PG - Satellite Vulnerabilities 101 - Elizabeth Wilson

okay good afternoon and welcome to besides Las Vegas really better now come on what do you think welcome right it's on video we want everybody know come on okay we'd like to cordially invite and thank our sponsors especially the inner circle sponsors a critical stack and Valley mail which are outside in case you missed them I also like to thank secure code warrior paranoids and Amazon say that ok cell phones please be courteous you know the rear oh ok I have a microphone I will pass it around we'll ask questions so we hopefully get record the conversations on their their feedback needed see the websites ok and for further ado I'd like to invite announce Elizabeth Wilson our guest

speaker thank you

hi so I'm Elizabeth Wilson and thank you for joining me today for satellite vulnerability is 101 now just to begin a little bit about Who I am I have a bachelor's in international business concentrated in Russian language and culture from the University of Texas at Arlington and after I got that I did a 180 and decided to go be a software developer for a few years I you can lean on some job I learned back in high school and passed an injury test and they let me in so did that for about a year and a half to two until I got a scholarship for my master's degree and I'm currently wrapping up my International Master in

security intelligence and Strategic Studies concentrating and security and technology based at the University of Glasgow Dublin City University and Charles University in Prague now the whole reason that stalk even came to be is while I was in Prague I took I got the opportunity to take a course in space security and I ended up writing my final paper on satellites and their vulnerabilities overall which has turned into this talk now I also just wrapped up a visiting research position over the summer at ETH Zurich Center for Security Studies which ended about a week ago so a week ago today I was nine hours forward so excuse me if I'm also a little bit jet-lagged still now to be in

as one of humanity's global Commons the frontier of space is really the responsibility of the entire international community it's one of the most important space assets if not the most important for both civilians and military is here on earth now they're used by billions of people every day without often time really thinking about it they've kind of become utilities that we just sort of take for granted until we reach a point where they're unavailable now we use them for of course Earth Observation communications navigation even precise timing and location for precise I like timing technologies such as banking and deep space telescopes now the most notable consequences that we would have if we lost a swath of our

satellites would be for one communications and transactions break down potentially of course to the point of a complete unavailability due to the increased loads on the terrestrial infrastructure as well as the lack of GPS forcing people to actually plot their routes manually again which would be interesting most would probably still just do it on their phones but some might break out paper maps and also the systems that have very precise timing such as in banking would suffer from clock drift which might end in freezing accounts because they have to have the transactions very tightly tied to the timing actually now there's also going to be of course loss of military capabilities and negative impacts on

weather prediction and climate data collection as well now it's just a little overview here these are the basic vulnerable nodes for satellite transmissions and for examples that you were making a satellite phone call you would be the requesting entity you would send out the request through to your service provider who would then send it up in an uplink to a satellite to then bounce it of course through at least one other satellite and back down a downlink to more terrestrial infrastructure to the ending caller and it would of course then go back the same other direction to make the connection for the phone call but each of these nodes is somewhere where the satellite systems are

vulnerable now there are two main categories of vulnerabilities and this would be physical in cyber but there is also hybrid vulnerability is where say somebody hacks into a satellite and then moves it into a dangerous situation physically or say if somebody uses physical force to corrupt the data on the satellite so those are also potentiality is where it's a little bit of both today I'm going to start with physical vulnerabilities now satellites are inherently easier to damage than any earthbound object due to their orbital velocity and at the explosion - radiation radiation that they have that we are shielded from from our atmosphere now these can be either accidental or intentional issues primarily our main threats right now are

actually accidental especially with the case of collision risk that's been increasing but there's also terrestrial and extraterrestrial weather interruptions as well now as I mentioned accidental collision risk is definitely growing very heavily especially with the propagation of things like the small Sat constellations that are going out currently a lot of them don't even have propulsion systems which means that there's an oncoming collision they cannot move out of the way one study even found that it was a thirty times increased risk between a hundred point zero 1 meter satellites versus a single one meter satellite due to the disbursement of the satellites have increasing the likelihood of impact and this is particularly worrisome when it all it takes is about a centimeter of an

object to do mission-critical damage to a satellite now as far as terrestrial weather interruptions go there is rain faint and I an ionospheric scintillation which can both interrupt and degrade signals for different reasons in the case of rain fade it's either electromagnetic interference or the absorption of the broadcast while scintillating actually kind of acts like a refraction of the signal and slowly degrades it until it's no longer recognizable now extraterrestrial e we have radiation as a very big threat which we typically shield by thickening the spacecraft walls it's really the only time that any sort of space armor is actually useful here but not all radiation can actually be shielded against in the case of the Van Allen

radiation belts which you can actually see in the background of this slide as a depiction of them these are two belts of catastrophic radiation that have been trapped in our gravity well and this is actually an area where that had one of those hybrid attacks would be a potential potentially and happening here because if you hacked into a satellite moved it into one of these belts you could easily destroy it now solar flares are also the other option for potential radiation damage to satellites they can degrade signals or destroy the lifetime of a satellite now unfortunately this physical aspect really is the most difficult area to mitigate risk in anything can really be turned into a

weapon against a satellite which is kind of why it's a bit silly when people talk about banning space weapons because I mean a satellite itself can be used as a weapon all it takes is a single centimeter object to just do damage enough to destroy the satellite more or less and ten centimeters I believe it is for catastrophic disintegration and with all of the debris that we actually have nowadays going up increasing and increasing especially with the ASAT tests it's becoming harder to track this debris as well and so people have been testing their anti-satellite weapons such as the direct ascent and Corbitt old-style ones and the difference in these two is really just the style of

how it attacks a direct ascent anti-satellite weapon would come up directly from the earth and intersect immediately with the satellite while a co-orbiting anti-satellite weapon actually goes into space and sits in weights kind of like a ticking time bomb and eventually when it comes in to put into the path it goes off now the there's a handful of countries that have proven their anti-satellite weapon technologies over the years most recently this year was India and they believe that was back in March and how I mentioned the issue with the debris growing you can see here this is a plot from I believe is the end of June that shows the debris that's still in the air

right now from the Indian satellite test and also to the left is a animation from the ESA showing the orbital debris and how much we have accumulated space junk over time that's I mean this is just the easiest to depict of course there's much more small tiny things you can't see as well and those are the most threatening to be honest because the hardest attract the other form of anti-satellite weapon is directed energy weapons and these would be lasers or microwaves in the case of lasers you can either dazzle or blind sensors typically but if it's a strong enough laser of course you can also do physical damage too while microwaves are more for interrupting processors and

maybe even permanently damaging the electronics on board an interesting aspect of these kinds of attacks is that the attacker may not even really know whether they were successful or not it might not actually outwardly show that there was damage done to the satellite even if they are successful this is also an area for another potential hybrid attack like with the microwaves where they could potentially destroy the data on board with a physical attack now moving on to cybersecurity challenges and if anyone's curious the binary does say something it's part of the intro to Star Wars Episode four I had to fill it with something now of course there's the typical and secure practices and issues

that affect normal networks are going to impact satellites as well because they are tied into these networks backdoors hard coded passwords and secure authentication all of those kinds of things but to top that off it's not lights have extremely long life cycles and that exacerbates the the issues here where you get these if nin Slee old legacy systems that have had immense investment going into them and then you have issues with patching it potentially even impossible to patch it because of a lack of knowledge time or money or the unavailability of even having downtime because it's a critical system so you can end up with very critical hardware or software issues that just can't be

fixed now there was an analog-to-digital transition that happened over the years that they really didn't have cybersecurity in mind in this process and the fact that like satellites are very limited processing power things weak encryption eat up a lot of processing power and you just can't put it on there because it takes up too much space and that that sort of also compacts with the fact that some people have made their satellites as a labor of love and say it's just for scientific reasons and they never even really considered the fact that somebody might want to hack it in the future and you know redirect the processing power to something malicious some people just never thought about it

and this is exemplified by the fact that when the Iridium network was launched it was considered essentially too complex to hack this is from 2007 it's a leaked PowerPoint slide from iridium and it says the complexity of the iridium air interface makes the challenge of developing an Iridium l-band monitoring device very difficult and probably beyond the reach of all but the most determined adversaries this is extremely nearsighted they really didn't bother with security at all it's kind of the old security by obscurity idea which is not very smart less than a decade later the Chaos Computer Club in Germany came together for their Chaos Computer camp and they took this hubris as a challenge and they decided to throw together some

homemade systems for snooping on the Iridium pager satellite system and they managed a basic one for about 50 euro and it was less than a grand to get a pretty solid set up here they were not able to intercept every signal nor were they able to decrypt everyone that they intercepted but it was a significant percentage and if anyone's more curious about this you can check out every day I'm hacking please don't see us on CCC's website it's really interesting talk and I highly recommend it now continuing on with other vulnerabilities satellite jamming is a major vulnerability in these systems partially because the satellite GPS signals are actually weak by design so it's very easy to overpower

them and jammers you can actually buy pretty availably online it's illegal to buy in most countries and illegal to use but in the UK it's only illegal to use interestingly enough so this can also be intentional or accidental because of how easy it is to happen actually in 2007 the US Navy was in San Diego conducting an exercise and they accidentally took down a large part of the city's infrastructure because it impacted ATM cell phone Airport traffic and a bunch of other critical systems when they decided to do some jamming out in the bay and of course they stepped forward and said oh I'm sorry this was us but for a while there was a lot of confusion going on in

the city because all of a sudden people's cell phones weren't working you couldn't use the ATM was it a major attack no thankfully but it could have been and that's one of the one of the issues there a less threatening one was for ten minutes a day and the London Stock Exchange they also had it go down every day for ten minutes for a long time and it was thought that somebody was hiding from their boss essentially like a delivery driver of some kind and it was intercepting the Stock Exchange's connections up for the timing with the atomic clocks and the GPS systems so that's just more of a nuisance though in that case now GPS spoofing goes one step

further from jamming and rather than just blocking it it also replaces the signal with a fake one in 2017 there was an issue with a bunch of ships in the Black Sea where they would show up with lost GPS fixing position or it would say that they were in the Delinda Airport over 25 nautical miles away now they were pretty sure they were not in the airport so obviously there was a little bit of something going on there and a very similar issue actually started happening around the Kremlin as well with taxis and it would show that they were actually at one of the Moscow airports rather than where they were near red square and the kremlin so these

these kinds of attacks are actually a big threat because if it was enacted at a critical time during a military mission it could severely impact our people and as a last example for this section one of the first cases of satellite interference captain midnite this was john mcdougall who dubbed himself captain midnite and decided to use his position at a satellite company one night to take over HBO's broadcasts for about five minutes and he displayed this lovely message of good evening HBO from Captain midnite 1295 a month no way Showtime and movie channel beware and an interesting aspect here if you go and look at a recording on YouTube from when somebody was recording this night

for the the film that was on the Falcon and the snowman you can see that hpo tried to retake back over the signal the show starts to come back and then it turns back to this message again and what was happening was HBO was a increasing the strength of their uplink to try and overtake him and he didn't crease his strength and then they increased theirs and eventually they gave up because they didn't want to damage their satellite and so he finally quit because he was afraid of getting caught which of course he eventually did and he's actually the reason the Electronic Communications Privacy Act of 1986 was passed which made satellite hijacking a felony so in his case it was

not a felony because it wasn't a felony yet yeah first like you said so also satellites have vulnerabilities that arise from their terrestrial support networks these are the connections of the people who run them and the ground systems themselves like NASA headquarters this attack surface and the variety of vulnerabilities are both very great there's a wide variety of ground infrastructure to be attacked as of 2011 NASA had 190 IT assets all dispersed around the u.s. that were linked into critical projects like Rovers and satellites now these high-value targets have typical security threats from cyber issues to supply chain attacks and insider threats and accidents so these these networked high-value targets are hit very hard with hacking attempts

eventually something is going to get through between fishing and social engineering malware and apts it's near inevitable the larger that an organization is personnel-wise the more likely that something is going to make it through the human element really is the weakest link in these technological systems in these cases in 2007 and 2008 hackers got into NASA systems via the internet and actually got to the point where they could have commanded the satellites they never sent any commands but they could have and that's a little worrisome now as I said the the human element is really the weakest link and this is also where insider threats come forth the big issue with insider threats is you don't

really know they're a threat until something happens because they're trusted and it's it's very hard to mitigate this kind of a risk a real-life example here would be Gregory justice who worked for Boeing satellite systems he was feeling a bit unappreciated at work and has had a bunch of pressure for money for his wife's medical bills and an online girlfriend that his wife didn't know about and he decided to try and meet with Russian intelligence in a hotel room to pass on some sensitive satellite information it was subject to export controls of course and surprise it was not Russian intelligence that he met with it was the FBI so he got caught in this case thankfully now moving on to

a last example here very small aperture terminals are an interesting case because these are mobile satellite system receivers essentially and they have them on many boats and ships around around the world and this is actually what came up with this little tweet here in the corner somebody created a live ship tracker via showed an there was exposed web services where they could actively track these ships due to the VSAT systems onboard and it was just the default credentials of admin one two three four of course so quite easy to find online or just to try a couple of times and you might get it so some basic security hygiene really would have stepped in here and made it a

little bit harder for this to happen definitely an interesting case I think that the link doesn't work anymore think they've patched the issues that were there at this point but I haven't checked it in a few months so there might be more issues again now to conclude here though satellite security is multi-stakeholder and multifaceted it these systems are widely dispersed both on earth and above it creating a very large attack surface but for both physical and cyber attacks there's a wide variety of vulnerabilities that are impacting this area many of which were just used in the nature of satellites themselves and the way that they've evolved now malevolent actors nature and accidents are really some of the biggest

threats to these areas but some basic security hygiene would really go a long way some really basic security hygiene like changing passwords now we really need more cooperation internationally to address these issues like I said at the beginning this is a global Commons that we are working in just like the open oceans we need to work internationally together we've had trouble with if people will say applying to put up a satellite here in the US and getting denied and then taking it to India and India putting it up issues like this add more threat to our orbit to adding more junk we need to have more agreements and more conversation between our countries the ones who have the capabilities of

putting things up into orbit anyways thank you for your time today I hope you enjoyed this and do I have any questions

cool have you looked into the the case where Iran captured a US drone was that GPS spoofing I have not looked into that specific case though I have read a little bit about it

thanks for presenting first of all have you seen any research on exploiting satellites for a financial gain as far as location of shipping etc I've heard about it a little bit but I haven't seen anything concrete

Hollywood and various others love talking about the Kessler effect and how we could end up blinded for four centuries until the stuff comes down what would it take to actually achieve that not obviously asking for myself but just uninteresting I mean it would probably have to be an issue with the debris just getting so cute for some so much of it that we can't track and so much small pieces that it just slowly I also don't think would ever get to that point that they the extremists point that they take in the whole Hollywood view but it could make it where we really can't put anything more up there because it's just not safe we need some

form of debris management system so my state was not questioned it's more so from from a previous history of consulting with last in Boulder Colorado around Satellite management when we design systems we design them for 50 years of support right 50 years is a long time the last project projects I saw there were so managing Cassini and Cassini was managed on Solaris 8 and when vulnerabilities came out for for solaris 8 and being that it was now owned by oracle and having to rely on oracle to create patches oracle would take six months or longer to create patches for our salad systems so just something to keep in mind that support is hard to find sometimes on these older

systems oh absolutely

sorry in your research have you come across anything that would resemble good redundancy or any redundancy systems for a lot of these exploits that these individuals here have been asking about things I know there are a lot of systemic redundancies for the actual physical devices by any sort of kind of like a networking - like if one goes down there's like more to pick them up things like that I mean that's honestly something that they're actively working on right now more to have more of but the part of the problem with that is the more you put up there the more hazard you're putting up there as well but that's part of why they're putting up so

many constellations nowadays is for that resiliency why they're kind of switching to those last question Thanks it's not really interesting um do you have any examples of k-band attack symptoms downlink or failing that any other examples of specific like times you mentioned like protocol attacks I do not currently at this time thank you everybody yeah thank y'all [Applause] [Applause]