RSA Conference 2019: The Sky’s the Limit For Satellite Hacks

satellite security vulnerability RSA

Satellites are spotted with vulnerabilities and design flaws – and hackers are taking note, researchers report at the RSA Conference.

SAN FRANCISCO – The satellites orbiting the world are rife with vulnerabilities – and as more satellites go up, and antenna equipment becomes cheaper, they are becoming a lucrative target for threat actors back on earth, according to researchers.

William Malik, vice president of infrastructure strategies with Trend Micro, said that historically, the engineers behind satellites and their communication structures have been governed by the principal of safety – but only recently, information security has started making its way onto designers’ radars.

“It is astonishing to me the range of vulnerabilities that exist when you start talking about satellites,” Malik said at the RSA Conference during a Wednesday session. “Engineers…don’t think about information security principals, and it’s showing up again and again.”

Over the decades that satellites have been deployed – from Sputnik 1 in 1957, to Skylab in 1973. They have proved to have an array of helpful applications, including information on GPS, time signals, weather and disaster tracking, spying, and space exploration.

These satellites are essential, but also vulnerable in past to security issues such as unencrypted transmissions, software defects and design issues.

That’s because it’s been difficult to build security by design into satellites in addition to powerful hardware processing  and battery that’s required, Malik said. Plus, he said that historically “folks would say, ‘why would anyone want to hack a satellite?'”

As it turns out, several hacks exist that can carry out malicious actions – including jamming the signals, which can be achieved through a distributed denial of service (DDoS) attack against traffic on the satellite, intercepting and listening to communication channels to eavesdrop on vital information – and even completely taking over a satellite and moving it around.

Malik said there have been several malicious attacks over the past decades that disrupted or destroyed the machines.

In 1998, a satellite X-ray telescope built by the US and Germany was disrupted by a cyber intrusion in which the satellite was turned toward the sun in an unplanned movement, consequently frying it.

In 1999, it was reported that hackers attacked the UK Skynet military satellite, moving its position and demanding ransom. And for several years starting in 2007, there were a series of control takeovers of satellites, including the LandSat-7, Terra EOS AM-1 and more.

As recently as 2015, poorly secured satellite-based internet links were being abused by nation-state hackers, most notably by the Turla APT group, to hide command-and-control operations, according to Kaspersky Lab.

Currently, the costs of antennas are plummeting, and radio frequency attack kits are gaining traction. With bad guys able to set up an antenna for just a few hundred dollars, and the attack surface only widening with more satellites going up, satellites are becoming a perfect target for hackers – and even bigger, more dangerous players, said Malik.

“We’re going to see state actors take advantage of these weaknesses,” he said.

Not only that, but multiple vulnerabilities exist within certain satellites and their communication themselves.

For one, there’s no standard security architecture across various satellites – most satellites have their own architectures, making it “still very much an industrial control system heritage,” he said.

If engineer and designers were to focus on systemic detection and response strategies, “that would be much more comprehensive and effective,” Malik said. Further, satellite teams need to train architecture and infrastructure teams to include a security criteria in their design and deployment strategies, he said: “We need to get the IT and OT people talking.”

“We need to view satellites as another communication channel, they are IoT devices be integrated into real time IT systems and we need to apply the same discipline of privacy by design into them,” said Malik.

For all Threatpost’s RSA Conference 2019 coverage, please visit our special coverage section, available here

Suggested articles