Satellite Communications Need Protection

Uploaded on 2020-08-24 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

There are over two thousand satellites orbiting around the earth while hundreds of other geostationary satellites are being used for technology development, navigation, earth science, space science and earth observation. Now telecommunications companies are planning on launching dozens of new satellites regularly in hopes of providing high-speed broadband Internet access to the entire planet. 

Although sometimes overlooked,  it is now becoming obvious that satellites can be compromised by cyber criminals.  Now is the time for the formation of an international organisation, composed of satellite companies, scientists and government representatives, that should provide control over how many satellites orbit the Earth and how they are monitored and secured.

Amazon plans to create its own space-based Internet system, Project Kuiper, with the launch of more than 3,000 satellites.
That is a lot of satellites filling the skies over the next decade. While providing global Internet access the new telecoms satellites would open the doors to nearly 3 billion people who are currently offline, the launch of these “mega-constellations” of satellites has scientists and space officials worried about the impact of so many orbiting devices.

Some scientists fear that the sheer number of satellites could blot out the stars to the point where observations of the universe through Earth telescopes would be nearly impossible. They could also affect astronomy research by disrupting radio frequencies used for deep-space observation.

Private and government organisations depend on satellites for their important operations and services such as navigation, communications, imaging, remote sensing and weather and meteorological monitoring. 

Similarly, GPS technologies, mobile networks and electrical grids incessantly rely on satellite networks for their operations. 
This increasing proliferation of satellites is bringing increased security risks and concerns, as satellite communications are not as secure as generally perceived. Though satellite systems hold critical importance for our communication bandwidth at a global level, they are also gaining attention of cyber criminals.

Satellites are operated by systems based on earth, which are key targets of cyber criminals who look for security loopholes as a potential for hacking into the satellite system. The supposedly large number of system entry points including the internet near you also make it difficult to trace and mitigate cyber-attacks.  

If hackers intercept satellite signals, they can access the downstream system that connects with the satellite. This will enable the hacker to invade into an organisation’s entire network only by infiltrating a satellite’s ground station. 

Satellite Internet communications are susceptible to eavesdropping and signal interception by far-flung attackers located in a different continent or country from their victims. All they need is $300 worth of off-the-shelf equipment to pull it off, said James Pavur, a doctoral candidate at Oxford University, speaking at Black Hat 2020.

When a satellite ISP makes an Internet connection for a customer, it beams that customer’s signals up to a satellite in geostationary orbit within a narrow communications channel; that signal is then sent back down to a terrestrial receiving hub and routed to the Internet. However, when the response signals are sent back along the same path that transmission downlink between the satellite and the user will be a broadcast transmission, containing many customers’ traffic simultaneously. This means is that if they were able to perform an interception, adversaries could eavesdrop on vast sections of the globe.

The common assumption is that for an attacker to pull off this kind of signal interception, it takes money. However, higher-end professional PCIe tuner cards cost between $200 and $300 and there are cheaper versions in the $50 to $80 price range. 

The Oxford team took their set-up and applied it to real satellite Internet connections, finding that the satellite ISPs they examined did not seem to be employing encryption by default. 

As a result, they were able to listen in on feeds from a wide range of victim types, on land, at sea and in the air, as if they were the ISP themselves.“The Internet is a weird web with devices and systems that are connected in ways that you can never predict, you might connect to a secure Wi-Fi hotspot or a cell tower, but the next hop could be a satellite link or wiretapped Ethernet cable,” Pavur cautioned. 

Still, the possibility that 50,000 more satellites could be in orbit within a decade demands international attention and cooperation. Taking steps now to limit the impact could keep the skies clearer for future exploration.

US Air Force:    James Pavur:     Threatpost:   Wired:      CyberScoop:   SecurityInfoWatch:      Post Gazette:     Techcrunch

You Might Also Read: 

NASA's Daily Shutdown Threat:

 

« Industrial Robots Are Not Safe From Cyber Attack
Cyber Security Industry Growth Rate Will Reduce »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Integrity360

Integrity360

Integrity360 provide fully managed IT security services as well as security testing, integration, GRC and incident handling services.

OpenSphere

OpenSphere

OpenSphere is an IT company providing security consultancy, information system risk management and security management services.

Italian Association of Critical Infrastructure Experts (AIIC)

Italian Association of Critical Infrastructure Experts (AIIC)

AIIC acts as a focal point in Italy for expertise on the protection of Critical Infrastructure including ICT networks and cybersecurity.

Team8

Team8

Team8 is Israel’s most prestigious cybersecurity think tank and venture creation foundry.

NordForsk

NordForsk

NordForsk facilitates and provides funding for Nordic research cooperation and research infrastructure. Project areas include digitalisation and digital security.

CyberGreen Institute

CyberGreen Institute

The CyberGreen Institute is a global non-profit and collaborative organization conducting activities focused on helping to improve the health of the global Cyber Ecosystem.

Information System Authority (RIA) - Estonia

Information System Authority (RIA) - Estonia

RIA ensures the interoperability of the state’s information system, organises activities related to information security, and handles security incidents in Estonian computer networks.

Unit21

Unit21

Unit21 helps protect businesses against adversaries through a simple API and dashboard for detecting and managing money laundering, fraud, and other sophisticated risks across multiple industries.

Neosec

Neosec

We’re reinventing API security. Understanding behavior requires data, analytics, and intelligence. Neosec brings XDR techniques to application security.

ViewDS Identity Solutions

ViewDS Identity Solutions

ViewDS Identity Solutions develops innovative identity software including cloud identity management solutions, directory services, access and authorization management solutions.

StrongBox IT

StrongBox IT

Strongbox IT provides solutions to secure web applications and infrastructure.

OSP Cyber Academy

OSP Cyber Academy

OSP Cyber Academy are a managed service provider of cyber, information security and data protection training.

Vector Choice Technologies

Vector Choice Technologies

Vector Choice Technology Solutions has a long standing reputation in cyber security consulting since 2008.

CMIT Solutions

CMIT Solutions

CMIT Solutions is a recognized leader in Managed IT Services for businesses. We empower businesses like yours by providing innovative technology solutions, managed IT services and cybersecurity.

Secolve

Secolve

Secolve is Australia’s next generation OT specialist cyber security firm, working with key industries to protect the nation’s critical infrastructure.

Tracer

Tracer

Tracer (formerly Appdetex) is a next-generation brand protection solution. It constantly finds, analyzes, and stops brand abuse across Web2 and Web3 digital channels.