Why Blow Up Satellites When You Can Just Hack Them?

At the Black Hat conference in Las Vegas, a pair of German researchers from VisionSpace Technologies made a shocking revelation: it's much easier and cheaper to hack satellites than to destroy them with anti-satellite missiles. Milenko Starcik and Andrzej Olchawa demonstrated how software vulnerabilities in satellite systems and ground stations can be exploited to gain control over these increasingly numerous and critical orbital platforms.

According to the researchers, there are currently about 12,300 functioning satellites in orbit, with many more on the way. The majority of these satellites are Starlink-owned by Elon Musk's SpaceX, but there has also been a sharp rise in military platforms due to rising global tensions. With the proliferation of satellites comes a growing concern over their security.

The problem lies not just with the satellites themselves, but with the software that manages them. Take Yamcs, an open-source application used by NASA and Airbus to communicate with and control satellites in orbit. The researchers found five separate vulnerabilities (CVEs) in the code that would allow an attacker to gain total control over the application.

But what's even more alarming is that these vulnerabilities can be exploited to change a satellite's orbit without showing up on the controller's screen. Thankfully, this was just a simulation - no satellites were harmed during the course of the presentation. However, the researchers did find actual vulnerabilities that allow you to crash the entire onboard software with an unauthenticated telephone call.

The situation is even worse with OpenC3 Cosmos, another open-source app used for command and control in ground stations. The researchers discovered seven CVEs in the software, including flaws that allowed remote code execution and cross-site scripting attacks. NASA isn't above reproach when it comes to security, either. Its open-source Core Flight System (cFS) Aquila was found to have four critical flaws - two denial-of-service bugs, a path-traversal one, and a remote-code-execution vulnerability - that could crash the flight software and give attackers full code-execution control over NASA's systems.

Many satellites themselves use an open-source, C-based encryption library called CryptoLib. And guess what? It's also riddled with flaws. The researchers found four in the version NASA uses and seven in the standard package - two of them rated as critical. "We found actual vulnerabilities which allow you to crash the entire onboard software with an unauthenticated telephone," claimed Starcik. "So basically, you send a packet to the spacecraft, and the entire software crashes and reboots, which then actually causes the spacecraft, if it's not properly configured, to reset all its keys. And then you have zero keys on the spacecraft that you can use from that stage on."

Fortunately, all of these vulnerabilities have been responsibly disclosed and fixed. But relying on buggy code to control our orbital platforms shouldn't be tolerated. As Olchawa noted, "I used to work at the European Space Agency on ground station IT and got sick of telling them what was wrong and not having them fix it." So he decided to go into business to do it himself.

"So I decided to go into business to do it myself," said Olchawa. Satellites are proliferating, and it's time for the industry to take security seriously. The researchers concluded that there may be more software nasties floating around out there, and we should all be paying attention to this issue.

The Future of Space Security

As the number of satellites in orbit continues to grow, so does the risk of cyber attacks. With anti-satellite missiles becoming more common, it's clear that traditional security measures aren't enough. The industry needs to take a proactive approach to space security and invest in robust software development practices.

The researchers' findings serve as a wake-up call for the satellite industry. It's time to prioritize security over cost savings. With the right precautions in place, we can ensure that our orbital platforms remain safe and secure for years to come.