of view, this would be possible. But in reality, these systems are built with a very small margin. They have planned out every milliwatt of power involved in the operation of the satellite, so that existing systems do not have a power budget to run encryption or authentication," concluded the author of the study.
Pavel Kotov