How Hackers Can Hijack a Satellite

A computer flying hundreds or even thousands of kilometers in the sky, at a speed of tens of thousands of kilometers an hour, is nonetheless still a computer. And every connected computer has an attack surface.

Researchers, nation-states, and even ordinary cybercriminals have long since demonstrated how to hijack the control and communications aspects of satellite technology. Just last year, on the day of its ground invasion, Russian hackers caused an outage for the Ukrainian satellite Internet service provider Viasat, and on Nov. 18, the pro-Russian hacktivist group Killnet performed a distributed denial-of-service (DDoS) attack against SpaceX’s Starlink system, which was providing connectivity to cut-off regions of Ukraine. More recently, the Wagner Group claimed responsibility for a temporary downage at Russian Internet provider Dozor-Teleport. The group did it, supposedly, by uploading malware to multiple satellite terminals.

It’s clear that we can disrupt satellite links, but what about the satellites themselves? The firmware and software hovering up there in the sky? Arguably, they’re just as exposed.

In a presentation next month at Black Hat USA in Las Vegas, Johannes Willbold, a doctoral student at the Ruhr University in Bochum, Germany, will demonstrate how satellites can be manhandled by hackers. (Hint: It’s not that hard.)

“There’s certainly a security by obscurity there,” he acknowledges, “but apart from that, a lot of satellites are not doing anything else to prevent misuse.”

Satellites Cling to Security by Obscurity

In a paper published earlier this year, Willbold and five colleagues surveyed 19 engineers and developers representing 17 different models of satellite. Of those 17, three of the respondents admitted they had not implemented any measures to prevent third-party intrusion. In five cases the respondents were unsure or declined to comment, while the remaining nine had, indeed, implemented some defenses. Yet even some of those better cases were iffy — only five of those nine, for example, had implemented any kind of access controls.

“So many of the satellites that we looked at just straight-up had no protection against somebody manipulating the satellite, except…