White hat hackers showed how to take over a European Space Agency satellite
Thales cybersecurity researchers have shown this week how they seized control of a European Space Agency (ESA) satellite.
This week, during the third edition of CYSAT, the European event dedicated to cybersecurity for the space industry, the European Space Agency (ESA) set up a satellite test bench, inviting white hat hackers to attempt seizing control of OPS-SAT, a nanosatellite operated by the agency for demonstration purposes.
Artist’s impression of OPS-SAT. Credit: ESA – European Space Agency
The offensive cybersecurity team at Thales demonstrated how to take control of the ESA satellite, the is considered the world’s first ethical satellite hacking exercise.
The exercise aims at assessing the resilience of satellites to cyber attacks. According to classified U.S. intelligence documents, China is developing capabilities to seize control of satellites operated by hostile states.
The OPS-SAT satellite is only 30cm high that was launched in December 2019, and according to the European agency, it contains an experimental computer ten times more powerful than any current ESA spacecraft.
“The European Space Agency (ESA) challenged cybersecurity experts in the space industry ecosystem to disrupt the operation of the agency’s OPS-SAT demonstration nanosatellite. Participants used a variety of ethical hacking techniques to take control of the system used to manage the payload’s global positioning system, attitude control system1 and onboard camera.” reads the post published by Thales. “Unauthorised access to these systems can cause serious damage to the satellite or lead to a loss of control over its mission.”
The Thales team demonstrated how to access the onboard system of the satellite, then used standard access rights to gain control of its application environment. The team identified and exploited several vulnerabilities in the satellite’s systems to inject malicious code. The experts were able to compromise the data sent back to Earth, including the images captured by the satellite’s camera.
“The Thales team of four cybersecurity researchers accessed the satellite’s onboard system, used standard access rights to gain control of its application environment, and then exploited several vulnerabilities to introduce malicious code into the satellite’s systems.” continues the report. “This made it possible to compromise the data sent back to Earth, in particular by modifying the images captured by the satellite’s camera, and to achieve other objectives such as masking selected geographic areas in the satellite imagery while concealing their activities to avoid detection by ESA.”
Thales pointed out that throughout the entire exercise, ESA had access to the satellite’s systems to retain control.
Cyber security of satellite systems is becoming crucial due to the growing number of commercial and military applications that rely on them. Thales researchers highlight the importance of ensuring cybersecurity at “every stage in the satellite’s life cycle, from initial design to systems development and maintenance.”
“This unprecedented exercise was a chance to raise awareness of potential flaws and vulnerabilities so that they can be remediated more effectively, and to adapt current and future solutions to improve the cyber resilience of satellites and space programmes in general, including both ground segments and orbital systems.” said Pierre-Yves Jolivet, VP Cyber Solutions, Thales.“