Satellites and Their Vulnerabilities

Anyone who is familiar with networks and their organization or architectures understands that the Internet is a wide area network, or WAN. The Internet is, in fact, the most widely distributed WAN created to date, spanning the globe, and even reaching into outer space. People who follow that sort of thing may be aware of Starlink1, one of Elon Musk’s pet projects and a bane to ground-based astronomers. But Starlink is not the only communications satellite system providing Internet access to remote parts of the planet. And hacking satellites isn’t just for film and television anymore2.

Before Starlink started launching small satellites into low Earth orbit (LEO), most satellite communication (SATCOM) systems focused on aviation, maritime, and military. There have also been some consumer Internet providers like ViaSat and HughesNet, but given the high latency and low bandwidth they offer due to their use of geosynchronous satellites, they weren’t very appetizing as targets*. Now that there are high speed, high bandwidth options, and more specifically, now that commercial satellite Internet communications have entered prominently into geopolitical conflicts3, they have become a much more interesting set of targets for hackers and for nation states4.

Hacking satellites is not actually a new thing. One of the earliest public discussions of SATCOM attacks was made at the Black Hat hacker’s conference in 2014 by Ruben Santamarta, the principal security consultant at security company IOActive. At that time, Santamarta showed some proof-of-concept attacks on SATCOM systems. Four years later, in 2018, his research proved that these attacks were not merely theoretical2. One year after that, Bill Malik, VP of Infrastructure Strategies at Trend Micro, showed the attendees of the RSA conference a list of known intrusions into NASA systems, and several included attacks on satellites. In his words, “[Satellites are] snazzy, they’re wild, it’s spaaaaace, but they’re IoT devices”5. Vulnerabilities he described included lack of encryption, limited memory storage, poor authentication, and the inability to update/upgrade software.

More recently, hackers have started turning their attention to Starlink satellites, and to their ground-based transceivers. Earlier this year, in fact, a Belgian security researcher named Lennert Wouters successfully hacked a Starlink satellite dish using a homemade circuit board that cost around $25 to develop. He revealed his findings, and the steps he took to achieve them, at this year’s Black Hat6. Unlike malicious hackers, however, Wouters submitted a full report to Starlink before going public, and their response was surprising because it not only acknowledged the validity of Wouters’ research, but it encouraged him and other security researchers to “bring on the bugs”7.

With so many systems, services, and essential processes becoming increasingly dependent on reliable and secure Internet connections, the potential for damage and harm from attacks to satellite systems that are providing those connections will only continue to grow. It will be interesting to see how those systems evolve going forward, and whether they will be any better at incorporating security into their systems than their predecessors.

References

1. Crist, R. Starlink Explained: Everything to Know About Elon Musk’s Satellite Internet Venture. CNET https://www.cnet.com/home/internet/starlink-satellite-internet-explained/ (2022).

2. Eddy, M. Satellite Communications Hacks Are Real, and They’re Terrifying. PCMAG https://www.pcmag.com/news/satellite-communications-hacks-are-real-and-theyre-terrifying (2018).

3. Simonite, T. How Starlink Scrambled to Keep Ukraine Online. Wired https://www.wired.com/story/starlink-ukraine-internet/ (2022).

4. Browne, E. Fact Check: Did Kremlin threaten to destroy Starlink satellites? Newsweek https://www.newsweek.com/russia-starlink-war-ukraine-satellite-1743675 (2022).

5. Eddy, M. Want to Hack a Satellite? It Might Be Easier Than You Think. PCMAG https://www.pcmag.com/news/want-to-hack-a-satellite-it-might-be-easier-than-you-think (2019).

6. Montalbano, E. Starlink Successfully Hacked Using $25 Modchip. https://threatpost.com/starlink-hack/180389/ (2022).

7. White, M. J. Starlink Got Hacked And SpaceX’s Response Was Incredible. MSN https://www.msn.com/en-us/news/technology/starlink-got-hacked-and-spacexs-response-was-incredible/ar-AA10BGo3 (2022).


* Full disclosure: My home is in a remote area and I have used satellite Internet providers for years. The best that can be said for services provided by HughesNet and ViaSat is that they are better than dial-up. Starlink, by comparison, is phenomenal.

Leave a Reply

Your email address will not be published. Required fields are marked *