Satellite Communications Need Protection

Uploaded on 2020-08-24 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

There are over two thousand satellites orbiting around the earth while hundreds of other geostationary satellites are being used for technology development, navigation, earth science, space science and earth observation. Now telecommunications companies are planning on launching dozens of new satellites regularly in hopes of providing high-speed broadband Internet access to the entire planet. 

Although sometimes overlooked,  it is now becoming obvious that satellites can be compromised by cyber criminals.  Now is the time for the formation of an international organisation, composed of satellite companies, scientists and government representatives, that should provide control over how many satellites orbit the Earth and how they are monitored and secured.

Amazon plans to create its own space-based Internet system, Project Kuiper, with the launch of more than 3,000 satellites.
That is a lot of satellites filling the skies over the next decade. While providing global Internet access the new telecoms satellites would open the doors to nearly 3 billion people who are currently offline, the launch of these “mega-constellations” of satellites has scientists and space officials worried about the impact of so many orbiting devices.

Some scientists fear that the sheer number of satellites could blot out the stars to the point where observations of the universe through Earth telescopes would be nearly impossible. They could also affect astronomy research by disrupting radio frequencies used for deep-space observation.

Private and government organisations depend on satellites for their important operations and services such as navigation, communications, imaging, remote sensing and weather and meteorological monitoring. 

Similarly, GPS technologies, mobile networks and electrical grids incessantly rely on satellite networks for their operations. 
This increasing proliferation of satellites is bringing increased security risks and concerns, as satellite communications are not as secure as generally perceived. Though satellite systems hold critical importance for our communication bandwidth at a global level, they are also gaining attention of cyber criminals.

Satellites are operated by systems based on earth, which are key targets of cyber criminals who look for security loopholes as a potential for hacking into the satellite system. The supposedly large number of system entry points including the internet near you also make it difficult to trace and mitigate cyber-attacks.  

If hackers intercept satellite signals, they can access the downstream system that connects with the satellite. This will enable the hacker to invade into an organisation’s entire network only by infiltrating a satellite’s ground station. 

Satellite Internet communications are susceptible to eavesdropping and signal interception by far-flung attackers located in a different continent or country from their victims. All they need is $300 worth of off-the-shelf equipment to pull it off, said James Pavur, a doctoral candidate at Oxford University, speaking at Black Hat 2020.

When a satellite ISP makes an Internet connection for a customer, it beams that customer’s signals up to a satellite in geostationary orbit within a narrow communications channel; that signal is then sent back down to a terrestrial receiving hub and routed to the Internet. However, when the response signals are sent back along the same path that transmission downlink between the satellite and the user will be a broadcast transmission, containing many customers’ traffic simultaneously. This means is that if they were able to perform an interception, adversaries could eavesdrop on vast sections of the globe.

The common assumption is that for an attacker to pull off this kind of signal interception, it takes money. However, higher-end professional PCIe tuner cards cost between $200 and $300 and there are cheaper versions in the $50 to $80 price range. 

The Oxford team took their set-up and applied it to real satellite Internet connections, finding that the satellite ISPs they examined did not seem to be employing encryption by default. 

As a result, they were able to listen in on feeds from a wide range of victim types, on land, at sea and in the air, as if they were the ISP themselves.“The Internet is a weird web with devices and systems that are connected in ways that you can never predict, you might connect to a secure Wi-Fi hotspot or a cell tower, but the next hop could be a satellite link or wiretapped Ethernet cable,” Pavur cautioned. 

Still, the possibility that 50,000 more satellites could be in orbit within a decade demands international attention and cooperation. Taking steps now to limit the impact could keep the skies clearer for future exploration.

US Air Force:    James Pavur:     Threatpost:   Wired:      CyberScoop:   SecurityInfoWatch:      Post Gazette:     Techcrunch

You Might Also Read: 

NASA's Daily Shutdown Threat:

 

« Industrial Robots Are Not Safe From Cyber Attack
Cyber Security Industry Growth Rate Will Reduce »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CERT.BY

CERT.BY

The National Computer Emergency Response Team of the Republic of Belarus.

Advanced Resource Managers (ARM)

Advanced Resource Managers (ARM)

ARM provide specialist recruitment services for technology and engineering including cyber security.

Prevalent

Prevalent

Prevalent takes the pain out of third-party risk management. Companies use our services to eliminate the security and compliance exposures that come from working with vendors and suppliers.

Careers in Cyber Security (CiCS)

Careers in Cyber Security (CiCS)

CareersinCyberSecurity is a leading global job board and career resource for Cyber Security, IT Audit, Technology Risk and Data Protection professionals.

Blake, Cassels & Graydon (Blakes)

Blake, Cassels & Graydon (Blakes)

Blakes is one of Canada’s top business law firms serving national and international clients in specialist areas including cyber security.

Cybersecurity Professionals

Cybersecurity Professionals

Search vacancies from top cyber security jobs worldwide on CyberSecurity Professionals. View IT security jobs or upload your CV to be seen by recruiters from industry leading firms.

ST Engineering

ST Engineering

ST Engineering is a leading provider of trusted and innovative cybersecurity solutions.

Security Engineered Machinery (SEM)

Security Engineered Machinery (SEM)

SEM provides comprehensive end-of-life solutions for the protection of sensitive information in government and commercial markets.

Wynyard Group

Wynyard Group

Wynyard Group is a niche, technology-driven company specializing in Integrated Border Security solutions for enhanced public safety.

Vilnius Tech Park

Vilnius Tech Park

The region‘s most complex and integrated ICT hub, Vilnius Tech Park aims to attract and unite innovative talent from big data, cyber security, smart solutions, fintech and digital design.

Prove Identity

Prove Identity

Prove (formerly Payfone) is a leader in mobile & digital identity authentication for the connected world.

Privacyware

Privacyware

Privacyware's ThreatSentry combines a state-of-the-art Web Application Firewall and port-level firewall with advanced behavioral filtering to block unwanted IIS traffic and web application threats.

Sylint

Sylint

Sylint is an internationally recognized cyber security and digital data forensics firm with extensive experience discretely addressing some of today’s biggest cyber breaches.

Saiflow

Saiflow

SaiFlow provides a tailor-made cybersecurity solution for Electric Vehicles Charging Infrastructure (EVCI), Distributed Energy Resources (DERs) and energy networks and assets.

InQuest

InQuest

InQuest specialize in providing comprehensive network-based security solutions that empower organizations to protect their most critical assets: their people.

CarbonHelix

CarbonHelix

CarbonHelix provides cybersecurity services from US-based security operations centers that meet the highest compliance requirements.