Las Vegas – Johannes Wilbold, a graduate student from the University of Ruura in Bochum, Germany, presented the concerning findings of his study on satellite safety at the Black Hat security conference. Wilbold examined three types of orbital devices and discovered that many lacked even the most basic security systems, leaving them defenseless against remote capture.
“People assume that satellites are reliably protected. These assets are expensive and should have encryption and authentication,” stressed Vilbold.
Surprisingly, services like the Ground Station As a Service (GSAAS) from AWS and Microsoft Azure allow individuals to communicate with satellites using only a credit card. Wilbold estimated that a hacker could construct their own ground station for just $10,000.
Wilbold’s research focused on three distinct satellite types, and the results were disheartening. Most lacked authentication protocols and transmitted signals without encryption. Wilbold demonstrated how one can readily assume basic satellite management functions and block the legitimate owner.
Remarkably, security concerns were given low priority during the development of satellites. Among the surveyed developers who had collectively worked on 132 satellites, a mere two conducted penetration tests.
Possible consequences of hacking include the transfer of harmful information or code, and in the worst-case scenario, collisions between satellites resulting in the creation of orbit debris that could disable other systems.
When asked if it is feasible to enhance the safety systems of satellites, Wilbold responded, “From a technical perspective, it is possible. However, the reality is that these systems are constructed within a narrow scope, leaving little room to implement encryption or authentication on existing systems. It’s not a practical solution.”
For more information, please refer to Wilbold’s presentation.