NO LONGER UNDER WARRANTY
by Lily Hay Newman / March 30, 2022
“Independent researchers and the United State military have become increasingly focused on orbiting satellites’ potential security vulnerabilities in recent years. These devices, which are built primarily with durability, reliability, and longevity in mind, were largely never intended to be ultra-secure. But at the ShmooCon security conference in Washington, DC on Friday, embedded device security researcher Karl Koscher raised questions about a different phase of a satellite’s life cycle: What happens when an old satellite is being decommissioned and transitioning to a “graveyard orbit”?
Koscher and his colleagues received permission last year to access and broadcast from a Canadian satellite known as Anik F1R, launched to support Canadian broadcasters in 2005 and designed for 15 years of use. The satellite’s coverage extends below the US southern border and out to Hawaii and the easternmost part of Russia. The satellite will move to its graveyard orbit soon, and nearly all other services that use it have already migrated to a new satellite.
But while the researchers could still talk to the satellite using special access to an uplink license and transponder slot lease, Koscher had the opportunity to take over and broadcast to the northern hemisphere. “My favorite thing was actually seeing it work!” Koscher tells WIRED. “It’s kind of unreal to go from making a video stream to having it broadcast across all of North America.” Koscher and his colleagues from the Shadytel telecommunications and embedded device hacking group broadcast a livestream from another security conference, ToorCon San Diego, in October.
At ShmooCon last week, he explained the tools they used to turn an unidentified commercial uplink facility (a station with a special powered dish to communicate with satellites) into a command center for broadcasting from the satellite. In this case, the researchers had permission to access both the uplink facility and the satellite, but the experiment highlights the interesting gray area when a defunct satellite is not being used but has not yet moved farther away from Earth to its final resting orbit.
“Technically, there are no controls on this satellite or most satellites—if you can generate a strong enough signal to make it there, the satellite will send it back down to the Earth,” Koscher explains. “People would need a big dish and a powerful amplifier and knowledge of what they were doing. And if a satellite were fully utilized, they would need to overpower whoever else was using that particular transponder spot or frequency.”
In other words, whoever yells loudest into a (geosynchronous orbiting) microphone will have their voice amplified the most, but it’s difficult to overpower established broadcasting giants—although not unprecedented. In 1986, for example, a hacker who called himself Captain Midnight broke into an HBO broadcast of The Falcon and the Snowman by hijacking the Galaxy 1 satellite signal. More recently, hackers have taken advantage of underutilized satellites for their own purposes.
In 2009, Brazilian Federal Police arrested 39 suspects on suspicion of hijacking US Navy satellites using high-powered antennas and other ad hoc gear for their own CB (citizens band) short-distance radio communications. Beyond independent hackers, Koscher points out that the lack of authentication and controls on satellites could allow countries to hijack each others’ equipment.
“One implication is that states who want to broadcast propaganda could do it without launching their own satellite, they could use another satellite if they have the ground equipment,” he says. Ang Cui, an embedded device security researcher who launched the NyanSat open source ground station project in 2020, notes that decommissioned satellites aren’t the only ones that could be hijacked. “One could take over even newish satellites,” he says.
But thinking about those in the end-of-life stages, he adds, “There definitely are things that are just hanging out up there.” One of Koscher’s colleagues, Falcon, notes that from a pluralistic, freedom-of-information perspective, satellite uplink capabilities could be reimagined as plentiful and available rather than exclusive and scarce. “What if this was just a universal utility,” Falcon says with a faraway look.”
RETIRED from SERVICE
Demo reveals vulnerability of decommissioned, but not dead, satellites
by B. David Zarley / April 14, 2022
“A group of security researchers have hacked a decommissioned communications satellite, called Anik F1R, originally shot into orbit in 2005. Embedded device security researcher Karl Koscher and his colleagues demonstrated that malicious hackers could potentially communicate with satellites that have been decommissioned but not yet moved into their final resting place — their “graveyard orbit.”
“Anik-F1R trajectory around Earth showing Geostationary transfer orbit“
With permission, the researchers were able to access the satellite and broadcast a signal across the northern hemisphere, WIRED’s Lily Hay Newman reported. “My favorite thing was actually seeing it work!” Koscher told Newman. “It’s kind of unreal to go from making a video stream to having it broadcast across all of North America.” Koscher has gone satellite hacking before — he was a member of ADDVulcan, a team that participated in DEF CON’s “Hack-a-Sat” challenge in 2020.
The US Air Force-backed capture the flag contest tasked teams with regaining control of a satellite captured by the enemy; the final challenge was to beam directions to a real satellite in orbit, ordering it to take a photo of the moon (a literal moonshot). Both Hack-a-Sat and Koscher’s recent satellite hacking are revealing of vulnerabilities floating in orbit around us.
While Koscher and company had permission to access the satellite and access to its commercial uplink facility, the demonstration shows that satellites that have ceased to be used but are still reachable could be rich targets for satellite hacking — if you have the means to talk to them. “Technically, there are no controls on this satellite or most satellites—if you can generate a strong enough signal to make it there, the satellite will send it back down to the Earth,” Koscher told Newman.
“People would need a big dish and a powerful amplifier and knowledge of what they were doing. And if a satellite were fully utilized, they would need to overpower whoever else was using that particular transponder spot or frequency.” Or, as Newman put it, whoever yells loudest into the space microphone gets to be heard.
Hackers have already taken advantage of under-the-radar, underutilized satellites, Newman reports. In 2009, the Brazilian Federal Police arrested 39 people for allegedly satellite hacking former US Navy satellites to use for their own CB communications. And the lack of security measures on most satellites means that governments could turn to satellite hacking. “One implication is that states who want to broadcast propaganda could do it without launching their own satellite,” he told Newman. “They could use another satellite if they have the ground equipment.”
BRAZILIAN SATELLITE SQUATTERS
a SATELLITE COMMONS