A study presented at the Black Hat security conference in Las Vegas has shown that hacking low-Earth orbit (LEO) satellites is alarmingly easy. The study, conducted by Johannes Willbold, a PhD student at Germany’s Ruhr University Bochum, found that many satellites lack even the most basic security systems, making them vulnerable to remote takeover.
Contrary to popular belief, hacking satellites is not prohibitively expensive. Services like AWS and Microsoft’s Azure offer Ground Station as a Service (GSaaS) for communicating with LEO satellites. Additionally, the commercial space industry has made components used in satellites readily available, meaning a hacker could build their own ground station for a relatively low cost.
Willbold studied three different types of satellites: an ESTCube-1, a CubeSat 2013, and the Flying Laptop. The results were concerning. The CubeSats had no authentication protocols and were transmitting signals without encryption, enabling Willbold to take control of their basic functions. The Flying Laptop had basic security systems but was still vulnerable to code-based attacks.
Further investigation revealed that security systems are not a priority in satellite design. Developers working on satellites often lacked the necessary security skills to perform rigorous testing, and larger satellites were found to be more vulnerable due to their use of commercial off-the-shelf components with publicly available code.
The consequences of a hacked satellite could be severe. Attackers could transmit malicious code to ground targets, compromise other satellites in a constellation, or even cause satellites to collide with each other, creating debris that could damage more systems in orbit.
When asked about retrofitting security systems to existing satellites, Willbold expressed doubt due to the limited power budgets of these systems. While technically possible, it is not practical without significant changes to the architecture of satellites.
This study raises concerns about the current state of satellite security and highlights the need for stronger measures to protect these assets.
——————————————————–
Click Here For The Original Story From This Source.
