Why blow up satellites when you can just hack them?
Black Hat Four countries have now tested anti-satellite missiles (the US, China, Russia, and India), but it's much easier and cheaper just to hack them.
In a briefing at the Black Hat conference in Las Vegas, Milenko Starcik and Andrzej Olchawa from German biz VisionSpace Technologies demonstrated how easy it is by exploiting software vulnerabilities in the software used in the satellites themselves, as well as the ground stations that control them.
"I used to work at the European Space Agency on ground station IT and got sick of telling them what was wrong and not having them fix it," Olchawa told The Register, "So I decided to go into business to do it myself."
Satellites are proliferating. In 2005, there were fewer than 1,000 in orbit (many of them inactive). But two decades later, there are about 12,300 functioning satellites, per the European Space Agency. The majority of those are Starlink satellites owned by Elon Musk's SpaceX, but there has also been a sharp rise in the number of military platforms thanks to rising global tensions. Plus, it's cheaper than ever to build and launch such hardware, they explained.
The software used to manage this proliferation isn't always secure. Take Yamcs, for example, an open source application that is used by NASA and Airbus to communicate with and control satellites in orbit. The team found five separate CVEs in the code that would allow an attacker a free run of the application for total control.
