Hacking today means everything from someone guessing your password and spamming your contacts with toxic links, to large-scale offensive cyber-attacks on infrastructure by sophisticated operators backed by nation states. But when it comes to hacking satellites, [Didelot Maurice-Michel] found himself tangling with some European Space Agency hardware.
As part of an event called HackCYSAT, hackers were invited to attack the ESA’s OPS-SAT, a CubeSat intended to demonstrate improved mission control techniques and more advanced satellite hardware. The onboard computer hardware is ten times more powerful than other existing ESA satellites and aims to take satellite technology to another leap forward.
As with most hacking competitions, it was not a perfect representation of an actual attack. Hackers were told to only exploit the payload and a system image was provided for them to work with.
[Didelot] goes into great detail explaining how he worked his way through the security architecture of the satellite’s software, which led to the takeover of the satellite with root privileges. He discovered several vulnerabilities along the way, which the ESA was notified of well in advance of the article’s publication this month.
In today’s geopolitically charged world, it only makes sense that satellites would become a new battleground for cyber-soldiers on all sides. Friendly exercises like HackCYSAT can serve as great training for those working on satellite embedded systems to help them strengthen security, while also serving as a useful guide for offensive agents to hone their skills.
We recently looked at the amazing bounty we can get from eavesdropping on satellites. If you’re experimenting in this space-based field, don’t hesitate to let us know your findings. Have fun hacking!