Black Hat ( ) Four countries have tested anti-satellite weapons, including the US, China and Russia. But it’s cheaper and easier to just hack them.
In Las Vegas at the Black Hat Conference, Milenko Starcik from German company VisionSpace Technologies and Andrzej Ochawa showed how easy it was to exploit software vulnerabilities on satellites as well as ground stations that controlled them.
“I used to work at the European Space Agency on ground station IT and got sick of telling them what was wrong and not having them fix it,” Olchawa said The Register,that “So I decided to go into business to do it myself.”
satellites are multiplying. In 2005, fewer than 1,000 satellites were in orbit (many inactive). According to the European Space Agency,there are now 12,300 satellites in orbit. Elon Musk’s SpaceX is the owner of most of these satellites, but a growing number of military platforms have also been launched as a result of global tensions. They also explained that it is cheaper to build and launch this hardware than ever before.
- NASA spacecraft continue to give the silent treatment to controllers
- MethaneSAT is ‘likely unrecoverable’ after losing touch with Earth
- Space weather, launch stress and expensive house visits are all factors that affect orbital datacenters
- Industry asks Congress not to cut funding for space traffic control
Software used to manage this proliferation of satellites isn’t always safe. Take Yamcs for example, a free open-source application used by NASA and Airbus in order to communicate and control satellites orbiting the Earth. The team discovered 5 separate CVEs that would give an attacker total control of the application.
VisionSpace demonstrated how to change a spacecraft’s orbit using its thrusters without the course change appearing on the controller screen. This was a simulation and no satellites were damaged during the presentation.
Using an unauthenticated phone, we found real vulnerabilities that allow you to crash all onboard software.
It was even worse for OpenC3 Cosmos – another open source application used in ground stations for command and control. They found 7 CVEs, including flaws allowing remote code execution and cross site scripting attacks.
NASA’s not above reproach on this front. Its open-source Core Flight System (cFS) Aquila proved more porous than advertised: the team uncovered four critical flaws – two denial-of-service bugs, a path-traversal one, and a remote-code-execution vulnerability – that could crash the flight software and give attackers full code-execution control over NASA’s systems.
Many of the satellites use an open-source C-based encryption library called CryptoLib. This too has flaws. Four in the version NASA uses, and seven in standard package. In the latter case, there are two critical flaws.
“We found actual vulnerabilities which allow you to crash the entire onboard software with an unauthenticated telephone,” claimed Starcik.
“So basically, you send a packet to the spacecraft, and the entire software crashes and reboots, which then actually causes the spacecraft, if it’s not properly configured, to reset all its keys. And then you have zero keys on the spacecraft that you can use from that stage on.”
For any budding supervillains, forget it – the vulnerabilities have all been disclosed and fixed responsibly. They concluded that relying on buggy software to control our orbital platform shouldn’t be allowed, and that there may be other software nasties floating about. (r)
