Our skies are full of satellites, more full than they have been, that is, because SpaceX’s Starlink and a bevvy of other soon-to-launch operators plan to fill them with thousands of small low-earth-orbit craft to blanket the Earth with satellite Internet coverage. Astronomers are horrified at such an assault on their clear skies, space-watchers are fascinated by the latest developments, and in some quarters they’re causing a bit of concern about the security risk they might present. With a lot of regrettable overuse use of the word “hacker”, the concern is that such a large number of craft in the heavens might present an irresistible target for bad actors, who would proceed to steer them into each other can cause chaos.
Invest in undersea cables, folks, the Kessler Syndrome is upon us, we’re doomed!
There Is Little As Dangerous As A Half-Truth
It’s worth taking a while to look at some of these stories, because when it comes to technology coverage there is little so dangerous as a half-truth in the hands of people who think Something Must Be Done™. Hacking satellites is an activity with a pedigree that goes back decades, but the advent of Starlink and others like it does not pose any more danger than any other of the craft launched since Sputnik back in 1957. To find out why it’s worth unpicking the sensationalist reports, and peering back in history a little way to uncover some of the real satellite hacking.
The Scientific American article linked in the first paragraph is representative of other similar pieces, and it starts by worrying about CubeSats. These relatively inexpensive satellites are often built from readily available parts which can be analysed for vulnerabilities, the story goes, making them an irresistible target for the Bad Guys.
On reading this half-truth it’s worth wondering whether the author really knows what a CubeSat is, because instead of a large unit with sophisticated propulsion and other onboard systems a Cubesat is a tiny device which simply doesn’t have space for much beyond the barest essential payloads. By and large they tumble through space for the limited time before their relatively low orbit decays, offering invaluable space-based opportunities for their builders but leaving relatively little scope for malicious activities. They lack the equipment to be instructed to switch orbits and smash into other craft, so while one being compromised would be a disaster for its owner it’s difficult to see how the average Cubesat would be a significant prize for an intruder.
They go onto another half-truth to cite the history of satellite hacking as a portent of future doom, under the premise that if it’s happened in the past then it must surely happen again. In some of this they are of course correct, in that there have been many instances of satellites being accessed by unauthorised third parties. But to cite incidents from ten, twenty, or thirty years ago as evidence is akin to citing vulnerabilities in a 1980s UNIX build as evidence of failings in a modern OS. Security comparisons between the two are simply not meaningful. To illustrate this it’s worth taking a look at some of the history of satellite hacking.
The Good Old Days Of Satellite Hacking
Decades ago, to be involved in space technology you had to be a government. The average Joe might just be able to listen to some satellite traffic, but the investment required to set up any kind of ground station was not in any way trivial. Thus satellites were not built with security in mind because it was deemed unlikely that anyone would have the means to access them. This led to many craft carrying open transponders, making them effectively always-on analogue repeaters in the sky.
As technology progressed it became possible to build or acquire ground station components for some of these transponders, and by the 1980s there were tales of shady companies selling transatlantic data links using illicit narrow-bandwidth carriers hidden amid the wideband TV feeds on commercial relays. This type of open-transponder hijack reached a mass-market in Brazil, where the US Navy’s Fleet Satellite Communications System dating from the late 1970s became so widely used as to become almost akin to a CB radio for the vast interior of that country. Even as satellite communications moved into the digital domain it was believed that the high barrier to entry would be enough of a deterrent, so for example the Iridium satellite phone system launched in the 1990s lacked encryption and could easily be eavesdropped upon with an SDR in 2015.
In 2020 though, even the most novice of satellite engineers will be aware of security, and we expect that the likes of SpaceX will not have employed novices. Just as you could steal a 1980s Cosworth Ford Sierra with rudimentary tools but their latest quick Mondeo model has a formidable engine immobiliser built-in, so is it likely to be no walk in the park to compromise any of the current crop of spacecraft. Their citing a satellite hijack story from 1999 as reason to be worried in 2020 is about as valid as worrying about the Mondeo because a child could nick the Sierra; it simply isn’t credible. It’s not that there are not legitimate concerns to be expressed with relation to satellite security, it is simply that inflamatory and shoddy journalism is hardly the way to approach them.
Space debris cloud header image: NASA image / Public domain