Satellite Communications Need Protection

Uploaded on 2020-08-24 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

There are over two thousand satellites orbiting around the earth while hundreds of other geostationary satellites are being used for technology development, navigation, earth science, space science and earth observation. Now telecommunications companies are planning on launching dozens of new satellites regularly in hopes of providing high-speed broadband Internet access to the entire planet. 

Although sometimes overlooked,  it is now becoming obvious that satellites can be compromised by cyber criminals.  Now is the time for the formation of an international organisation, composed of satellite companies, scientists and government representatives, that should provide control over how many satellites orbit the Earth and how they are monitored and secured.

Amazon plans to create its own space-based Internet system, Project Kuiper, with the launch of more than 3,000 satellites.
That is a lot of satellites filling the skies over the next decade. While providing global Internet access the new telecoms satellites would open the doors to nearly 3 billion people who are currently offline, the launch of these “mega-constellations” of satellites has scientists and space officials worried about the impact of so many orbiting devices.

Some scientists fear that the sheer number of satellites could blot out the stars to the point where observations of the universe through Earth telescopes would be nearly impossible. They could also affect astronomy research by disrupting radio frequencies used for deep-space observation.

Private and government organisations depend on satellites for their important operations and services such as navigation, communications, imaging, remote sensing and weather and meteorological monitoring. 

Similarly, GPS technologies, mobile networks and electrical grids incessantly rely on satellite networks for their operations. 
This increasing proliferation of satellites is bringing increased security risks and concerns, as satellite communications are not as secure as generally perceived. Though satellite systems hold critical importance for our communication bandwidth at a global level, they are also gaining attention of cyber criminals.

Satellites are operated by systems based on earth, which are key targets of cyber criminals who look for security loopholes as a potential for hacking into the satellite system. The supposedly large number of system entry points including the internet near you also make it difficult to trace and mitigate cyber-attacks.  

If hackers intercept satellite signals, they can access the downstream system that connects with the satellite. This will enable the hacker to invade into an organisation’s entire network only by infiltrating a satellite’s ground station. 

Satellite Internet communications are susceptible to eavesdropping and signal interception by far-flung attackers located in a different continent or country from their victims. All they need is $300 worth of off-the-shelf equipment to pull it off, said James Pavur, a doctoral candidate at Oxford University, speaking at Black Hat 2020.

When a satellite ISP makes an Internet connection for a customer, it beams that customer’s signals up to a satellite in geostationary orbit within a narrow communications channel; that signal is then sent back down to a terrestrial receiving hub and routed to the Internet. However, when the response signals are sent back along the same path that transmission downlink between the satellite and the user will be a broadcast transmission, containing many customers’ traffic simultaneously. This means is that if they were able to perform an interception, adversaries could eavesdrop on vast sections of the globe.

The common assumption is that for an attacker to pull off this kind of signal interception, it takes money. However, higher-end professional PCIe tuner cards cost between $200 and $300 and there are cheaper versions in the $50 to $80 price range. 

The Oxford team took their set-up and applied it to real satellite Internet connections, finding that the satellite ISPs they examined did not seem to be employing encryption by default. 

As a result, they were able to listen in on feeds from a wide range of victim types, on land, at sea and in the air, as if they were the ISP themselves.“The Internet is a weird web with devices and systems that are connected in ways that you can never predict, you might connect to a secure Wi-Fi hotspot or a cell tower, but the next hop could be a satellite link or wiretapped Ethernet cable,” Pavur cautioned. 

Still, the possibility that 50,000 more satellites could be in orbit within a decade demands international attention and cooperation. Taking steps now to limit the impact could keep the skies clearer for future exploration.

US Air Force:    James Pavur:     Threatpost:   Wired:      CyberScoop:   SecurityInfoWatch:      Post Gazette:     Techcrunch

You Might Also Read: 

NASA's Daily Shutdown Threat:

 

« Industrial Robots Are Not Safe From Cyber Attack
Cyber Security Industry Growth Rate Will Reduce »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

AlgoSec

AlgoSec

The AlgoSec platform enables the world’s most complex organizations to gain visibility, reduce risk and process changes at zero-touch across the hybrid network.

DLA Piper

DLA Piper

DLA Piper is a global law firm with offices throughout the Americas, Asia Pacific, Europe and the Middle East. Practice areas include Cybersecurity.

RSA Insurance Group

RSA Insurance Group

RSA is one of the world’s leading multinational quoted insurance groups. Commercial services include cyber risk insurance.

IMS Networks

IMS Networks

IMS Networks specializes in the design and management of high criticality networks and telecoms services including network security and Managed Security Services.

Referentia

Referentia

Referentia leads the development of critical infrastructure solutions that benefit society, including cyber security and network performance management.

National Institute of Information and Communications Technology (NICT) - Japan

National Institute of Information and Communications Technology (NICT) - Japan

NICT is Japan’s sole National Research and Development Agency specializing in the field of information and communications technology.

Cyber Defense Labs

Cyber Defense Labs

Cyber Defense Labs helps companies identify, mitigate and reduce risk as a trusted, reliable partner for cyber risk management.

DataArt

DataArt

DataArt is a global technology consultancy that designs, develops and supports unique software solutions. Areas of activity include software security testing.

Dualog

Dualog

Dualog provides a maritime digital platform which ensures that services work reliably and securely onboard.

ICS-CSR

ICS-CSR

ICS-CSR is a research conference bringing together researchers with an interest in the security of industrial control systems.

German Israeli Partnership Accelerator (GIPA)

German Israeli Partnership Accelerator (GIPA)

GIPA is based on two pillars: it is an incubator aimed at young academics and a program to transfer cybersecurity expertise to corporate partners.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Aigner Business Solutions

Aigner Business Solutions

Aigner Business Solutions GmbH is a specialist in IT-Security and Data Protection. Concise and focussed.

Apex Systems

Apex Systems

Apex Systems is a world-class technology services business that incorporates industry insights and experience to deliver solutions that fulfill our clients’ digital visions.

CertX

CertX

CertX is a Swiss functional safety, cybersecurity and artificial intelligence certification body.

Emergence Insurance

Emergence Insurance

Emergence is an insurance underwriting agency, focused on providing insurance solutions to help protect businesses and families against their cyber risks.