A computer flying hundreds or even thousands of kilometers in the sky, at a speed of tens of thousands of kilometers an hour, is nonetheless still a computer. And every connected computer has an attack surface.
Researchers, nation-states, and even ordinary cybercriminals have long demonstrated how to hijack the control and communications aspects of satellite technology. Just last year, on the day of its ground invasion, Russian hackers caused an outage for the Ukrainian satellite Internet service provider Viasat. And on Nov. 18, pro-Russian hacktivist group Killnet performed a distributed denial-of-service (DDoS) attack against SpaceX’s Starlink system, which was providing connectivity to cut-off regions of Ukraine. More recently, the Wagner Group claimed responsibility for a temporary outage at Russian Internet provider Dozor-Teleport. The group did it, supposedly, by uploading malware to multiple satellite terminals.
It’s clear that we can disrupt satellite links, but what about the satellites themselves? The firmware and software hovering up there in the sky? Arguably, they’re just as exposed.
In a presentation next month at Black Hat USA in Las Vegas, Johannes Willbold, a doctoral student at the Ruhr University in Bochum, Germany, will demonstrate how satellites can be manhandled by hackers. (Hint: It’s not that hard.)
“There’s certainly a security by obscurity there,” he acknowledges, “but apart from that, a lot of satellites are not doing anything else to prevent misuse.”
Satellites Cling to Security by Obscurity
In a paper published earlier this year, Willbold and five colleagues surveyed 19 engineers and developers representing 17 different models of satellite. Of those 17, three of the respondents admitted they had not implemented any measures to prevent third-party intrusion. In five cases the respondents were unsure or declined to comment, while the remaining nine had, indeed, implemented some defenses. Yet even some of those better cases were iffy — only five of those nine, for example, had implemented any kind of access controls.
“So many of the satellites that we looked at just straight-up had no protection against somebody manipulating the satellite, except for security by obscurity,” Willbold says.
The manufacturers can get away with it because, he says, because the sector is so cordoned-off. Industry pros have long doubled as gatekeepers, preventing both would-be attackers and security analysts from getting any kind of peek inside their machines.
Willbold and his team ran into this reality head-on. It took them four whole months to recruit those 19 survey respondents. “In general, we observed that people were very reluctant to share any details about their satellites and their security aspects,” they lamented in their paper.
The problem is that satellites are no longer quite as obscure as they might have once seemed.
What Satellites Are Made Of
“In more expensive and bigger satellites, you can imagine all kinds of very specialized, radiation-hardened hardware that is explicitly required when you go a lot further out into space,” Willbold explains.
However, the majority of satellites occupy low earth orbit (LEO), where, he says, it’s less of an issue.
“The computing hardware in low earth orbit is similar to embedded stuff on Earth, because it’s cheap and readily available,” he explains. For example, “you might find regular ARM boards, just like the regular embedded devices on Earth — the same processors made for the automotive sector.”
On the software side, satellites often employ a real-time operating system (RTOS) like VxWorks, or even basic Linux, as is the case with SpaceX’s Starlink. In recent years, they’ve begun to adopt more off-the-shelf and open source components, and the communications and control systems they connect to in many ways evoke ordinary enterprise networks.
These familiar technologies open all kinds of potential doors for intrusion, such as a supply chain compromise via off-the-shelf components.
An easier road, perhaps, would be to hijack a spacecraft through its wide-open communications link.
“A hacker could get their own ground station for UHF and VHF frequency, which can be as cheap as, like, $10,000 for a two-meter dish. Then you can already talk to a lot of low earth orbit satellites,” Willbold warns.
One major hurdle, however, is timing. Satellite links are already slow, “and just by the way that the Earth is shaped, you can see them for 10 minutes at a time,” Willbold points out.
Traveling at tens of thousands of kilometers per hour, one LEO satellite might make its way around the earth every 90 minutes or so.
“If you want to increase the time that you have to talk to them, then you need multiple ground stations,” he says. “If you have enough ground stations, you can eventually talk to it all the time, but this obviously becomes very expensive.”
Hackers Shoot for the Stars
Satellites underpin some of the most crucial — and some of the most everyday — aspects of our lives. They provide us with GPS and television. They help us track and predict the weather and connect people in faraway places. Engineers, researchers, farmers, and military intelligence officials alike all rely on space probes.
“The consequences obviously depend on what part of the satellite you’re actually compromised,” Willbold says. “For example, imagine compromising an observation satellite’s BUS system. Then maybe you can escalate your tech to the payload system. Then you can steal images that you’re not supposed to access or maybe even introduce artifacts or remove artifacts from images, like data manipulation.”
The possibilities get only more fantastical from there, especially if you consider the thrusters guiding the spacecraft.
For example, an unauthorized operator could turn a satellite toward the sun to cause physical damage and denial of service, or they could alter the orbit of the machine to cause a collision.
“If two orbits match up,” he explains, “then there is at least a possibility that you can try to hit other satellites, or you can actually endanger other people in orbit.”
The Future of Satellite Security
At the frontlines of satellite defense are the governments and militaries that rely on them most.
To begin addressing the threat, in March 2022 the FBI and CISA advised satellite communications providers to implement basic security precautions, such as encryption, monitoring, and patching. Two months later, Space Delta 6 of the US Space Force added four new squadrons to boost military defense and modernize aging satellite control infrastructure. The National Institute of Standards and Technology (NIST) and MITRE, as well as nonprofit government contractor Aerospace Corp., built frameworks for modeling threats and planning countermeasures against space threats.
The security community on the whole is getting involved, as well. On June 6, the US Air Force and Space Force partnered with nonprofit government contractor Aerospace for “Hack-a-Sat,” a 30-hour capture-the-flag-style satellite hacking competition centered around “Moonlighter,” a hacker sandbox in orbit. Elsewhere, developers have tested a quantum computing-resistant channel for transmitting data to and from a spacecraft.
There’s no telling where satellite security will go in the years to come.
“The space industry has been around for decades,” Willbold says. On the other hand, he adds, “how often have we seen something which has worked one way for decades change in a very short time?”