Last month, the NBC drama State of Affairs featured a disgruntled former U.S. government agent who hacks into a government satellite system to view video that discloses real-time information about enemy combatants.
While this was a fictional plot point in a prime-time television program, its depiction in pop culture highlights the pubic conversation surrounding the current state of satellite cybersecurity, and the growing threat of satellite breaches.
Corporate hacking went mainstream in 2013, with high-profile breaches of companies such as Target and JPMorgan Chase. 2014 also witnessed Sony getting hacked, allegedly by agents of the North Korean government. While the full economic fall-out of the Sony attack is still being felt, Sony Pictures Co-Chair Amy Pascal resigned last month in the wake of the embarrassing and insensitive emails stolen and made public following that attack.
Already in 2015, January saw the hacking of YouTube and Twitter accounts belonging to CENTCOM, which oversees U.S. military forces in the Middle East. And in February, U.S. health insurer Anthem disclosed that it was the victim of a hack that compromised the personal and medical information of as many as 80 million people, exposing them to hugely expensive identity theft and medical fraud.
This has led to a new presidential executive order regarding the sharing of cybersecurity threats and information, cementing into place the role of the Department of Homeland Security (DHS) as the government lead for information sharing with the private sector.
This unprecedented uptick in publicized attacks, over the last few years, demonstrates not only the increased number and complexity of attacks, but also the alarming vulnerability of data held by corporations and governments.
Satellite hacking of terminal devices represents the next frontier of these ever-growing and more sophisticated breaches, and the consequences of satellite hacks extend far beyond financial damage to the companies involved.
Given the integral role satellites play across a range of economic sectors, successful breaches could wreak havoc in areas that range from terrestrial communications to military operations, from oil and gas pipelines, to financial markets and more.
Advances in satellite communications technology have brought us a more interconnected world—from television and radio broadcasts to GPS mapping; from more efficient stock exchanges to safer supply chains. However, cybersecurity safeguards have not kept up with cyber threats, and the ubiquity of satellite communications means increased vulnerability to potentially devastating attacks.
Known Satellite Breaches
U.S. military satellites have been subjected to hostile jamming attacks since at least 2006. In testimony that year before the House Armed Services Committee’s Subcommittee on Strategic Forces, then-Lieutenant General Robert Kehler (USAF, ret.) noted that an analysis of commercial SATCOM links over a 16-month period during Operation Iraqi Freedom found 50 separate instances of interference with military communications over commercial satcom channels. Of those incidents, five (or 10 percent of the total) were attributed to hostile jamming sources. i
In 2007, independent rebels affiliated with the Tamil Tigers in Sri Lanka successfully accessed the communications channel of a U.S.-made Intelsat satellite and used it to distribute propaganda via international television and radio broadcasts.ii Also in 2007, hackers gained control of the NASA Terra EOS Earth Observation system satellite for several minutes in June and again that October. Likewise, two separate attacks resulted in hostile control of the Landsat-7 satellite for short periods of time in 2007 and 2008.iii
Governmental Attacks—The NOAA Satellite Hack
Among recent breaches, The Washington Post reported last November that hackers based in China successfully breached weather satellites belonging to the National Oceanic and Atmospheric Administration (NOAA), which includes the National Weather Service.iv The breach resulted in NOAA’s primary forecasting satellites being off-line for 12 hours.
While the problem was quickly resolved, this hacking event demonstrated the vulnerability of U.S. government satellites not only to hacking, but to hacking by foreign agents. Far from being innocuous, the National Weather Service satellites provide information that is critical for U.S. farming and transportation interests and for natural disaster planning, to name only a few.
Weather satellites are, therefore, a key component of critical infrastructure—they provide environmental intelligence that alerts the public about disasters such as hurricanes and tornadoes days before they occur. For example, the National Weather Service satellites provided key intelligence that led to the early warning and evacuation notices prior to landfall of Superstorm Sandy. Even with those early warnings, Sandy caused an estimated $50 billion in damage when it hit the northeast region of the U.S. in 2012. With less notice, the economic damage would have been far higher.
Cybersecurity Report Sounds The Alarm
Last spring, cybersecurity advisory firm IOActive released a report detailing multiple vulnerabilities in a wide range of commercial and military satellite communications systems.v These vulnerabilities include digital backdoors built into computer codes, hard-coded credentials that allow easy access to devices, insecure language protocols, and weak encryption of communications channels.
The firm found that these vulnerabilities could allow hackers to intercept, manipulate, or block satellite communications.
“If one of these devices is compromised, the entire satellite communications infrastructure could be at risk,” the report said. “Ships, aircraft, military personnel, emergency services, and industrial facilities, which include oil rigs, water treatment plants and gas pipelines, could be affected.”vi
Vulnerabilities
Vulnerable Software
While kinetic dangers (i.e., being hit and/or damaged by stray objects such as meteorites or other satellites) remain rare, satellite systems are remarkably vulnerable to a range of cybersecurity issues and hostile attacks because they are hugely complex and expensive, take months to deploy, and the primary emphasis is on getting a working system that meets specification and the contract deliverables.
Most cyber exploit attacks take advantage of incomplete code that does not boundary check incoming data allowing for stack buffer overflow attacks. These are very prominent in embedded C and C++ systems and require an additional vulnerability assessment exercise, at great cost and time, in order to fully secure a system. In these cases an internal buffer may be overrun by an intentionally ‘malformed’ packet and code execution achieved by overwriting the area of memory where the return address resides. Once basic code execution is achieved, new threads and processes may be started and most, if not all, facilities within the system can be accessed.
Encryption
Encryption primarily ensures that the traffic through a satellite system cannot be overheard. For the most secure environments, the encryption is achieved outside of the actual satellite channels. Where encryption has been used on the satellite channels there are some examples where that encryption is so weak that it as been easily exploited.
Hard-coded Credentials And/Or Backdoors
Hard-coded credentials function as cybersecurity master keys, common back doors that allow service technicians to access multiple pieces of equipment with the same log-in credential and password.
Insecure Protocols
Weak system protocols could allow malicious actors access to satcom channels. Although, in most cases, care has been taken regarding the security of the protocol being used, there is invariable weakness that can be exploited.
Common Types Of Hacks
Further, due to their complexity, satellites and SATCOM systems are vulnerable to a range of hacks:
Denial of Service
A denial of service attack can occur in a number of ways, including ‘bricking’ the device, selective denial, denial based on position etc. These are the easiest hacks as most software vulnerabilities crash the device when exploited without too much trouble. In fact, it is the device crashing when ‘fuzzing’ a device that signals a vulnerability has been discovered.
Monitoring
Breaching a satellite’s communications channels enables hackers to access transmitted data due to the lack of sufficient encryption. In fact, a number of decryption packages that facilitate this illicit access are widely available for sale commercially, coming out of countries such as Russia, Israel and countries in the E.U.
NAT Pass-Through
Satellite modems generally are IP routers providing connectivity to various IT infrastructure on the LAN side of the terminal. With the built-in firewalls and NAT, there is protection in place to stop unauthorized access to the LAN side. However, once code execution is achieved on the terminal, these protections can be turned off and the NAT can by punched-through by outsiders, giving access to the LAN.
User Specific Data
All sorts of User specific data can be collected and sent back at the attackers’ convenience. This includes user logs, network credentials, connected nodes etc.
Mission-Critical Attention
SR Technologies was founded in 1999 to take advantage of the coming convergence of cellular, satellite communications and WiFi technologies foreseen by the company’s founder, SRT Group chief executive Rick Lund. SR Technologies’ original purpose was to deliver best-in-class satellite communications for mission-critical government applications and its products and services continue to support the most demanding government missions in the harshest environments worldwide.
Over the last 16 years, however, SR Technologies has evolved into the SRT Group of companies, with separate divisions for government, law enforcement, commercial, and aviation customers. Today, SRT Group collectively provides mission-critical satellite, WiFi and aviation technologies to major government, business, and non-governmental customers, domestic and international.
In partnership with the Thuraya Telecommunications Company, SRT Wireless developed the VIPturbo, a compact, single-board modem that operates as a software-defined radio (SDR) for advanced SATCOM. With versatile functionality across Thuraya’s network and the ability to be modified to support additional waveforms, the VIPturbo’s integrated WiFi enables users to connect and communicate via their own tablets and smartphones even in the most desolate and inaccessible locations.
This year, SRT is launching a next-generation satellite modem, the Afterburner. While the VIPturbo’s dimensions are equivalent to that of a paperback book, the Afterburner measures just 2 x 4-inches, the size of a business card. Furthermore, Afterburner requires 50 percent less power, enabling the modem to outperform competing products in weight, size, price and performance. Representing the latest evolution in SATCOM technologies, the new Afterburner satellite mode will inspire new inventive and affordable uses for satellite communications.
Cyber Hardening
Having discussed many of the vulnerabilities facing satellite and satcom channels today, we now turn our attention towards solutions—the steps that corporations, government agencies, satellite manufacturers and SATCOM vendors can and/or should take to protect their systems against cyber-attacks. There are various levels and barriers that can be put in place that continually raise the bar to make the system harder to exploit.
Vulnerability Testing
At SRT, cyber-hardening is incorporated into the design of product as a matter of course. Prior to deployment, VIPturbo and Afterburner modems are run through a series of vulnerability assessments and stress tests, in addition to the standard QA process. These tests identify, isolate, and resolve any software vulnerabilities or left over ‘debug’ mechanisms that could be exploited.
Encryption + Authentication
Operations and certain code execution cannot be performed until proper authentication and encryption and been achieved. Additionally, ensuring continued authentication and encryption goes a long way to securing the system.
Filesystem Verification
Much can be done to ensure only validated executable code is actually executed. For example, filesystems are validated on boot using dedicated hardware within the CPU. This then mitigates any permanent cyber exploit that would survive a reboot. In the latest SRT Platform, the TI OMAP secure boot and secure environment features are used to ensure the integrity of the executed code and filesystem.
SRT is confident that the safest cyber-hardened satellite communication channels available are delivered, products that can withstand cyberattacks using the latest technologies.
References
ihttp://resources.infosecinstitute.com/hacking-satellite-look-up-to-the-sky/, retrieved 2/10/15.
iihttp://telecoms.com/6151/tamil-tigers-hack-satellite/, retrieved 2/10/15.
iiihttp://www.theguardian.com/technology/2011/oct/27/chinese-hacking-us-satellites-suspected, retrieved 2/10/15.
ivhttp://www.washingtonpost.com/local/chinese-hack-us-weather-systems-satellite-network/2014/11/12/bef1206a-68e9-11e4-b053-65cea7903f2e_story.html, retrieved 2/10/15.
vhttp://blog.ioactive.com/2014/04/a-wake-up-call-for-satcom-security.html, retrieved 2/10/15.
viIbid.
Conrad Smith is the Chief Technology Officer of SRT Wireless. He joined SR Technologies, a forerunner of SRT Wireless, in 2004 and is responsible for all major architectural and design decisions as well as providing technical leadership to SRT’s Wireless’ engineering, software design and product development teams. He holds a Bachelor of Engineering with Honors in Electronic Engineering from the University of Hertfordshire in England.