11 April 2018
WASHINGTON ― Government and commercial satellite operators are increasingly the target of hackers, who are looking for inexpensive, but effective ways to limit space capabilities, according to a new report from the Secure World Foundation.
“A growing number of non-state actors are actively probing commercial satellite systems and discovering cyber vulnerabilities that are similar in nature to those found in non-space systems,” the report read. “This indicates that manufacturers and developers of space systems may not yet have reached the same level of cyber hardness as other sectors.”
The report, released April 10 and titled “Global Counterspace Capabilities: An Open Source Assessment,” points, among other vulnerabilities, to backdoors in Chinese electronics and Russian software packages used in the aerospace supply chain.
The authors, Victoria Samson and Brian Weeden, note that industry experts say that “despite some increase in awareness of the threat in recent years, the state of cybersecurity for satellite infrastructure remains dismal.”
Chinese hackers have been targeting cyber espionage operations at the U.S. and European satellite industry since at least 2007, the report said. More broadly, cyber attacks have included targeting command and control or data relay stations.
Techniques could include “fly-overs with manned aircraft, unmanned aerial systems (UAS), or weather balloons; signal disruption or hijacking through proximate positioning of broadcasting equipment using a more powerful signal, tapping the structure’s Internet or Ethernet cables, or piggybacking off of the station’s own data relays physical access, through either covert infiltration or social engineering; and network exploitation or attack, using traditional means,” the authors said.
While most satellite facilities are hardened against such attacks, the report notes that “sophisticated State attackers” have penetrated such systems.
In addition, hackers are also
trying to exploit the terminals used to process the satellite signal.
Using public information, the report cites cases of using very small
aperture terminals, or VSATs, were penetrated because factory passwords
were never changed. In another example, students were able to
essentially recreate a denial-of-service attack on a GPS receiver.