Satellite Technology Advances but Satellite Security Lags Behind

This post is also available in: עברית (Hebrew)

There are currently thousands of satellites orbiting the Earth, and these numbers are only going to grow. The technology of these satellites is quickly improving, but are they protected enough?

Researchers from Ruhr University Bochum and the CISPA Helmholtz Center for Information Security in Saarbrücken have analyzed three current low-earth orbit satellites and found they were greatly lacking in security and had barely any modern security concepts implemented.

Even security mechanisms that are standard in modern mobile phones and laptops, like the separation of code and data, are non-existent on satellites, and the industry seems to heavily rely on security through obscurity.

The researchers examined two small research satellite models and one medium-sized model of a commercial company, which orbit the Earth at a short distance and are used to observe it.

The team from Bochum and Saarbrücken looked in detail at what the software running on the devices does and which communication protocols are used, then emulated the systems and rebuilt them virtually so that they could test the software.

According to Interesting Engineering, the satellites orbiting the Earth can only be contacted through their ground station on Earth within a timeframe of a few minutes. The systems must be resilient against the radiation in space, and since they can only consume a small amount of energy, they have a low power output.

After they completed the software analysis, the researchers figured out various scenarios of an attack on a satellite. For example, they showed that they could cut off the satellites from ground control and take over the systems, then take pictures with the satellite camera.

The research team compiled a questionnaire in order to find out how the people developing and building satellites approach security and submitted it to research institutions, the ESA, the German Aerospace Center and various enterprises.

“The results show us that the understanding of security in the industry is different than in many other areas, specifically that it’s security by obscurity,” concludes Johannes Willbold, co-author of the paper.

Many of the respondents stated they think satellites could not be attacked because there is no documentation of the systems, and nothing is known about them. Only a select few said that they encrypt data when communicating with satellites or use authentication to ensure that only the ground station is allowed to communicate with the satellite.

Following these results, Moritz Schloegel, co-author of the paper stated- “However, a lack of documentation doesn’t necessarily protect against attacks… Today, systems can be figured out through reverse engineering and their vulnerabilities can be identified. One of the goals of our project was therefore to bring the satellite and security communities together to promote a mutual understanding of the challenges of space applications and of the security standards that are in use today.”