Cracking the final frontier: Reverse engineering and exploiting low-earth orbit satellites

Presented at REcon 2023, June 9, 2023, 1 p.m. (60 minutes)

This talk presents a comprehensive security analysis of low-earth satellites, which have gained immense popularity in the "New Space" era. Despite their growing numbers, the security of these satellites remains uncertain. After introducing the essential architectural components of satellites, we dive into the approach to reverse engineer satellites and exploit their vulnerabilities. Using emulation, we showcase live on stage the exploitation process and how to seize full control of the satellite. Satellites play an indispensable role in modern life, providing essential services such as telecommunications, global navigation, and earth observation. In recent years, we've seen an explosive growth in the number of satellites, primarily in the Low Earth Orbit (LEO), the main stage of the "New Space" era. However, despite the critical nature of many satellites and upcoming constellations, little research has covered their security. To the best of our knowledge, we are the first to conduct an in-depth security analysis and exploitation of real-world satellites. In our talk, we present the results of our security analysis on three real-world LEO satellites. Beginning with an exploration of satellite architecture and satellite-specific software aspects, we use an active European Space Agency (ESA) satellite as a running example. Then, we dive into reverse engineering the satellite software, with a focus on the satellite's command-and-control logic; this logic is key to exploitation as it processes telecommands sent from the ground station, which are used to operate and control the satellite remotely. We then highlight several vulnerabilities in the code that, in combination, allow attackers to take full control of a satellite. In particular, our exploits do not require compromising the operator's ground station, relying solely on the ability to communicate with the satellite via SDR. To demonstrate the potential impact of these vulnerabilities, we created a faithful emulation of one of the satellites, which we use to showcase our exploits live.

Presenters:

• Johannes Willbold
  Johannes Willbold is a doctoral student at the chair for systems security at the Ruhr University Bochum in Germany. In this doctoral thesis, he focuses on the security of space and satellite systems, with a special emphasis on understanding real-world security issues by studying otherwise hard-to-access space software. His first paper on the security of onboard satellite software "Space Odyssey: An Experimental Software Security Analysis of Satellites" was recently accepted to the IEEE S&P 2023 conference. In 2022, Johannes visited the Cyber-Defence Campus in Switzerland for an extended research stay on satellite security, where he investigated the security of VSAT systems. He is co-founder and co-chair of SpaceSec, the first academic workshop on space and satellite systems security, which is co-located with the top-tier security conference NDSS. He also participated in the Hack-A-Sat 2 finals, spoke at the CySat 2022 on the academic state of satellite security, and was recently invited to ESA for a talk on onboard satellite firmware security.

Links:

• https://cfp.recon.cx/2023/talk/3NU9DB/

Similar Presentations:

• 32C3 (2015) / So you want to build a satellite?: How hard can it be? An introduction into CubeSat development
• DEF CON 28 (2020) Virtual / Whispers Among the Stars: Perpetrating (and Preventing) Satellite Eavesdropping Attacks
• BSidesLV 2019 / Satellite Vulnerabilities 101