Researchers find satellite security lags decades behind the state of the art

Researchers find satellite security lags decades behind the state of the art

Thousands of satellites are currently orbiting the Earth and there will be many more in the future. Researchers from Ruhr University Bochum and the CISPA Helmholtz Center for Information Security in Saarbrücken have assessed the security of these systems from an IT perspective. They analysed three current low-earth orbit satellites and found that, from a technical point of view, hardly any modern security concepts were implemented. Various security mechanisms that are standard in modern mobile phones and laptops were not to be found.

Gunnar Braun, Technical Manager at the Synopsys Software Integrity Group, commented on the news: “Satellite hacks made their way from Bond movies into reality. We know that since at least the Russian attack on the Viasat satellite network at the beginning of the war against Ukraine. As our reliance on satellite technology continues to grow, it is certainly a good sign that satellite companies are allowing security researchers access to their systems, or even establish bug bounty programs and ethical hacking challenges. This creates awareness in and beyond the space industry and encourages action.

“One of the main issues with many such specialised, cyber-physical systems is the use of old and often custom software for commodity functions, for example communication protocol stacks. Security-by-obscurity is not a protection, certainly not since the advent of readily available fuzzing tools – as the researchers successfully demonstrated. At the very least, outdated or custom software components must be considered for replacement with up-to-date, open-source software modules. Well-chosen modules are built upon secure-by-design and secure-by-default principles and underwent inspection from security experts and tools. Software Composition Analysis (SCA) solutions help managing open-source software risks, alert on vulnerabilities and provide remediation advice.

“Finally, existing regulations and standards should be revised to assert an adequate level of security for any of our space-based assets. We must act swiftly and decisively to secure our satellite infrastructure, thereby ensuring the continued reliability and safety of our modern technological landscape.”

Browse our latest issue

Intelligent CISO

View Magazine Archive