How peering into the innards of a future satellite can make cybersecurity in space more palatable
Here at DEF CON 29, the Aerospace Village is alive and well, and aside from the repeated wailing of the neighboring car hacking village setting the car alarm off every 30 seconds, the hardware sitting here, called a Flat Sat, hopes to help make the future of satellite security somewhat more palatable.
This modular mashup of the guts of some future satellite – well, the unclassified bits anyway – features increasingly realistic targets for the security community to poke at. In years past, the big space companies were very interested in locking down everything in their spaceborne black boxes. Not here at DEF CON.
Space is the place
I was surprised by how many off-the-shelf parts are in this box, with more-or-less standard FPGA processor cores, I/O buses and the like. Rather than reinvent every piece of hardware and the communication protocols, they use standard I2C, SPI, variations of RS-422 and the like – things we know about.
For the Hack-A-Sat challenge, Flat Sat control is the eventual target. To make things more realistic (since, you know, putting a hack target in space is hard), the Fiat Sat simulates the sensor inputs. Those inputs are hoped to respond in ways representative of things actually in space. That means if you are able to gain access to and manipulate the outputs of the FPGA I/O pins, the “sensors” will respond, letting you know you “moved” the “satellite” and in what direction. Cool stuff.
Except you have to get to it first. If this were in space, that would mean you’d have to start with penetrating the ground station. Then you have to gain communication access to the actual “satellite”, then pivot across the architecture to get to the FPGA that controls things. After that you can try to make the device point to the sun, take a picture and try to burn out the camera sensor it doesn’t have. But it will sure act like it does.
When asked what the big aerospace companies think, staff at the village answered that they’re happy about it. I’m not sure that’s unbridled joy, or more resigned pseudo-joy, but if they’re willing to show up to the party, all the better.
It makes sense. Modular systems – including payloads, launch systems and systems interfaces – make sense, especially crowd-hardened ones, so you can focus on delivering the secret sauce you actually want to deliver high into the night sky.
And while satellites have tasty peripherals that do things like fire propulsion rockets for steering, manage solar energy and do the basics, they also have freakin’ lasers (for comms), which, in my opinion, is the sign of every good satellite.
They also have antimalware functionality, because malware in space is just so bad. They also have preventative measures in place like the ability to fail gracefully, reboot to standard functioning firmware in case bad things happen, and hopefully provide a “safe mode” so you can log in and fix things, assuming the propulsion hasn’t just sent your satellite straight in the direction of the sun at high speed. The hardware will stand extremes, but melting in the sun is probably beyond the scope of its design. At any rate, maybe it will send you cool pictures along the way, so don’t hack the camera.
Get worry-free complete website cleanup and protection
Our software continuously scans for malware using our accurate anti-malware database; your site continues to run stable after cleanup. Malware removal takes a moment, not hours. Compatible with PHP-based websites and popular frameworks like WordPress, Drupal, Joomla, DLE, etc.
Our website antivirus does more than just find and remove infected files on your website or put them in quarantine, It removes malicious code (redirections, trojans, backdoors, shell scripts, and other malicious code) from files like PHP, JS, HTML, images, and system files in seconds with high accuracy.