When I look up on a clear night into the heavens, I have to marvel at all of it; the stars, planets and even the man-made satellites plodding across the night sky. Some hackers see these same satellites as a new frontier too, but filled with vulnerabilities just waiting to be exploited.
Of the 5,000+ known satellites currently blanketing the earth’s upper atmosphere, 777 are active communication satellites. Some are for spying while others are still unidentified.
We have come to depend upon them daily, but there is much more to satellites than just GPS-based turn-by-turn directions. Satellites aid in weather prediction, Internet access, wireless phone communications, radio, TV broadcasts and the list goes on and on.
With the average cost to launch a satellite plummeting down from $400 million to only $57 million (due in large part to reusable rocket technology pioneered by SpaceX and others), we can expect the number of launches and orbits to increase substantially over the next few years. That will bring about an increase in satellite dependence for all and number of moving targets in the sky for those that wish to threaten that dependence.
At this year’s RSA, Trend Micro’s VP of Infrastructure Strategies, Bill Malik, called the range of vulnerabilities exposed on satellites “astonishing.”
Malik went on to demonstrate how relatively easy a hacker could target the Hubble Telescope and gain access to systems allowing one to open the camera hatch while the telescope is pointing directly at the sun resulting in destruction of its sensitive optics. Since most satellites are controlled from ground stations on earth, critical commands could potentially be intercepted, jammed or even overridden entirely. After all, ground stations are still run by humans prone to making security mistakes that hackers exploit regularly. In addition, low Earth orbit satellites can be reached by anyone using powerful directional antennas operating on the same RF spectrum. This would allow attackers from anywhere to overpower the communication link preventing the satellite from some essential instructions such as path correction, heading and use of onboard solar power arrays.
Low Earth orbit and geosynchronous satellite technology are in the midst of a renaissance. SpaceX is currently slated to launch as many as 12,000 satellites and Amazon has recently joined the satellite race with their own project Kuiper which promises to launch a constellation of 3,236 satellites at various altitude levels for Internet service covering 90 percent of the Earth’s population.
While the average price per pound for orbit has fallen to only $2,500, satellites can take between 2 to 3 years to build. In security, time is measured in days not years, so future-proofing a satellite expected to orbit for many years from emerging attacks is nearly impossible. In a perfect world, security measures should be the last thing on a satellite design team’s agenda, but it is also safe to assume that all technology can and will be hacked.
Going forward, researchers should consider employing GPS-based authentication methods to make sure that hackers are not manipulating satellites by spoofing ground station commands. Modern satellites utilize encryption, but that only slows down a hacker and nothing is 100 percent secure. Security must literally be built from the ground up starting at the ground stations all the way up to each and every satellite in orbit.
So, next time you find yourself marveling at the night sky, remember that a hacker might also be marveling at that same sky but for different reasons.
This blog originally appeared in Cybercrime Magazine.