Share this article on:
A team of four security experts successfully hacked into and took control of satellite imagery systems at a recent space security event.
The CYSAT conference, organised on behalf of the European space industry, is aimed at “raising awareness about cyber security for space assets and data,” and was held last week in Paris.
Aside from all the usual keynote speakers and panels, the European Space Agency (ESA) set up a hacking test bench consisting of an OPS-SAT nanosatellite — itself a small test bench platform designed to test new capabilities in orbit — and challenged event attendees to breach its systems.
The 30-centimetre-high satellite has an array of testing platforms onboard and a number of communications interfaces.
The hackers from security company Thales successfully accessed the OPS-SAT’s onboard systems using standard access rights, and then took advantage of a number of vulnerabilities to upload malicious code. With this complete, the hackers were able to modify the satellite's onboard images before they were transmitted groundside and geomask entire areas from the satellite’s cameras.
All while remaining undetected by ESA observers.
“Thales is grateful to ESA and the CYSAT organisers for providing this unique opportunity to demonstrate the ability of our experts to identify vulnerabilities in a satellite system,” said Pierre-Yves Jolivet, vice-president Cyber Solutions at Thales, in an announcement.
“With the growing number of military as well as civil applications that are reliant on satellite systems today, the space industry needs to take cyber security into account at every stage in the satellite's life cycle, from initial design to systems development and maintenance. This unprecedented exercise was a chance to raise awareness of potential flaws and vulnerabilities so that they can be remediated more effectively, and to adapt current and future solutions to improve the cyber resilience of satellites and space programs in general, including both ground segments and orbital systems.”
While this demonstration is the first of its kind, real hackers have targeted satellites before.
A number of Viasat’s satellite systems were disrupted in the opening days of Russia’s illegal invasion of Ukraine in February 2022. The disruption of the KA-SAT network is thought to be the work of pro-Russian hackers, as disrupting satellite communications in Ukraine seem to have been the target, but the hack also affected a number of wind farms in Germany, where remote access to wind turbines was effectively cut-off due to the satellite outage.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.