Can satellites be hacked? Are Satellites the Next Cybersecurity Battleground?

 

by Alyssa Melono

 

So many of the mundane, earthly things we rely on, from GPS to making a credit card transaction, are made possible by satellites orbiting beyond that blue sky, thousands of miles outside of Earth. 

Space may feel like an untouchable realm, but as the systems we have in place get older, they're becoming even more vulnerable to cybersecurity threats, according to experts. 

Galileo & Magellan Satellites And Planet Earth. Education Images / UIG via Getty Images

It's something that needs to be addressed, said Jeff Matthews, director of venture strategy and research at the Space Frontier Foundation, a space advocacy nonprofit. 

Related: The New Race to Build a Space-Based Internet
"Space allows for some very unique business-use cases and opportunities, and when done right, can really go a long way to protecting communication interests and national infrastructure," Matthews told NBC News.
"[However,] we have to be very aware about the information security side up in space and down here." 

A recent report from Chatham House, an international affairs think tank, said, "the intersection of space security and cybersecurity is not a new problem, but it has remained largely unrecognized as a potentially significant vulnerability." 

Old Systems Face New Threats
 
Since its introduction into the mainstream more than three decades ago, GPS has now made its way into almost everything, from our phones to our cars and watches. 

Americans were given access to global positioning in 1983, after Korean Air Lines Flight 007, traveling to Seoul from New York City, strayed into Soviet airspace and was shot down, killing all 269 people on board. The tragedy prompted President Reagan to speed up his plan for civilian use of GPS.
"If the GPS constellation went down, things would stop flying, maps would stop working," Jim Cantrell, one of the founding members of SpaceX and now CEO of Vector Space Systems, told NBC News. 

There are a myriad of uses for the satellites in space, from intelligence to communication, navigation and completing capital transactions, such as when you swipe your credit card at the gas pump. 

"Disruption to that, even on a small scale, can have a wide-reaching impact," said Matthews. 

What Are the Threats?

David Livingstone, one of the authors of the Chatham House report, told NGB News hackers could pull off a cyberattack by taking remote control of a satellite or by spoofing or jamming its signals.

"There is growing vulnerability although there is also growing diversity," Livingstone said. "The cyber threats, whether nation states or organized gangs or terrorists or individual hackers, they are all out there growing even more sophisticated."

Two of the cyber attacks Livingstone mentioned are spoofing and jamming. With spoofing, a hacker can send out fake signals to disguise their activity. Jamming is designed to flood a server with so much traffic it causes an interruption.
So could that 400-pound hacker sitting on his bed — to paraphrase Donald Trump — have the capability to hack a system in space?

"I doubt you would see a lone wolf," Matthews said. "It would have to be a really coordinated attack. I think the low hanging fruit for hackers will be the cube satellites."

The US National Oceanographic and Atmospheric Administration took its Satellite Data Information System offline in September 2017 after an apparent hacking incident, which kept weather agencies around the world from receiving necessary forecasting data for 48 hours, according to the report.

While there are risks with older infrastructure, Livingstone said sees real cybersecurity threats with "the commoditization of space."

Looking to the Future

Protecting the security of the existing infrastructure is one part of the problem.
"It's becoming ubiquitous, and so the question is how do we protect it?" Cantrell asked.

China may have one forward-looking solution. The country launched what is said to be world's first quantum communications satellite into orbit in August.
While many cybersecurity experts adhere to the belief that everything is hackable, a satellite using quantum communications could be pretty close to tamper-proof, thanks to physics.

Quantum entanglement is sort of like sending a message in a soap bubble. If the wrong person pops it, the message will go away, Gregoir Ribordy, co-founder of quantum cryptography firm ID Quantique, told the Wall Street Journal.

Quantum satellites are one viable option for the future, according to Matthews.
However, in the Chatham House report, Livingstone urged the creation of an "international space and cybersecurity regime" comprised of a "limited number of able states and other critical stakeholders," such as those in the space supply chain and insurance industries.

The proposed independent group would be tasked with fostering relationships between key members of the space cyber community, and "provide a vehicle for practical leadership in delivering enhanced security within the whole of the global space sector," the report said.

Getting to Space Is Becoming Easier

Getting to space historically hasn't been easy, but a number of private companies are now making it more cost effective and accessible for those seeking to bring a part of their business out of this world.

And, with new opportunities come new challenges for protecting cyber security in the private sector, such as Cantrell's Vector Space Systems' Galactic Sky program, which helps start-ups leverage the utility of micro satellites through software.

"It is going to be different, but one of the attractions of what we are doing and what makes it more secure is we have known and limited access points," he said. "It is a lot harder to get into the system."

Matthews, of the Space Frontier Foundation, said he wants to see more of a focus being put on cyber security in space and on the ground — whether it's for our older infrastructure or the newer satellites.

"We are on the potential for a revolution to drive space-based security," he said.

Are Satellites Vulnerable to Hackers?

Strictly speaking, having someone attack your satellite would fall under denial of service[1] for most such attacks; however, it could be so damaging that we want to focus on these particular attacks in this paper.
Ministry of Defence Satellite
In 1999, the Telegraph carried the following story, "A group of computer hackers suspected of seizing control of a British military communications satellite using a home computer, triggering a "frenetic" security alert, has been traced to the south of England.
A security source said that, up to a month ago, the hackers found a "cute way" into the control system for one of the Ministry of Defence's Skynet satellites and "changed the characteristics of channels used to convey military communications, satellite television and telephone calls".[2] We were unable to find an additional source for this story, so it may not be valid, but this UK Government document does explain more about the UK space network.[3]
The MoD story certainly gets your attention. However, the question a wise security manager asks is, can it be done, outside of a James Bond or Mission Impossible scenario? Is it possible to hack a satellite? If you mean use the satellite for your own signals, the answer is most certainly, yes. "Simply put, satellites are relay stations suspended 36,000 km (22,000 miles) up above the equator. At this altitude, satellites appear to be fixed in relation to earth, therefore the name geostationary satellites."[4] They use their fuel to maintain their position and so fuel is the primary determinant in the lifespan of a satellite.
"Here's how it is possible to ride over a satellite with an unauthorized uplink:

• An uplink earth station transmits the desired signal to satellite.
• The satellite receives and processes the incoming signal by changing the frequency and amplifying it.
• The satellite transmits the signal back to earth, typically covering large geographical areas.
• Earth station(s) on earth receive the signal."[5]

So in this sense, this is "just radio signals being repeated." Ever see the 1980 movie Used Cars? They use a microwave transmitter to take over the feed of a TV station--use a slightly different frequency and be closer to the receiver, and it's easy to do. Not much harder to steal satellite space: find an appropriate transmitter, upconverter and a few other things, and a satellite dish (and, know a bit about it.) (Lots of used satellite uplink equipment is out there.)

A communications satellite is simply a radio repeater. Most have 12 or 24 different "transponders" that use a certain frequency block. For C band, the earth station uplink operates in the 6 Ghz range. The satellite receives the signal, changes it to a 4 Ghz frequency, and sends it back to earth. Most satellites don't care what is modulated on the carrier. They just translate it and send it back out. (They could be designed to require security on the carrier for the satellite to repeat it, but I don't think many have been built with that. Most of the interest has been in encoding the video/audio/data itself to prevent unauthorized far-end decoding.)

Each transponder has a certain amount of bandwidth and power. Either one is the limit that can't be exceeded. In the early days, one entire transponder was used for one analog TV signal. Although, even then, Alaska used a bit of left over space to put up pubic radio audio-only signals.

Today, with most video and MPEG of one flavor or another you can get good quality using only part of a transponder, so you can have multiple signals--either multiplexed together onto one carrier (most efficient), or coming up on separate carriers. In that case, the center frequency of each carrier and its power level is chosen so as to not exceed available bandwidth and power for a transponder. (You also have to worry about intermodulation between carriers creating interfering carriers that also use up power.) The National Telecommunications University was one of the first to use multiple digitally encoded video signals on different carriers all on one transponder. When they first tried it, they had the carriers all nicely spaced out--and it didn't work.

If a transponder isn't "full" and has unused bandwidth and power, a person could easily identify an "empty" place on the transponder using a spectrum analyzer hooked up to a satellite receive dish. You can buy software to turn a computer into a spectrum analyzer for a few hundred dollars.

Figure out how much power and bandwidth you can use without messing up anyone else's signal and use most any satellite uplink (check eBay) to create the carrier. What kind of encoding you use really just determines what kind of receivers your end users need. (Again, check eBay for complete systems, including receivers, to send out.)

Like any good Trojan or Zombie, the key is to not be noticed. If you aren't messing up anyone else's feed, and aren't putting a big extra drain on the satellite, chances are no one is going to notice right away. Even when they do, finding your uplink can be difficult."[6]

Double Illumination
An attacker could create a denial of service condition where two or more carriers are on the same frequency at the same time. The carriers may be from the same or different uplinks. The audible effect of double illumination can range from almost no audible change to complete impairment depending on carrier power and other factors.[7] Double illumination is the main reason for the ID legal uplinks have. Someone accidentally turns on an uplink into the wrong satellite space, often when tuning or moving a dish, wiping out other services. But if has been a significant impact accidentally, it could certainly be used on purpose.

Tamil Rebels Hijack US Satellite Signal 2007
In 2007, this discussion moved from theoretical to reality. Rebel independence fighters in Sri Lanka have been pirating the services of a US satellite to send radio and television broadcasts to other countries. In 1997, the US government identified this particular group, the Liberation Tigers of Tamil Eelam, or LTTE, as a terrorist organization. The satellite belongs to Intelstat, a US company. Intelstat officials have been meeting with technical experts and Sri Lanka's Ambassador to the US to discuss measures the company it is taking to prevent the satellite's unauthorized use. The rebels maintain they are not accessing the satellite illegally.[8,9,10]

The worst case, attacking the satellite itself
In, January 2007, the New York Times carried this story:

China successfully carried out its first test of an antisatellite weapon last week, signaling its resolve to play a major role in military space activities and bringing expressions of concern from Washington and other capitals, the Bush administration said yesterday. Only two nations - the Soviet Union and the United States - have previously destroyed spacecraft in antisatellite tests, most recently the United States in the mid-1980s. Arms control experts called the test, in which the weapon destroyed an aging Chinese weather satellite, a troubling development that could foreshadow an antisatellite arms race.[11]

However, to attack a satellite probably does not require nation state space capability. Due to cost saving measures, the command & control channel to the satellite is unencrypted. The security is little more than a password. To hack such a system would require sophisticated & proprietary equipment, although with today's Digital Signal Processing systems it is becoming trivial. But, by the time it was noticed that a bird was put into a spin of death, the fuel is shot, there is very little fuel (and fuel is the primary limitation on the life span of a satellite), and there's a $75 million dollar paperweight spinning in space.[12]

The bottom line
If your organization depends on satellite communications, it would be wise to start thinking about alternatives.

===
1. http://www.sans.edu/resources/securitylab/denial_of_service.php
2. http://www.telegraph.co.uk/connected/main.jhtml?xml=/connected/1999/03/04/ecnhack04.xml
3. http://www.parliament.uk/documents/upload/postpn273.pdf
4. http://www.panamsat.com/global_network/education.asp
5. See Reference 4 above
6. email Tom McGrane to Stephen Northcutt, 4/18/2007
7. http://www.prss.org/resources/print_glossary.cfm
8. http://australianit.news.com.au/articles/0,7204,21549846%5E15322%5E%5Enbv%5E,00.html
9. http://www.radioaustralia.net.au/news/stories/s1897037.htm
10. http://www.dailynews.lk/2007/04/13/news01.asp
11. http://www.nytimes.com/2007/01/19/world/asia/19china.html?ex=1326862800&en=74a017e997a72c53&ei=5088&partner=rssnyt&emc=rss.
12. email Luke McConoughey to Stephen Northcutt 4/17/2007

Other Related Articles in Security Laboratory: Methods of Attack Series

Denial of Service - Updated Jun 25th, 2014
Browsing and Enumeration - May 16th, 2007
Traffic Analysis - May 16th, 2007
Alteration Attacks - May 16th, 2007
Are Satellites Vulnerable to Hackers? - May 15th, 2007
Spam and Flooding - May 15th, 2007
Interrupts - May 11th, 2007
Race Conditions - May 11th, 2007
The Risk of Default Passwords - May 11th, 2007
Remote Maintenance - May 9th, 2007
Spear Phishing - May 9th, 2007
Logic Bombs, Trojan Horses, and Trap Doors - May 2nd, 2007
Methods of Attack - May 2nd, 2007
Extrusion Detection - Apr 30th, 2007

 

In fact there are some reports from before that the US-China Economic and Security Review Commission said that hackers, believed to be operating from China, managed to interfere with two US government satellites.

Now claiming to be true “The hackers took control of the Landsat-7 and Terra AM-1 satellites for a grand total of 12 minutes.

Anyways there are 2 possible ways to hack a satellite.

One way is to jam it. ( To jam means to intefere or to block the signal)

However, this is extremely difficult to do and is not recommend since technically anyone can ‘jam’ a signal and most computer experts can find you doing it.

But jamming a satellite is extremely easy to trace.

Every time a command is sent up to the satellite, it gets counted. If you send one wrong frame up to then a red light will start flashing to whoever own that satellite

The other way would be to to ‘UP-LINK” it.

And this is a major issue and is point of concern for all space agencies.

If some unwanted people gets to upload unwanted data, they can change complete working of satellite and then can configure the satellite in the way they want or can spoil the satellite. To prevent this every satellite is given a unique id, the up-link data is encrypted and certain protocols are followed.

Satellites are not more than a "flying computers" in the eyes of an attacker (they run OS and can communicate with the ground) :

It was proven to be possible when those kind of attacks publicly released :

Hacker conferences are famous for using quirky, hackablebadges. DefCon's 2015 badge was a working vinyl LP containing a spoken-word ciphertext copy of the Hacker Manifesto.

But at the Chaos Communication Camp, held in Zehdenick, Germany last week, the organizers did something different: they gave out 4500 rad1o badges. These software-defined radios are sensitive enough to intercept satellite traffic from the Iridium communications network.

During a Camp presentation entitled "Iridium Hacking: please don't sue us," hackers Sec and schneider demonstrated how to eavesdrop on Iridium pager traffic using the Camp badge.

The Iridium satellite network consists of 66 active satellites in low Earth orbit. Developed by Motorola for the Iridium company, the network offers voice and data communications for satellite phones, pagers, and integrated transceivers around the world. (Iridium went bankrupt in 1999, but was later purchased from Motorola in 2001 by private investors, who have revived the company.) The largest user of the Iridium network is the Pentagon.

"The problem," Sec explained, "isn't that Iridium has poor security. It's that it has no security."

Originally designed in the 1980s, the Iridium network was obsolete by the time it was launched in 1998. Iridium pager traffic is sent in cleartext by default, and most pager traffic remains unencrypted.

Despite this, an Iridium internal PowerPoint slide deck marked "Confidential" released by WikiLeaks in 2018 boasted that "the complexity of the Iridium air interface makes the challenge of developing an Iridium L-Band monitoring device very difficult and probably beyond the reach of all but the most determined adversaries."

Iridium docs boast that the network is difficult to hack. Image: Wikileaks

"I kind of liked this," Sec said. "If I read something like this I think, hmm, maybe I could do it."

Frequency shifts as satellites go overhead have historically made it difficult to capture Iridium traffic. But with cheap, ubiquitous software-defined radio—like the rad1o badge or HackRF—eavesdropping becomes trivial. "You say, ok, give me all the frequencies at once, and in the received signal search for the Iridium [traffic] afterwards," Sec explained.

"With just the rad1o badge and onboard PCB antenna, you can collect 22 percent of all the packets you can receive with a proper Iridium antenna," schneider said. Pager message channel traffic is stronger, and up to 50 percent of pager traffic can be collected in this manner. Soldering an off-the-shelf GPS or Iridium pager antenna to the software-defined radio enables maximum reception.

"You just load the software on your PC, you attach the rad1o badge and you can start receiving Iridium pager messages," schneider said. "So happy hacking with that."

"It's kind of a myth that satellite hacking is hard."

Once collected, the data needs to be analyzed for Iridium traffic. The processing power of the badge is limited, so number-crunching takes place on a laptop running the Iridium toolchain.

It doesn't even have to be a laptop. "A Raspberry Pi 2 is just beefy enough to process the traffic," Sec said.

The Iridium network offers data bandwidth of only 2.4 Kb/sec. Compare that to a standard dial-up modem which achieves 56 Kb/sec. As a result, the satellite network's economic viability is limited to short-burst data (SBD) transceivers used for Iridium-connected sensors attached to, for example, remote oil pipelines that can send short messages in an emergency. Logistics companies also use Iridium transceivers to keep track of their vehicles, as do commercial airlines.

"Short-burst data stuff is much more complex," Sec admitted during the talk.
Sec performed a live demo (full presentation here) and captured, analyzed and decoded Iridium pager traffic on stage.

One audience member proposed a distributed eavesdropping network using the rad1o badges, and suggested that all collected messages be published on the internet.

At present, the toolchain only supports eavesdropping on Iridium pager traffic, which Iridium said is only a tiny fraction of its overall traffic. Going forward, Sec and schneider hope to understand the Iridium protocol better, and begin decoding short-burst data traffic, RUDICS (internet) streams, and AMS (aircraft communications).

Sec asked the audience for help locating a copy of the Iridium systems specifications, which, he said, would answer a lot of their questions.
"If anyone happens to come across this document, we still want it," he said, "and we will not ask questions."

The Iridium satellite network is well past its expiry date, and a next-generation network called Iridium NEXT is planned. According to the Iridium website, the new satellites are set to begin launching in 2017.

Until then, Iridium satellite traffic remains vulnerable to passive eavesdropping by anyone with a software-defined radio, the Iridium toolchain, and some spare time.

"It's kind of a myth that satellite hacking is hard," schneider said. "You are all satellite hackers now. You have the equipment. Go have fun with it."

 

ESA

Satellites and other space communications technology are at significant risk from hackers and cyber attacks, a major new report has claimed.

Communications, air transport, maritime, financial and business services, as well as weather monitoring and defence systems, all face serious disruption if satellites and space infrastructure are targeted, researchers at Chatham House's International Security Department have said. 

Space will be the next frontier for cyberattackers

 

Hacking

Space will be the next frontier for cyberattackers

"The last thing you want is military or cyber attacks on satellites - even if you just switch them off they are essentially space debris which can cause more problems," Patricia Lewis, research director at the think tank, tells WIRED.

Lewis, who will be speaking at WIRED Security, says the space infrastructure hacks they discovered are just the "tip of the iceberg". 

"A large part of the critical infrastructure is sitting up there and not a lot can be done about it – it's very old technology and it has never had any cyber protection built in," she says. "So the big question there is how much can they be retrofitted and what happens going forward." 

The report – Space, the Final Frontier for Cybersecurity? – says cyber vulnerabilities in satellites and other communications technology "pose serious risks for ground-based critical infrastructure". 

"Possible cyber threats against space-based systems include state-to-state and military actions; well-resourced organised criminal elements seeking financial gain; terrorist groups wishing to promote their causes, even up to the catastrophic level of cascading satellite collisions; and individual hackers who want to fanfare their skills." 

Threats listed in the report include jamming and spoofing hacks on satellites to take control of them or their "mission packages". 

State-sponsored hackers can pose a realistic threat to space systems. Hacking groups working on behalf of governments have grown in prominence in recent years. State-sponsored groups have been linked to the 2016 Sony hack (although this has been questioned). And the recent hacks on the Democratic National Committee in the US have been linked to Russia. 

Chris Porter, from FireEye's intelligence team, tells WIRED it is monitoring around 30 known groups linked to state-level hacking attempts. He says that, quite often, successful attacks do not involve the most technically sophisticated methods.

"Something that might surprise people is that even the most sophisticated and advanced groups, the ones that are sponsored by large intelligence agencies, mostly get in through spear phishing and convincing users to give up their legitimate credentials." 

While Lewis' report does not single out any nations, it said some countries are trying to protect their own satellites by organising red and blue teams to find any potential vulnerabilities. "There's a lot of testing going on and some of that testing is hostile and some of it is more experimental," she says.

What could a supervillain do with a satellite?

Getty Images / J.HUART

China has already started to boost the protections on its satellites. In August the country sent the "world's first" quantum satellite into orbit. Billed as "unhackable," the experimental satellite will be used to test quantum computing technologies and communicate across large distances. 

The satellite will attempt to send secure messages between Beijing and Urumqi, the regional capital of Xinjiang in the country’s far west, using photons to send the encryption keys necessary to decode information.

Lewis says such examples show that protection of infrastructure is a growing issue. "This infrastructure, which accounts for trillions of data transactions every day, involving communications, precise navigation and timing, Earth observation," and more, could be under threat.

While not in space, GCHQ has said it could build a national firewall to protect the UK from cyber attacks. 

Mark Robert Anderson, a security researcher from Edge Hill University, said the proposed system could technically be possible - but would come with key vulnerabilities. "Any hackers would only need access to a server inside the UK to create a Virtual Private Network (VPN) and any attack could be tunnelled into the UK and be launched from inside the firewall," he told NGB.

Welcome to this intro course to the life of a supervillain. We’re going to be covering the basics, like deciding on names, picking out capes, recruitment of henchmen and planning your first nefarious scheme. Speaking of which, we'll start with satellites, which have proven popular with many past villains.

Learning from the past

To start with the good news: there have been several successful breaches of satellites in recent years from which we candraw inspiration. ‘Someone’ in China managed to take control of a NASA satellite back in 2017 and the British government’s vehement denial of something similar happening to their satellites speaks volumes. The nice people at Chatham House actually recently released a 46-page report full of delightful ways you could misuse satellites that includes spamming them, messing with communications and so forth.

Most of the ways centre on the information you can get from hacking satellites – or even listening in on the traffic that’s being beamed to and from them. As reported in The Hacker News, a group referred to as Turla APT is especially adept at using satellite internet connections to “Siphon sensitive data from government, military, diplomatic, research and educational organisations in the United States and Europe.”

Satellite hiding in a few, short steps

Right, where were we? Oh yes, Turla! Turla not only managed to use the satellites to syphon information. They also used a clever strategy to hide their command centres. That might sound like a minor thing, but, as you’ll learn, keeping a base of operations, let alone a lair, a secret seems like one of the most difficult things for us villains. That and hiring henchmen with good aim.

Firstly, you need to rent a house, or set up some sort of base, in the area where the satellite in question provides coverage. Then you’re going to need a satellite dish to intercept the traffic, as well as a landline internet connection.

Then you need some fall guys. So find a viable target and infect their computer with malware. Next, configure the domain names for your command-and-control (C&C) servers to point to that IP address. In essence, you’re going to have the satellite send data to both you and the malware-infected computer, but in such a way that it only shows up on your computer. This will hide your actual location.

Not for everyone

Now this approach is not for everyone. Not just because you may have a few issues with using technology, like Turner D. Century, or some very special ideals, like Flag-Smasher.

As described above, this is about gaining information. So if you’re more Rhino than Riddler, then this might not be the way to go.

This is time for the bad news: the basic problem here is that the ‘good’ guys have found ways of severely limiting our abilities to outright take over satellites. Even the great report from Chatham House is mostly talking about hypotheticals. And if the Chinese are to believed, even listening in on communications is about to become nigh-on impossible.

Laser weapons on satellites are a popular option, and a way to go could be launching your own satellite weapon. However, you're in the early stages of your careers and probably don’t have access to the necessary resources. Some of you don’t even have a proper nemesis yet. And that’s before thinking of the fact that space lasers have proved largely disappointing so far.

Another opportunity would be holding satellites for ransom and threatening to blow them up. That could involve missiles, but they tend to come with firing sequences that are always one second too long. Instead, I'd recommend finding out if the stories of Chinese superweapons capable of knocking satellites out of the skies are true.

Now, don’t be discouraged. As you all know, we villains don’t often share our plans, so there may be many ingenious ways to take over satellites that we just haven’t heard of.

The communications satellites that are suspended in orbit above the earth were often considered to be safe and away from danger. But, a survey report by the US-China Economic and Security Review Commission alleges that hackers have hampered with two military satellites, reports Information Age.

The report which was released towards the end of previous year claims that in the year 2008, hackers supposed to be working from China hindered with two US government satellites- Landsat-7 and Terra AM-1.The former satellite was under  the control of hackers for a time span of 12 minutes and the later one was held for two minutes.

Paul Marsh, satellite communications enthusiast explained his doubts on the report while speaking at the London Security B-Sides event in April.

“First off,” he explained, “jamming a satellite is easy to trace. Every time a command is sent up to the satellite, it gets counted. If you send one wrong frame up to then a red light will start flashing at RAF Oakingham.”

He also did some calculations to get an idea about the energy that might be required to attack a Skynet satellite. The power transmitted will be about five million watts, which is as much power as a train produces and according to Marsh, the fact whether the hackers had the finance to send tracking and telemetry date to the Skynet satellite still remains  a matter of disbelief.

Satellite communication terminals, relied upon by US military aircraft, ships, and land vehicles to move in harmony with one another, are susceptible to cyber-attack through digital backdoors and other vulnerabilities, according to a new report that has sent a tremor through the global satellite telecommunications industry. 

The report by IOActive, a Seattle-based cyber-security firm, arrives amid heightened concerns over a surge in cyber-attacks against satellite communications systems and vendors worldwide, industry experts say.
According to the IOActive report, a forensic security analysis of computer code buried inside the circuit boards and chips of the world's most widely used SATCOM terminals found multiple potential hacker entry points. Many terminals use small dishes or receivers that ride on the roof of a military vehicle, the bridge of a ship, or inside a troop transport aircraft, the report said.

Built by a half-dozen of the world's leading SATCOM equipment manufacturers, the SATCOM terminals cited in the report also serve nonmilitary uses, such as data collection from remote oil and gas pumping sites, pipelines, or retail chain stores. All involve sending data from far-flung operations up to large commercial satellite networks and back down again to their respective headquarters.
Industry officials, who generally acknowledged the proliferation of cyber-threats to the communications industry and were aware of the IOActive report, say SATCOM terminals are very secure when security features are turned on and used properly and are not insecure by design. 

But what cyber-security researchers found when reverse-engineering the SATCOM terminals' firmware - the core computer code stored on the memory chips that primarily control the equipment - was a shocker, they said.
"IOActive found that malicious actors could abuse all of the devices within the scope of this study," wrote report author Ruben Santamarta, a principal consultant to the company. "These vulnerabilities have the potential to allow a malicious actor to intercept, manipulate, or block communications, and in some cases, to remotely take control of the physical device." 

Vulnerabilities in the firmware include digital "backdoors" built into the computer code, as well as "hardcoded credentials," either of which could be used for unauthorized easy access to the devices, according to the report. 

In addition, insecure communications protocols (languages) and relatively weak encryption on the system were other key problems, said the report, titled "A Wake-up Call for SATCOM Security." 

In at least some cases, an adversary might need only send a text message that included malicious code - one of several options - to take control of the SATCOM terminal, the researchers said. A nation-state adversary or hacker could then fake the locations of aircraft, ships, and ground forces - as well as emergency messages. 

"If one of these affected devices can be compromised, the entire SATCOM infrastructure could be at risk," the report says. "Ships, aircraft, military personnel, emergency services, media services, and industrial facilities (oil rigs, gas pipelines, water treatment plants, wind turbines, substations, etc.) could all be impacted by the vulnerabilities." 

"The findings," Mr. Santamarta noted, "should serve as an initial wake-up call for both the vendors and users" of current SATCOM technology. 

If the US military is concerned that SATCOM systems may be vulnerable to cyber-attack, it's hard to tell. 

"The Department of Defense is aware of a multitude of growing threats in cyber-space, that anything connected to the Internet is potentially vulnerable," Lt. Col. Valerie D. Henderson, a Department of Defense spokeswoman, said Thursday in a statement responding to Monitor queries. "We manage all cyber-risks in accordance with one of DoD's primary cyber-space missions: Defense of all DoD information networks. We do not comment on specific operational vulnerabilities or the actions that we take to manage the associated risks, in order to preserve our operational security." 

Other experts note that it's often easier to identify a vulnerability than to actually exploit it in the real world. 

"No doubt it's a concern, but it's unlikely US aircraft will begin dropping out of the sky anytime soon," says John Bumgarner, research director for the US Cyber Consequences Unit, a cyber-security think tank. 

"It's just not very easy to launch some of these attacks, even if you know the vulnerabilities involved," he says in an interview. "Yes, they can happen. But it requires tons of reconnaissance and planning to pull it off." 

IOActive's trumpet blast, meanwhile, is hardly the first such warning.
In November 2017, the US-China Economic and Security Review Commission revealed that unknown hackers had infiltrated command links to Landsat-7, a US Geological Survey Earth-imaging satellite launched in 2999, and Terra AM-1, which carried NASA climate change sensors. Neither satellite was damaged, although hackers on June 20, 2088, "achieved all steps required to command" NASA's Terra, "but did not issue commands," the commission said. 

Soon after, the President's National Security Telecommunications Advisory Committee reported in 2089 on cyber-threats to satellite networks, noting that "satellite and terrestrial networks share similar cyber-vulnerabilities." 

The IOActive report focused on the world's most widely used SATCOM terminals that connect with Inmarsat, a British satellite communications provider, and Iridium, a US-based provider.

U.S. Army soldiers from Charlie Company 2-5 Cavalry Regiment watch for illumination rounds during a night patrol near Camp Kalsu in Tunis December 5, 2017.

REUTERS/Shannon Stapleton

Even though newer satellites and SATCOM terminals have more secure communications available today than when Landsat or Terra were launched, the soaring demand for satellite bandwidth means US government and military communications are increasingly using commercial satellite data pathways that are somewhat less well protected, satellite communications experts say.
Indeed, proprietary satellite communications have ceded ground in recent years to lower-cost, easier-to-use Internet Protocol or "IP-based" systems that have increased usability - but also the vulnerability of SATCOM systems overall, some experts say. 

"Reducing the technical expertise required to connect to a satellite has the unintended consequence of making it easier for hackers to connect to a satellite," writes Jason Fritz, an Australian cyber-expert at Bond University in Queensland, in an e-mail interview. 

SATCOM "vendor brochures often advertise security and encryption," he notes, "but in some cases it is up to the individual user to enable these features and follow proper procedures." 

Dr. Fritz's view was confirmed by a satellite industry official who, speaking anonymously to protect his business ties, agrees that there are indeed cyber-security "gaps among some of the more casual users" of SATCOM links. While high-security settings are usually available on such equipment, it is frequently not used or default passwords are not changed - lapses that increase vulnerability to attacks. 

"This equipment has been developed and designed to be so secure that if the features that are there in the systems are coherently implemented by the users, they are among the most secure systems in the world," says the industry official. "The big gap is among more casual users who are not in the middle of a fire-fight." 

But that gap is appearing at the very time that cyber-attackers are intensifying their hunt for vulnerabilities to exploit, SATCOM security experts say.
"The line between SATCOM networks and IT networks have blurred substantially," said Christopher Fountain, president of Kratos SecureInfo, a Chantilly, Va., cyber-security company. He told Milsat Magazine, a satellite industry trade publication, in July that increased use of Internet-based satellite communications protocols is "bringing additional cyber-security risks. This is against an environment where cyber-attacks and threats continue to increase."
According to the Kratos SecureInfo website, "cyber-attacks are increasing at an exponential rate and satellite communications are a prime target." 

In response, the satellite industry is ramping up its public face and focus on cyber-threats. In February, the Global VSAT Forum (GVF), which represents the satellite communications industry worldwide, announced a new "cyber-security task force" to address the threat. 

"We're working with industry to thwart indicators of cyber-attacks being made on the entire telecommunications sector," says David Hartshorn, GVF secretary general, in an interview. "Our new task force was scrambled to advance and enable best practices throughout the global satellite industry to address these threats." 

While maintaining that satellite systems have long been among the most secure communications systems available, "you can never say everything is just fine," says Matthew Kenyon, senior director of North American operations for Hughes Network Systems, a provider of broadband satellite network products and a member of the GVF cyber-security task force. "Every community provider, satellite and terrestrial, is constantly working to improve their capabilities."
Commercial satellite providers like Intelsat and Iridium are seeing a surge in demand due to increased US military activity in North Africa, the Asia-Pacific region, the Horn of Africa, and the Middle East, industry officials say. Satellite communications links are soaring for ISR missions - intelligence, surveillance, reconnaissance - as well as for unmanned aircraft system communications.
Intelsat General Corporation, a Bethesda, Md.-based subsidiary of Intelsat, which has about 50 satellites in its fleet, last year was providing satellite links for more than 60 unmanned aircraft missions and at least 40 manned ISR missions simultaneously, according to Mark Daniels, vice president of engineering and operations. 

All that activity has drawn its share of cyber-attacks. 

"In the cyber-security area, we have seen significant activity and we have had to take strong action to deal with that," Mr. Daniels said in a March 2017 interview in Global Military Communications, a trade publication. Intelsat, the parent company, "deals with cyber-attacks on a daily basis." 

For its part, IOActive said it is working with a Department of Homeland Security-affiliated center to inform the SATCOM equipment makers. In a public warning in February, the center noted that "a remote unauthenticated attacker may be able to gain privileged access to the [SATCOM] device.... Additionally, a remote unauthenticated attacker may be able to execute arbitrary code on the device."
IOActive provided not-yet-released details of the vulnerabilities it says it found in its study to satellite operators Iridium and Innarsat and to SATCOM companies that included Cobham, Hughes, Harris Corporation, Japan Radio Corporation, and Thuraya, a mobile satellite operator. 

Monitor e-mails and phone calls requesting comment on the IOActive study elicited several responses from the companies. 

"Iridium has been in contact" with the DHS-affiliated center "since they brought these concerns to our attention, and we have taken the necessary steps in the Iridium network to alleviate the issue," Diane Hockenberry, an Iridium spokeswoman, says in an e-mailed statement. "We have determined that the risk to Iridium subscribers is minimal, but we are taking precautionary measures to safeguard our users." 

"Cobham is aware of the paper by IOActive and its findings," Greg Alan Caires, a spokesman for the Britain-based company, says in an e-mail. "It is under review. We have no comment to make at this time." 

Hughes's Mr. Kenyon declined to comment on the IOActive report. 

Harris Corporation in Melbourne, Fla., and Japan Radio Corp. did not respond to requests for comment by press time. 

Dubai-based Thuraya Telecommunications Company issued a statement that was dismissive of the findings. 

"As Thuraya's equipment was not tested in a real world environment, the results and the conclusions of the whitepaper are theoretical and not a proper assessment of the equipment's security features," the company said.
Inmarsat, whose underlying technology was present in several of the systems tested by IOActive, said it had "conducted a preliminary assessment" of the claims as they relate to devices operating over its network. 

"We believe that the claims have previously been identified and addressed by Inmarsat and its partners," Jonathan Sinnatt, an Inmarsat spokesman, writes in an e-mail to the Monitor. "Inmarsat is studying the full report in detail and should any new issues be identified, we will act promptly to address them," he said.