Satellite Communications Need Protection

There are over two thousand satellites orbiting around the earth while hundreds of other geostationary satellites are being used for technology development, navigation, earth science, space science and earth observation. Now telecommunications companies are planning on launching dozens of new satellites regularly in hopes of providing high-speed broadband Internet access to the entire planet. 

Although sometimes overlooked,  it is now becoming obvious that satellites can be compromised by cyber criminals.  Now is the time for the formation of an international organisation, composed of satellite companies, scientists and government representatives, that should provide control over how many satellites orbit the Earth and how they are monitored and secured.

Amazon plans to create its own space-based Internet system, Project Kuiper, with the launch of more than 3,000 satellites.
That is a lot of satellites filling the skies over the next decade. While providing global Internet access the new telecoms satellites would open the doors to nearly 3 billion people who are currently offline, the launch of these “mega-constellations” of satellites has scientists and space officials worried about the impact of so many orbiting devices.

Some scientists fear that the sheer number of satellites could blot out the stars to the point where observations of the universe through Earth telescopes would be nearly impossible. They could also affect astronomy research by disrupting radio frequencies used for deep-space observation.

Private and government organisations depend on satellites for their important operations and services such as navigation, communications, imaging, remote sensing and weather and meteorological monitoring. 

Similarly, GPS technologies, mobile networks and electrical grids incessantly rely on satellite networks for their operations. 
This increasing proliferation of satellites is bringing increased security risks and concerns, as satellite communications are not as secure as generally perceived. Though satellite systems hold critical importance for our communication bandwidth at a global level, they are also gaining attention of cyber criminals.

Satellites are operated by systems based on earth, which are key targets of cyber criminals who look for security loopholes as a potential for hacking into the satellite system. The supposedly large number of system entry points including the internet near you also make it difficult to trace and mitigate cyber-attacks.  

If hackers intercept satellite signals, they can access the downstream system that connects with the satellite. This will enable the hacker to invade into an organisation’s entire network only by infiltrating a satellite’s ground station. 

Satellite Internet communications are susceptible to eavesdropping and signal interception by far-flung attackers located in a different continent or country from their victims. All they need is $300 worth of off-the-shelf equipment to pull it off, said James Pavur, a doctoral candidate at Oxford University, speaking at Black Hat 2020.

When a satellite ISP makes an Internet connection for a customer, it beams that customer’s signals up to a satellite in geostationary orbit within a narrow communications channel; that signal is then sent back down to a terrestrial receiving hub and routed to the Internet. However, when the response signals are sent back along the same path that transmission downlink between the satellite and the user will be a broadcast transmission, containing many customers’ traffic simultaneously. This means is that if they were able to perform an interception, adversaries could eavesdrop on vast sections of the globe.

The common assumption is that for an attacker to pull off this kind of signal interception, it takes money. However, higher-end professional PCIe tuner cards cost between $200 and $300 and there are cheaper versions in the $50 to $80 price range. 

The Oxford team took their set-up and applied it to real satellite Internet connections, finding that the satellite ISPs they examined did not seem to be employing encryption by default. 

As a result, they were able to listen in on feeds from a wide range of victim types, on land, at sea and in the air, as if they were the ISP themselves.“The Internet is a weird web with devices and systems that are connected in ways that you can never predict, you might connect to a secure Wi-Fi hotspot or a cell tower, but the next hop could be a satellite link or wiretapped Ethernet cable,” Pavur cautioned. 

Still, the possibility that 50,000 more satellites could be in orbit within a decade demands international attention and cooperation. Taking steps now to limit the impact could keep the skies clearer for future exploration.

US Air Force:    James Pavur:     Threatpost:   Wired:      CyberScoop:   SecurityInfoWatch:      Post Gazette:     Techcrunch

You Might Also Read: 

NASA's Daily Shutdown Threat:

 

« Industrial Robots Are Not Safe From Cyber Attack
Cyber Security Industry Growth Rate Will Reduce »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Magnet Forensics

Magnet Forensics

Magnet Forensics' family of digital forensics products are used globally by thousands of law enforcement, military, government and corporate customers.

Korea Internet & Security Agency (KISA)

Korea Internet & Security Agency (KISA)

KISA is committed to improving the competitiveness, reliability and security of Internet information and knowledge in Korea.

Innotec Security

Innotec Security

Innotec Security is a Spanish company specializing in cybersecurity-as-a-service, cyber resilience and cyber risk management.

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC) is one of the most distinguished Cybersecurity, Privacy and Information Security Conference in Thailand and Southeast Asia.

Miratech

Miratech

Miratech is a global IT services and consulting organization offering a full range of IT infrastructure solutions and services including cyber security.

Data Protection People

Data Protection People

Data Protection People are specialists in Data Privacy, Governance, and Information Security.

Department of Justice - Computer Crime and Intellectual Property Section (CCIPS)

Department of Justice - Computer Crime and Intellectual Property Section (CCIPS)

The Computer Crime and Intellectual Property Section (CCIPS) is responsible for implementing the Department's national strategies in combating computer and intellectual property crimes worldwide.

Korn Ferry

Korn Ferry

Korn Ferry is a global organizational consulting firm, synchronizing strategy and talent to drive superior performance for our clients in key areas including cybersecurity.

Collins Aerospace

Collins Aerospace

Collins Aerospace provides cybersecurity services and systems to protect critical infrastructure facilities and railroad operations.

Pelta Cyber Security

Pelta Cyber Security

Pelta Cyber Security is the cyber security consulting and solutions division of Softworld Inc. We provide staffing and recruitment services as well as consulting and solutions for outsourced projects.

DatChat

DatChat

DatChat Inc. is a blockchain, cybersecurity, and social media company that focuses on protecting privacy on our devices and also protecting our information after we have shared it with others.

CyberX9

CyberX9

CyberX9 helps you protect against a wide range of cyber attacks whether you are a business or a high-net worth individual under risk.

Security BSides Cayman Islands

Security BSides Cayman Islands

Security BSides is a non-profit, community-driven event built for and by information security community members. Our aim is to help build an Information Security community in the Cayman Islands.

Togggle

Togggle

Togggle offers seamless identity verification solutions and distributed infrastructure, enabling organizations to combat fraud and ensure compliance with data protection regulations.

Techtron Business IT Services

Techtron Business IT Services

TECHTRON has been providing business IT services since 2004. Our focus is on SMBs and we are good at it. Our customers trust us, they love our high levels of service, and they love what we stand for.

Strobes Security

Strobes Security

Strobes is among the world’s first cybersecurity platforms specifically designed for end-to-end continuous threat exposure management.