Star Wars: Evil Constellation of Pwned Satellites

By Boris Loza, PhD

In the near future in a galaxy very, very close . . . it is a period of cyberwars in the galaxy. State-sponsored cybercriminals have won their first victory by exploiting the powerful Satellite Constellation. . . . A brave IT alliance of cybersecurity fighters has challenged the tyranny and oppression of the rebel Hackers Empire.

This may sound like the opening crawl from another Star Wars episode, however, this scenario may be not that far-fetched. Satellites have been used to provide global communications since October 4, 1957, when the former Soviet Union launched Sputnik 1, the world’s first artificial Earth satellite. Modern satellites are no longer stand-alone devices but operate as satellite constellations, that is, groups of artificial satellites working together as a system. Such constellations provide permanent global coverage, making sure that at any given moment at least one satellite is visible from anywhere on Earth.

Names like OrbComm, HughesNet, ViaSat, Starlink, or OneWeb may not come to mind when you think about internet services providers (ISPs). However, they are already big players in this field, delivering broadband satellite internet services worldwide.

Some companies provide commercial internet, like OrbComm, a US company that offers industrial Internet of Things (IoT) and machine-to-machine (M2M) communications. They offer services for tracking, monitoring, and controlling fixed and mobile assets in many sectors, including transportation, heavy equipment, maritime, oil and gas, utilities, and government. Other satellite internet providers, such as Starlink, OneWeb, and several others, are exploiting the internet niche in rural areas.

Starlink technology belongs to SpaceX (Elon Musk’s company), a US aerospace manufacturer and space transportation services company headquartered in Hawthorne, California. OneWeb (formerly WorldVu Satellites) is headquartered in London, with offices in California, Florida, Virginia, Dubai, and Singapore. Several other competitors for such services are just emerging and some are already well established. The scope of this article won’t allow for a discussion of all of these companies but will briefly describe two of them — Starlink and OneWeb.

From its creation in 2015, Starlink got everything on a silver platter, securing $885.5 million in grant funds from the US Federal Communications Commission.[1] By comparison, OneWeb filed for bankruptcy in March 2020 because it failed to raise the requisite capital. At that time, OneWeb laid off about 85% of its approximately 500 employees. However, the company retained control of its operational satellites during the period of court protection.[2]

Both Starlink and OneWeb utilize a satellite internet constellation, which is a network (constellation) of artificial satellites providing satellite internet service “from outer space.” These large constellations of satellites (sometimes referred to as a megaconstellations), orbiting in low Earth orbit (LEO, an altitude between 160 to 2,000 km, or 99 to 1,200 miles), provide low-latency, high-bandwidth (broadband) internet service. Because LEO is closer to Earth, it can provide lower transmission delays in satellite broadband services than geostationary orbit (also known as geosynchronous equatorial orbit, or GEO, about 35,000 km, or 22,000 miles, above the Earth’s surface).[3]

Starlink originally planned for a group of 4,425 satellites to orbit at an altitude of 1,200 km (750 miles), while another 7,518 satellites would orbit in a very low Earth orbit (VLEO) at 335–345 km (208–214 miles).[4] They would operate in the Ka-band (microwave range of frequencies from 26.5 to 40 GHz) and Ku-band (frequencies in the range 12–18 GHz). The system would use a peer-to-peer protocol that is “simpler than IPv6” and incorporate end-to-end encryption.[5] OneWeb will operate in 12 near-polar orbit planes at 1,200 km (750 miles) altitude. User service will be in the Ku-band and links to gateway ground stations are in the Ka-band.[6]

Like satellite TV, satellite internet sends a signal from a satellite to a receiver dish. The receiver is usually placed on your building’s roof, providing unobstructed access to the sky. Your internet modem is connected to that dish to convert the signal into an internet connection. A simplified explanation of how the satellite internet works could be outlined in the following steps:

1. A user has an antenna (dish) that is connected to a modem (provided by the ISP). This modem is connected to the user’s computer.

2. The user’s antenna sends an encrypted signal to the satellite above, providing the user’s authentication details.

3. The satellite receives the communication request and sends it to the ISP’s ground station antenna (dish). The ground station is connected to the internet and acts as the ISP’s internet access point.

4. Once the user is verified, internet traffic is sent back through the satellite to the user’s antenna and the modem to the computer.

According to some cybersecurity experts, hacking satellite internet connections is a lot easier than you think, almost like child’s play.[7] This is probably why Elon Mask invited high school kids to hack the Tesla Mothership and SpaceX Starlink satellites.[8]

Cybersecurity experts have been warning for some time about the growing risk of a major satellite cybersecurity breach. James Turgal, former managing director of Cyber Risk Services at Deloitte & Touche says, “[David DeWalt, CEO of Momentum Cyber] is correct about his fears of seeing a major cyber incident, whether that presents itself as an intrusion into the satellite itself or a breach into and collection of data transmitted from the satellite.”[9]

Some of the attack vectors for exploiting satellite internet vulnerabilities are characteristic of other technologies:

= Network

• Communication (radio frequency [RF] link) between the user’s antenna and a satellite
• Communication (RF link) between a satellite and the ISP’s ground station antenna
• Communication between the user’s receiving dish and the internet modem
• Communication between multiple ground stations
• Command-and-control (C&C) communication between satellites and multiple ground stations

-Communication between satellites (satellites use optical/laser connection to communicate among themselves)

= Software

• Patching/updates
• Secure code development
• Legacy software

= Hardware/physical security

= Satellites

• Ground stations
• Satellite dish antennas (user and ground station)
• Satellite launching equipment (e.g., SpaceX Falcon 9 rocket)
• Internet modem
• User computer

= Encryption

= Supply chain/third-party software

= Human factor

• Errors
• Social engineering
• Phishing
• Insiders
• Disgruntled employees

Satellite internet is a complex technology that introduces more vulnerabilities than simpler technologies. As we have seen with other modern innovations — mobile phones, IoT, and drones, for example — sooner or later, new and zero-day vulnerabilities are going to be discovered by nation-sponsored advanced persistent threat (APT) groups, rogue hackers, and security experts alike.

Satellite constellations are interconnected; if one is compromised, all others will be compromised as well. Some examples of well-known attack scenarios could be the following:

• Man-in-the-middle (MitM) attack that would allow hackers to eavesdrop on everything that is going to be transmitted.

• Distributed denial-of-service (DDoS) attack to create jamming and interrupt communications between the transmitter and/or receiver (modem and ground stations).

• Spoofing the satellite connection and making internet users communicate with the hackers’ stations instead of legitimate satellites.

• Malware attack that could allow satellite hijacking (altering or entirely replacing signals with malicious ones) and/or control. This allows hackers to control a constellation of botnets with C&C software. At that point, satellites are “pwned” (owned or controlled) or hacked.[10]

• Weaponize satellites. Because satellites operate in LEO distances, they may not burn out completely entering the Earth’s atmosphere. Therefore, they could be used as weapons, and terrorists could drop these physical devices into specific ground-based targets.

At the last Defcon, the largest hackers conference in the United States, in collaboration with the US Department of Defense (DoD), hackers had a Hack-a-Sat “capture the flag” event involving the hacking of satellites. One hacker team brought home $50,000 for hacking a DoD satellite.[11]

Searching the dark web for tutorials on how to hack satellite internet generated several results. However, the “surface” web also has several step-by-step instructions and YouTube videos on how to hack or intercept satellite communications.[12] Steps could look like the following:

1. For starters, buy a satellite dish with a low-noise block (LNB) converter. Look for a bigger dish that will provide a better signal range. This will be used to “sniff” for satellite broadcast communications signals. One good 36-inch (90 cm) dish on the internet sells for $183.

2. The next gadget you need is a tuner card, which allows a computer to receive satellite signals. This costs another $150.

3. After you have the hardware, find good satellite scanning software — Easy BlindScan and CrazyScan are popular, among others.

4. Now you are ready to start offline downloading of data, intercepting signals, and livestreaming radio, video, and satellite internet. Some of the software used for these purposes includes SkyGrabber, Skynet, FishNET, DVB Dream, ProgDVB (also available on Android), AltDVB, dvbsnoop, and TSReader.[13]

In the upcoming years, thousands of satellites will be launched by different satellite internet service companies. The question is not if, but when, space internet technology will be compromised. It is only a matter of time.

Such innovative technology also requires equally innovative security solutions for protection and uninterrupted functionality. The DoD’s Defense Advanced Research Projects Agency (DARPA) is exploring the use of blockchain technology for securing satellites, including developing what the DoD refers to as an “unhackable code.”[14] Other promising security solutions could be using machine learning to detect new threats and patch them in real time as well as using satellite best security practices as developed by MITRE.[15]

Although several space cybersecurity standards and regulations already exist — including the Committee on National Security Systems’s standards for commercial satellites that carry classified or otherwise sensitive data, and requirements set by the National Oceanic and Atmospheric Administration — more modern regulations for consumer satellite internet solutions need to be developed.[16]

Last year, the United States adopted Space Policy Directive-5, SPD-5, which is the first comprehensive government policy related to cybersecurity for satellites and related systems. This policy also outlines a set of best security practices.[17]

Satellite internet technology is coming to our homes and lives. Today, as never before, we need more security talents. We need to make sure that cybercriminals do not use this technology for compromising our privacy, identity theft, cyberbullying, doxing, or other cybercrimes.

[1] Corinne Reichert, “Elon Musk’s SpaceX Gets $885M from FCC to Help Bring Broadband to Rural US,” CNET, Dec. 7, 2020, https://www.cnet.com/news/elon-musks-spacex-gets-885m-in-government-funds-to-bring-broadband-to-rural-americans/

[2] Caleb Henry, “OneWeb Files for Chapter 11 Bankruptcy,” SpaceNews, March 29, 2020, https://spacenews.com/oneweb-files-for-chapter-11-bankruptcy/

[3] “Satellites 101: LEO vs. GEO Satellite Constellations,” Iridium, Sept. 11, 2018, https://www.iridium.com/blog/2018/09/11/satellites-101-leo-vs-geo/

[4] Caleb Henry, “SpaceX Asks FCC to Make Exception for NGSO Constellations in Connect America Fund Decisions,” SpaceNews, Sept. 19, 2017, https://spacenews.com/spacex-asks-fcc-to-make-exception-for-leo-constellations-in-connect-america-fund-decisions/

[5] Elon Musk (@elonmusk), “Will be simpler than IPv6 and have tiny packet overhead. Definitely peer-to-peer,” Twitter, Feb. 25, 2018, 2:45 a.m., https://twitter.com/elonmusk/status/967712110661615616

[6] Inigo del Portillo, Bruce G. Cameron, and Edward F. Crawley, “A Technical Comparison of Three Low Earth Orbit Satellite Constellation Systems to Provide Global Broadband” (PowerPoint presentation, 69th International Astronautical Congress, Bremen, Germany, Oct. 1, 2018), http://www.mit.edu/~portillo/files/Comparison-LEO-IAC-2018-slides.pdf

[7] Anthony Spandafora, “Hacking Satellite Internet Connections Is a Lot Easier Than You’d Think,” TechRadar, Sept. 2020, https://www.techradar.com/news/hacking-satellite-internet-connections-is-a-lot-easier-than-youd-think

[8] Ma. Claribelle Deveza, “Elon Musk Extends Invitation to Hack Tesla Mothership and SpaceX Starlink Satellites,” Tesmanian, April 22, 2020, https://www.tesmanian.com/blogs/tesmanian-blog/tesla-elon-musk-fremont-spacex-Starlink

[9] Mark Holmes, “The Growing Risk of a Major Satellite Cyber Attack,” Via Satellite, http://interactive.satellitetoday.com/the-growing-risk-of-a-major-satellite-cyber-attack/

[10] Paul Gill, “What Does Getting Pwned Mean?,” Lifewire, April 20, 2020, https://www.lifewire.com/what-is-pwned-2483497

[11] Scott Manley, “Hacker Team Wins $50,000 for Hacking a DoD Satellite at DefCon,” YouTube, Aug. 10, 2020, https://www.youtube.com/watch?v=SRQza6IxOjo

[12] Tomorrow Unlocked, “A Hacked Satellite Could Spell Disaster. So Why Is the U.S. Air Force Encouraging It?,” YouTube, Sept. 21, 2020, https://www.youtube.com/watch?v=76w6wPwnQh4

[13] “How to Hack and Intercept Satellite Communication,” International Institute of Cyber Security, https://www.iicybersecurity.com/intercept-satellite-communications.html

[14] Department of Defense, DoD Digital Modernization Strategy, June 6, 2019, https://media.defense.gov/2019/Jul/12/2002156622/-1/-1/1/DOD-DIGITAL-MODERNIZATION-STRATEGY-2019.PDF

[15] Samuel Sanders Visner and Scott Kordella, “Cyber Best Practices for Small Satellites,” MITRE Corp., https://www.mitre.org/sites/default/files/publications/pr-19-03753-01-cyber-best-practices-for-small-satellites.pdf

[16] Meg King and Sophie Goguichvili, “Cybersecurity Threats in Space: A Roadmap for Future Policy,” Wilson Center, Science and Technology Innovation Program blog, Oct. 8, 2020, https://www.wilsoncenter.org/blog-post/cybersecurity-threats-space-roadmap-future-policy

[17] Memorandum, “Space Policy Directive-5,” n.d., National Aeronautics and Space Administration, https://history.nasa.gov/SPD-5.pdf