Hacking these days means everything from someone guessing your password and spamming your contacts with toxic links, to wide-scale offensive cyberattacks against infrastructure by sophisticated operators backed by nation states. When it comes to hacking satellites, though, [Didelot Maurice-Michel] found himself tangling with some hardware belonging to the European Space Agency.
As part of an event called HackCYSAT, hackers were invited to attack the ESA’s OPS-SAT, a CubeSat intended to demonstrate improved techniques for mission control and more advanced satellite hardware. The computer hardware on board is ten times more powerful than other existing ESA satellites, and aims to take satellite technology on a new leap forward.
As with most hacking contests, it wasn’t a perfect representation of a real attack. Hackers were instructed to only exploit the payload, and a system image was provided for them to work with.
[Didelot] goes into a great deal of detail, explaining how he worked his way through the security architecture of the satellite’s software, leading to takeover of the satellite with root privileges. He found several vulnerabilities along the way, with the ESA being notified of such well before publication of the article this month.
In today’s geopolitically-fraught world, it only makes sense that satellites would become another battleground for cyber soldiers on all sides. Friendly exercises like HackCYSAT can serve as great training for those working on satellite embedded systems to help them shore up security, while also being a useful guide for offensive operatives to hone their skills as well.
We recently looked at the amazing bounty to be had when eavesdropping on satellites, too. If you’re out there experimenting in this space-based field, don’t hesitate to drop us a line with your findings. Happy hacking!