Whispers Among the Stars: Perpetrating (and Preventing) Satellite Eavesdropping Attacks

Presented at DEF CON 28 (2020) Virtual, Aug. 8, 2020, 10:30 a.m. (30 minutes)

Space is changing. The number of satellites in orbit will increase from around 2,000 today to more than 15,000 by 2030. This briefing provides a practical look at the considerations an attacker may take when targeting satellite broadband communications networks. Using $300 of widely available home television equipment I show that it is possible to intercept deeply sensitive data transmitted on satellite links by some of the world's largest organizations. The talk follows a series of case studies looking at satellite communications affecting three domains: air, land, and sea. From home satellite broadband customers, to wind farms, to oil tankers and aircraft, I show how satellite eavesdroppers can threaten privacy and communications security. Beyond eavesdropping, I also discuss how, under certain conditions, this inexpensive hardware can be used to hijack active sessions over the satellite link. The talk concludes by presenting new open source tools we have developed to help researchers seeking to improve satellite communications security and individual satellite customers looking to encrypt their traffic. The talk assumes no background in satellite communications or cryptography but will be most interesting to researchers interested in tackling further unsolved security challenges in outer space.

Presenters:

• James Pavur - DPhil Student, Oxford University
  James Pavur James Pavur is a Rhodes Scholar at Oxford University working on a DPhil in Cyber Security. His academic research is primarily on the threats to satellite systems with a focus on satellite communications and trustworthy spaceflight operations. Prior to Oxford, he majored in Science, Technology and International Affairs (STIA) at Georgetown University where he graduated with the School of Foreign Service Dean's Medal (highest cumulative GPA) in 2017. He has held numerous internships and professional positions related to information security. This included acting as Director of Information Security for Students of Georgetown Inc. (The Corp), a student run non-profit with more than 300 employees. He has also assisted with computer crimes investigations as an intern with the United States Postal Service Office of the Inspector General, worked on embedded systems reverse-engineering as an intern at Booz Allen Hamilton, and even pentested air-conditioners for the Public Buildings Services while working for Telos Corporation. Outside of computers, James enjoys flying kites and collecting rare and interesting teas. @JamesPavur

Links:

• https://defcon.org/html/defcon-safemode/dc-safemode-speakers.html#Pavur
• https://infocon.org/cons/DEF CON/DEF CON 28/DEF CON Safe Mode video and slides/DEF CON Safe Mode - James Pavur - Whispers Among the Stars Perpetrating (and Preventing) Satellite Eavesdropping Attacks - Q&A.mp4
• https://infocon.org/cons/DEF CON/DEF CON 28/DEF CON Safe Mode video and slides/DEF CON Safe Mode - James Pavur - Whispers Among the Stars Perpetrating (and Preventing) Satellite Eavesdropping Attacks.mp4
• https://infocon.org/cons/DEF CON/DEF CON 28/DEF CON Safe Mode video and slides/DEF CON Safe Mode - James Pavur - Whispers Among the Stars Perpetrating (and Preventing) Satellite Eavesdropping Attacks.srt (subtitles)
• https://www.youtube.com/watch?v=ku0Q_Wey4K0

Similar Presentations:

• Black Hat USA 2020 Virtual / Whispers Among the Stars: A Practical Look at Perpetrating (and Preventing) Satellite Eavesdropping Attacks
• DEF CON 11 (2003) / Satellite TV Technology
• Black Hat USA 2015 / Subverting Satellite Receivers for Botnet and Profit