In a presentation that is being called the world’s first ethical satellite hacking exercise, cybersecurity researchers will explain how they took control of a European Space Agency (ESA) satellite this week. The ESA satellite was part of an experiment that was touted as the world’s first ethical satellite hacking exercise. The European Space Agency (ESA) issued a challenge to cybersecurity professionals working in the ecosystem of the space sector, asking them to interfere with the functioning of the OPS-SAT demonstration nanosatellite that the ESA operates. Participants made use of a wide array of ethical hacking approaches in order to seize control of the system that was used to operate the payload’s onboard camera, global positioning system, and attitude control system. Unauthorized access to these systems poses a risk of severe damage to the satellite as well as a loss of command and control over the satellite’s intended purpose. The offensive cybersecurity team at Thales collaborated with the Group’s Information Technology Security Evaluation Facility (ITSEF2) to carry out this one-of-a-kind exercise. The goal of the exercise was to show the need of a high degree of cyber resilience in the very unusual operational environment of space.
Thales, a global defense and aerospace business, was able to successfully take control of a satellite that was being operated by the European Space Agency (ESA) during a test run that the company ran. In order to demonstrate how space systems are susceptible to cyberattacks, the experiment involves breaking into the satellite’s command and control system and sending instructions. Even though the experiments were carried out in a safe and controlled setting, they shed light on the dangers that exist when it comes to the possibility of an evil actor seizing control of a satellite in the real world, which may lead to potentially catastrophic results. Due to the fact that cyber attacks continue to provide a substantial obstacle to space exploration and safety, this event highlights how important it is to ensure the security of space-based infrastructure.
The team of four cybersecurity experts from Thales gained access to the satellite’s onboard system, utilized the conventional access permissions to take control of the satellite’s application environment, and then exploited multiple vulnerabilities in order to install malicious code into the satellite’s systems. This made it feasible to compromise the data that was transmitted back to Earth, in particular by changing the pictures that were collected by the satellite’s camera, as well as to accomplish other goals, such as masking specific geographic regions in the satellite imaging while disguising their operations in order to escape discovery by ESA. The simulation was put on especially for CYSAT in order to assist in determining how a genuine cyberattack may affect civilian networks and the possible fallout from an attack of this kind.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.