A very good introduction by IndianZ (Martin Rutishauser) about Satellite Hacking. He also brought up some information that missed in my satellite hacking talks. Highly recommended for those who are interested in the subject.
1. Satellite Hacking
Intro by IndianZ
1
http://earthobservatory.nasa.gov/Features/Aerosols/page5.php
2. Whoami
# Datalynx, Basel
# Penetration Testing, IT-Forensic, *Security
# ISECOM OSSTMM
# Certified Tester OPST/Analyst OPSA
# University, Lucerne
# Master of Adv. Studies in Information Security
# Teaching CAS/MAS Information Security
# Security Articles, Demos, Speeches
# Computerworld, Digicomp and Hashdays
# https://www.indianz.ch/ 2
3. Disclaimer
# FX talked about satellite hacking @ berlinsides 6 months
ago (unpublished)
# A wish, more people of the community would join this topic
# So I started investigation into satellite technology, digital
video broadcasting and ham amateur radio
# Nights of research, gathered more than 3.6 GB public data
# Just started, not yet fully there where I want(ed) to be
# But for now, please fasten seatbelts for a short trip to space
3
7. Definitions II/II
# Launch = Bring satellite with transport vehicle into orbit
# VSAT = Very Small Aperture Terminal (dish2dish)
# Doppler effect/shift = Radio RX/TX moving
# Beacon = Modulated Oscillator (telemetry)
# Transponder = Transmitter and responder (relay)
# Transceiver = Transmitter and receiver
# Apogee = Biggest Distance to Earth
# Perigee = Smallest Distance to Earth
# TT&C = Telemetry, Tracking & Command 7
8. Example TT&C Leuk CH
8
http://de.wikipedia.org/wiki/Onyx_%28Abh%C3%B6rsystem%29
9. History
# First Russian satellite: Sputnik 1957-10-04
# First US satellite: Explorer1 19580131
# First TV satellite: Telstar1 AT&T 1962
# First Geostationary: Syncom2 1963
# First Swiss: Swisscube 2009
# GPS: 24 satellites 1978 ( 1994)
# Hubble Telescope: 1990
# MIR: 1986 – 2001
# ISS: 1998 ? 9
http://en.wikipedia.org/wiki/Sputnik_1
10. Launches
# About 4'000 launches overall (?)
# About 100 launches in 2012
# Multiple payloads possible
# Nowadays approximately 3'000 satellites living (?)
# Operating lifespan between 5 to 20 years
# About 20 countries are “in space”
# About 22 official launch sites worldwide
10
11. Countries in space
# USA, Russia, Japan, China, France, India, Israel,
Australia, UK, Canada, Germany, Italy, Austria, Indonesia,
Brazil, Sweden, Luxembourg, Argentina, Saudi Arabia,
South Korea
# ESA (European Space Agency): Austria, Belgium, Czech
Republic, Denmark, Finland, France, Germany, Greece,
Ireland, Italy, Luxembourg, Netherlands, Norway, Portugal,
Romania, Spain, Sweden, UK, Switzerland
# Private Organizations (Space Adventures, Virgin Galatic,
RocketShip Tours, …)
# Work in progress: North Korea, Iran, …
11
13. Orbits I/II
# LEO: Low Earth Orbit (circular orbit: 6.9 to 7.8 km/s), 200 to 1200 km
(elliptic orbit: 6.5 to 8.2 km/s)
# GTO: Geostationary Transfer Orbit, 200-800 km perigee / 36.000 km
apogee
# MEO: Medium Earth Orbit, 1.000 to 36.000 km
# GSO/IGSO: Geo Synchronous Orbit / Inclined GSO, 23h56min04s
around earth (analemma → 8)
# GEO: Geo Stationary Orbit (3.1 km/s), 35.786 km
# HEO: Highly Elliptical Orbit, Molniya (1.5 to 10.0 km/s), 200 to 15.000
km / 50.000 to 400.000 km
# Graveyard: around 335.786 km
# SSO: Sun Synchronous Orbit 13
29. Communication II/III
29
www.inetdaemon.com/tutorials/satellite/communications/frequencybands/index.shtml
30. Communication III/III
# If !geo-stationary, object will move fast
# Time window for communication
# 5-10 minutes or 15-20 minutes
# Antennas need to follow the object (rotors)
# Doppler-Shift correction
# + approaching/- leaving
# Space weather influence
# Solar flares, plasma
# Electromagnetic waves, geomagnetics 30
http://www.hamqsl.com/solarvhf.gif
37. Past publications
# 2012 B.Driessen and R.Hund: Don‘t Trust Satellite Phones
# 2011 M.Moeckel: Space Debris
# 2011 J.Geovedi, R.Iryandi, R. Chiesa: Hacking a Bird in the Sky 2.0
# 2009 J.Geovedi, R. Iryandi: Hacking Satellite: A New Universe to Discover
# 2009 L.Nve Egea, Ch.Martorella: Playing in a Satellite Environment 1.2
# 2009 A.Laurie: $atellite Hacking for Fun & Pr0fit!
# 2008 J.Geovedi, R.Iryandi, A.Zboralski: Hacking a Bird in the Sky: Exploiting Satellite
Trust Relationship
# 2006 J.Geovedi, R.Iryandi: Hacking a Bird in the Sky: Hijacking VSAT Connection
# 2006 A.Adelbach: Broadcasting by Misuse of Satellite ISPs
# 2004 Warezzman: DVB Satellite Hacking
# 1998 D.Veeneman: Future & Existing Satellite Systems
37
# 1996 D.Veeneman: Low Earth Orbit Satellites
38. Hackers :p
# Satellite hackers come normally from 2
technology backgrounds:
# 1) DVB-S Scene
# 2) HAM Amateur Radio Scene
38
39. Digital Video Broadcasting
# DVB-T
# DVB Terrestrial, ETSI EN 300744 1997
# DVB-S/2
# DVB Satellite, ETSI EN 300421 1997/S2 EN 302307 2005
# DVB-C/2 = Cable
# DVB Cable, ETSI EN 300429 1994/C2 EN 302755 1998
# DVB-H = Handheld
# DVB-SH = Handheld over Satellite 39
41. HAM radio
# HAM = Amateur Radio Operator
# Acronym for Hertz,Armstrong,Marconi (3 radio pioneers)
# A poor operator, a plug. (G.M.Dodge's telegraph instructor)
# Amateur radio license by governmental regulatory
authority (Bakom in CH), registered call sign
# About 3 million HAM operators worldwide
# USKA: Union Schweizer Kurzwellen-Amateure
# Visit them @ the #center!
41
42. HAM frequencies
42
http://en.wikipedia.org/wiki/Amateur_radio
45. Press citations :p
# Satellites could come under cyber siege...
# Aging fleet has become a prime target ...
# We’re going to fight from space and we’re going
to fight into space...
# Malicious cyber activities directed against U.S.
satellites...
# Satellite-based networks: at risk from hackers...
# Attacks against satellite systems...
45
46. Top 10 threats I/II
# Tracking
# Tracking: over web data and software
# Listening
# Listening: the right equipment, frequencies and location
# Interacting
# Interacting: protocols and authentication used, radio
transmissions need official license!
# Using
# Take over a bird (or a TT&C), use payloads, make pictures,
transmit something (DVB or radio)
# Scanning/attacking
# Anonymous PoC 2010 by Leonardo Nve Egea
# Scanning, DoS and spoofing possible
46
47. Top 10 threats II/II
# Breaking
# Old technologies used: up to 20 (!) years lifespan
# X.25 used (→ x25bru.c and http://www.0xdeadbeef.info/ ;)
# GRE used (→ IRPAS + gre.c from Phenoelit ;)
# Jamming
# Frequencies are known, you are in range and have power ;)
# Mispositioning
# Raging transponder spoofing, direct commanding, command
replay, insertion after confirmation but prior to execution
# Grilling
# Activating all solar panels when exposed to sun (!)
# Overcharging energy system (charge controller?)
# Collisioning?
47
49. Collisions
# 1978 Kessler syndrome (aka Kessler effect, collisional
cascading or ablation cascade)
# 8 known high speed collisions
# 1985 US antisatellite missile test (P78-1)
# 1996 Cerise satellite collided with space debris
# 2006 Satellite collision (Dart/Mublcom)
# 2007 Chinese anti-satellite missile test (Fengyun)
# 2009 Satellite collision (Iridium 33/Kosmos-2251)
# 3 times space debris collided with Mir station
49
50. Known hacking cases
● 2012 Iridium/Inmarsat phones, german researchers
● 2010 Anonymous scan/attack over satellites, L. N. Egea
● 2009 Predator drones (DVB Skygrabber) Afghanistan
● 2009 FLTSAT-8, Brasilian hackers, socker radio chats
● 2008 Landsat-7/Terra AM-1 over Norway TT&C (.CN?)
● 2007 Intelsat broadcast, Liberation Tigers of Tamil Eelam
● 2002 Sinosat-1 broadcast, Falun Gong banner China TV
● 1990 Pay-TV Decoding (Premiere Europe)
● 1990 Freeloaders, pr0n/ free phone calls over satellites
● 1980 Satellite radio listening, signals decoding
50
52. Satellite Future
# NASA did stop shuttle usage (because of costs and
accidents) in 2011
# ISS now gets logistics over SpaceX Dragon space
capsule (US private organization) or Sojuz (TMA-M)
spacecrafts (Russia)
# NASA plans to be back in space with Space Launch
System (SLS) by 2017 and permanent moon base by
2024
# China plans own space station by 2020
52
53. Personal Outlook
# I‘m not alone in the community covering this topic
# Highly complex field, merged technologies
# Not much proof-of-concepts yet completed
# Preparing for HAM radio license (to be able to send)
# Just started investigating, expect more to come
# If somebody wants to join the research, feel free :)
# Especially guys with DVB experience are welcome ;)
53