Danger from space: how hackers can take control of orbiting satellites
German scientists have discovered a number of vulnerabilities in the software of research satellites – what will happen if attackers find out about them?
Thousands of different satellites revolve around our planet every day, providing uninterrupted operation of GPS, communications and other useful technologies. However, security researchers have been warning for years that more efforts need to be made to protect satellites from possible cyberattacks.
New analysis , conducted by a group of German scientists, provides a rare insight into some of the security flaws in the satellites currently orbiting the Earth. The researchers studied the software used by three small satellites and found that their systems are full of vulnerabilities and lack some basic security measures.
According to the academic paper, the analyzed satellites contain “simple” firmware vulnerabilities and clearly demonstrate that “extremely little security research has reached the space realm in the last decade.” Among the described problems, for example, is the lack of protection of communications with satellites and data encryption.
Theoretically, according to the researchers, the discovered vulnerabilities could allow an attacker to take control of a vulnerable satellite and direct it to collide with other space objects, which could potentially be very expensive for companies in the space industry.
Among the satellites analyzed by the researchers were the following models: ESTCube-1, OPS-SAT and Flying Laptop. Six types of vulnerabilities were found in their software, including unsecured management interfaces, lack of access verification, and vulnerability buffer overflows in the library GomSpace.
According to Johannes Willbold, lead researcher and PhD student at the Ruhr University Bochum, the current state of satellite security can be described as “security over secrecy” as the vast majority of organizations have simply refused to provide access to their satellites’ firmware.
Although the analysis focuses mainly on research satellites, it highlights the cybersecurity issues of all satellites in general, which many experts have been sounding the alarm for years.
According to Gregory Falco of Johns Hopkins University, software development for satellites is often done with legacy code, and the satellites themselves are built by engineers, not software developers.
While experts continue to warn about cybersecurity issues in space, the commercial space sector is booming. Private companies such as SpaceX have already launched thousands of satellites into Earth orbit, and who knows what will happen if one day attackers gain access to them and want to do mischief on a galactic scale.
“They [инженеры] They don’t care about safety at all. They probably simply do not have people in the state who know anything about this, ”Falco expressed his concern.