ByGabriel Botha

Aug 11, 2023
The Feasibility of Hacking Satellites Raises Concerns

A study conducted at Germany’s Ruhr University Bochum has revealed the alarming ease of hacking low-Earth orbit satellites. In a presentation at the Black Hat security conference in Las Vegas, a PhD student named Johannes Willbold discussed his investigation into the security of satellites. Willbold studied three types of orbital machinery and discovered that many lacked the basic security systems necessary to defend against remote takeover.
Contrary to popular belief, hacking into satellites is not as prohibitively expensive as previously thought. Ground stations that communicate with satellites can now be accessed through services such as Amazon Web Services and Microsoft’s Azure. Additionally, obtaining details on firmware is easier due to the flourishing commercial space industry, which allows for the purchase and study of components used on multiple satellite platforms. Willbold estimated that building a ground station for hacking satellite control could cost as little as $10,000.
Willbold’s research showed that the three types of satellites studied all had security vulnerabilities. CubeSats, including the ESTCube-1 and CubeSat OPS-SAT, lacked authentication protocols and encryption for their broadcast signals. The Flying Laptop, which had basic security measures in place, still proved to be vulnerable to hacking using standard coding techniques.
Further investigation revealed that security systems were not a high priority in satellite design. Of the nine developers who responded to Willbold’s inquiries, only two had ever attempted penetration testing. This lack of security skills among developers was attributed to the rarefied nature of space science. Surprisingly, larger and more expensive satellites were found to be more vulnerable due to their use of commercial off-the-shelf components with publicly available code, while smaller CubeSats tended to use custom code.
The consequences of satellite hijacking could be disastrous. Hijacked satellites could be used to transmit attack code, communicate with and compromise other satellites in a constellation, or collide with other satellites, causing debris and potential system failures.
When asked about retrofitting security systems onto existing satellites, Willbold expressed skepticism due to the tight power budgets of these systems. While technically feasible, the practicality of implementing encryption and authentication on current satellite systems is doubtful.

