The European Space Agency (ESA) successfully completed its first-ever live pen testing exercise on one of its nanosatellites, while it was actively orbiting the Earth. Researchers were able to take complete control of the satellite, proving worrisome risks to the entire space ecosystem.
Ethical hackers hired by the space agency were directed to compromise the orbiting satellite to find vulnerabilities that nefarious threat actors could potentially exploit.
The live test was conducted during CYSAT, one of the world's largest cybersecurity and space industry events, held in Paris last week.
“The goal: show space engineers how hackers think, what damage they can do on a satellite & how an attack can be detected, remedied, and eventually prevented,” CYSAT said.
Thales, a digital technology firm headquartered in Paris with its own dedicated aerospace and defense departments, provided the four-man research team.
The Thales team was able to take full control of the demonstration satellite, including access to the onboard system used to manage the payload's global positioning system, attitude control system, and onboard camera.
This resulted in the ability to compromise data being sent back to Earth, specifically by modifying the images captured by the satellite's camera.
The team was also able to “achieve other objectives such as masking selected geographic areas in the satellite imagery while concealing their activities to avoid detection by ESA.”
The team, which used standard access rights to gain control of its application environment, was also able to exploit several vulnerabilities to introduce malicious code into the nanosatellite's systems.
“With the growing number of military, as well as civil applications that are reliant on satellite systems today, the space industry needs to take cybersecurity into account at every stage in the satellite's life cycle, from initial design to systems development and maintenance,“ said Thales VP of Cyber Solutions Pierre-Yves Jolivet.
“This unprecedented exercise was a chance to raise awareness of potential flaws and vulnerabilities so that they can be remediated more effectively, and to adapt current and future solutions to improve the cyber resilience of satellites and space programs in general, including both ground segments and orbital systems," Thales said.
The ESA said they retained autonomy over the satellite throughout the demonstration, which was returned to normal status after the event.
"Too many critical services on Earth depend on the collection and transmission of data by satellites," CYSAT explains on its website.
Many older satellites have been in orbit since 2012 and were “not engineered in a hostile environment like the internet or another evolution technology that's taken place over the last decade," said Chris Rouland, CEO of Phosphorus Cybersecurity back in 2022.
According to CYSAT, satellites have historically been designed to be reliable and not secure.
“This is now a huge challenge as….aging satellites that are vulnerable to hackers from adversarial nation-states, such as Russia, possess immense cyberattack capabilities,” said Charles Denyer, a cybersecurity and national security expert.
On the day of the Russian-led invasion of Ukraine, the Kremlin disrupted the KA-SAT network, causing outages to thousands of Ukrainians extending throughout parts of Europe.
Satellite imagery has been a coveted asset in the conflict, used on both sides to try and gauge strategic troop positions and by OSINT groups to dispel Russia’s consistent denial of military attacks.
Elon Musk’s Starlink satellites have provided steady internet capabilities to Ukraine, combating Russia’s relentless campaigns to take out Ukraine’s communication infrastructure and critical services.
Meanwhile, China has publicly declared war on Starlink’s constellation of around 3,500 satellites orbiting Earth, with this number expected to more than triple over the next 5 years.
The Communist regime is developing its own fleet of satellites to compete with Musk’s Starlink program, which has so far proven resistant to all hacking and jamming attempts.
Each satellite will be equipped with new AI weapons, including lasers and high-powered microwaves. They'll also have the ability to carry military payloads.
Beijing researchers also claim that the Chinese satellites will be designed to detect, identify, track, and catalog all the details belonging to each individual satellite in the Starlink fleet.
Your email address will not be published. Required fields are markedmarked