A team of four cybersecurity researchers from the multinational technology company Thales was successful in hacking into a nanosatellite belonging to the European Space Agency (ESA). The attempt was carried out as part of ESA’s cybersecurity exercise as part of its CYSAT conference.
With countries opening up space to private players, there is a surge in the number of satellites orbiting the planet. A hacked satellite is a potential concern for governments around the world and it can be used to transmit sensitive information or even be weaponized. The ESA introduced the Hack CYSAT challenge, the first of its kind in the world to understand the potential impact of a real cyberattack.
How hackers gained control of a Nanosatellite
The satellite made available for this challenge was the OPS-SAT demonstration nanosatellite that was launched in 2019. According to a press release from Thales, the team of cybersecurity researchers accessed the satellite’s onboard system and “used standard access rights to gain control of its application environment.”
The intrusion allowed the hackers to gain access to the satellite’s global positioning system attitude control system as well as its onboard camera. The researchers also exploited several vulnerabilities in the satellite which allowed them to enter malicious code into the satellite’s system.
Doing so, let the researchers compromise the data the satellite was sending back to Earth, especially by modifying the images captured by the onboard camera. In addition to this, the hackers could also mask selected geographical areas visible in the satellite imagery to simulate the hiding of activities therein.
The ESA remained in control of the satellite during the test and also returned it to normal operation later on, so there isn’t a nanosatellite spiraling out of control in orbit as of now.
“This unprecedented exercise was a chance to raise awareness of potential flaws and vulnerabilities so that they can be remediated more effectively, and to adapt current and future solutions to improve the cyber resilience of satellites and space programs in general, including both ground segments and orbital systems,” said Pierre-Yves Jolivet, VP Cyber Solutions at Thales in a press release.
While the vulnerabilities of the ESA satellite are worrying, those in the commercial satellites are a greater cause of concern. Last year, Interesting Engineering reported how a hacker built a $25 tool to hack into SpaceX’s Starlink system which has a constellation of nearly 3,600 satellites in low-Earth orbit
A Bloomberg report last month stated that Russia managed to hack into several mainstream satellite internet systems in February last year. Around the same time, hacker group Anonymous claimed that it had hacked into Russian spy satellites in response to its invasion of Ukraine, a charge Russia denied.
