A team of researchers has proven that they can take full control of communications, imaging and even maneuverability systems by hacking a European Space Agency (ESA) satellite.
This trial was a controlled attack organized as part of ESA’s ongoing CYSAT conference. A cybersecurity team from multinational technology company Thales has accepted ESA’s Hack CYSAT challenge and has found a way to take control of an OPS-SAT nano-satellite first sent into low Earth orbit in 2019, according to the published statement. The hack allowed security hackers to access the satellite’s global positioning system, attitude control system, and even its onboard camera.
ESA reported that it remained in control of the satellite during testing and did not force the researchers to go into any craziness as the satellite orbited Earth. But the cybersecurity team said they accessed the satellite controls via its onboard system and then used standard access rights to enter the control interface. Researchers later proved that they can also add new, malicious code to the system.
The team showcased what they could do at the conference on Thursday, where a hacker could potentially mask parts of the satellite’s imaging system and hide themselves from the orbiting tracker. Of course, taking control of a satellite’s altitude controls and GPS could allow for far more dangerous moves.
“The space industry needs to consider cybersecurity at every stage of the satellite’s lifecycle, from initial design to systems development and maintenance,” said Pierre-Yves Jolivet, Thales’ Vice President of cyber solutions.
Can China hack foreign satellites?
Hacking of satellites is one of the worst situations for operators and a growing concern for governments in space travel around the world. A leaked CIA report documented by the Financial Times shows that the US believes China is developing ways to “take control” of foreign satellites. The document was part of a recent Pentagon leak, allegedly carried out by a 21-year-old government IT worker, but explains how China can take control of its systems by mimicking signals sent from land to orbiting satellites. China has been associated with US past attacks against observation satellites by attacking ground stations.
However, this was not the first evidence that orbiting satellites could be hacked. Last year, a Belgian researcher proved that he can hack a SpaceX Starlink terminal with his own special mode chip. This allowed him to place his own custom code on the network. Another academic team from the University of Texas was able to take control of a Starlink signal without even real intruding.
Commercial satellite systems are also known to be extremely vulnerable. In February last year, at the time of the invasion of Ukraine, European internet users reported massive service disruptions. Cybersecurity experts detailed how Russia hacked some mainstream satellite internet systems from companies like Viasat, despite US intelligence agencies warning companies of cybersecurity vulnerabilities in a report published by Bloomberg last month. As explained by Bloomberg, this hack involved Russian operators hacking into the company’s computer systems to cut connections. The hackers failed to gain control of the satellites.
52883
