Satellite Communications Need Protection

There are over two thousand satellites orbiting around the earth while hundreds of other geostationary satellites are being used for technology development, navigation, earth science, space science and earth observation. Now telecommunications companies are planning on launching dozens of new satellites regularly in hopes of providing high-speed broadband Internet access to the entire planet. 

Although sometimes overlooked,  it is now becoming obvious that satellites can be compromised by cyber criminals.  Now is the time for the formation of an international organisation, composed of satellite companies, scientists and government representatives, that should provide control over how many satellites orbit the Earth and how they are monitored and secured.

Amazon plans to create its own space-based Internet system, Project Kuiper, with the launch of more than 3,000 satellites.
That is a lot of satellites filling the skies over the next decade. While providing global Internet access the new telecoms satellites would open the doors to nearly 3 billion people who are currently offline, the launch of these “mega-constellations” of satellites has scientists and space officials worried about the impact of so many orbiting devices.

Some scientists fear that the sheer number of satellites could blot out the stars to the point where observations of the universe through Earth telescopes would be nearly impossible. They could also affect astronomy research by disrupting radio frequencies used for deep-space observation.

Private and government organisations depend on satellites for their important operations and services such as navigation, communications, imaging, remote sensing and weather and meteorological monitoring. 

Similarly, GPS technologies, mobile networks and electrical grids incessantly rely on satellite networks for their operations. 
This increasing proliferation of satellites is bringing increased security risks and concerns, as satellite communications are not as secure as generally perceived. Though satellite systems hold critical importance for our communication bandwidth at a global level, they are also gaining attention of cyber criminals.

Satellites are operated by systems based on earth, which are key targets of cyber criminals who look for security loopholes as a potential for hacking into the satellite system. The supposedly large number of system entry points including the internet near you also make it difficult to trace and mitigate cyber-attacks.  

If hackers intercept satellite signals, they can access the downstream system that connects with the satellite. This will enable the hacker to invade into an organisation’s entire network only by infiltrating a satellite’s ground station. 

Satellite Internet communications are susceptible to eavesdropping and signal interception by far-flung attackers located in a different continent or country from their victims. All they need is $300 worth of off-the-shelf equipment to pull it off, said James Pavur, a doctoral candidate at Oxford University, speaking at Black Hat 2020.

When a satellite ISP makes an Internet connection for a customer, it beams that customer’s signals up to a satellite in geostationary orbit within a narrow communications channel; that signal is then sent back down to a terrestrial receiving hub and routed to the Internet. However, when the response signals are sent back along the same path that transmission downlink between the satellite and the user will be a broadcast transmission, containing many customers’ traffic simultaneously. This means is that if they were able to perform an interception, adversaries could eavesdrop on vast sections of the globe.

The common assumption is that for an attacker to pull off this kind of signal interception, it takes money. However, higher-end professional PCIe tuner cards cost between $200 and $300 and there are cheaper versions in the $50 to $80 price range. 

The Oxford team took their set-up and applied it to real satellite Internet connections, finding that the satellite ISPs they examined did not seem to be employing encryption by default. 

As a result, they were able to listen in on feeds from a wide range of victim types, on land, at sea and in the air, as if they were the ISP themselves.“The Internet is a weird web with devices and systems that are connected in ways that you can never predict, you might connect to a secure Wi-Fi hotspot or a cell tower, but the next hop could be a satellite link or wiretapped Ethernet cable,” Pavur cautioned. 

Still, the possibility that 50,000 more satellites could be in orbit within a decade demands international attention and cooperation. Taking steps now to limit the impact could keep the skies clearer for future exploration.

US Air Force:    James Pavur:     Threatpost:   Wired:      CyberScoop:   SecurityInfoWatch:      Post Gazette:     Techcrunch

You Might Also Read: 

NASA's Daily Shutdown Threat:

 

« Industrial Robots Are Not Safe From Cyber Attack
Cyber Security Industry Growth Rate Will Reduce »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: How to improve your security posture with a web application firewall (WAF)

ON-DEMAND WEBINAR: How to improve your security posture with a web application firewall (WAF)

Watch this webinar to discover how a WAF goes beyond a standard firewall and helps you meet security industry compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Information Security Research Association (ISRA)

Information Security Research Association (ISRA)

ISRA is a non-profit organization focused on various aspects of Information Security including security research and cyber security awareness activities.

Wooxo

Wooxo

Wooxo provides business security and continuity solutions to protect business data for organisation of all sizes.

Conix

Conix

Conix offerings include Governance and Risk Management, Auditing and Penetration Testing, Digital Forensics, Managed Security Operations Centre (SOC).

Santa Monica Networks (SMN)

Santa Monica Networks (SMN)

Santa Monica Networks specializes in providing secure solutions for data networks and data centers.

KIOS Center of Excellence (KIOS CoE)

KIOS Center of Excellence (KIOS CoE)

KIOS carries out top level research in the area of Information and Communication Technologies (ICT) with emphasis on the Monitoring, Control and Security of Critical Infrastructures.

Uniwan

Uniwan

Uniwan is an IT services company specializing in networking and security.

Cyber Risk Aware

Cyber Risk Aware

Cyber Risk Aware provide a security awareness and phishing simulation platform that focuses on real threats and educates and empowers employees to be the first line of defence.

Tetrad Digital Integrity (TDI)

Tetrad Digital Integrity (TDI)

TDI is a world-class consulting firm offering cybersecurity services to government agencies and commercial clients around the world.

Scarlett Cybersecurity

Scarlett Cybersecurity

Scarlett Cybersecurity provide cybersecurity services to US private and public organizations with specific emphasis on compliance and cybersecurity incident prevention, detection, and response.

Active Countermeasures

Active Countermeasures

Active Countermeasures believe in giving back to the security community. We do this through free training, thought leadership, and both open source and affordable commercial tools.

BlueHalo

BlueHalo

BlueHalo is purpose-built to provide industry capabilities in the domains of Space Superiority and Directed Energy, Missile Defense and C4ISR, and Cyber and Intelligence.

xorlab

xorlab

xorlab is a Swiss cybersecurity company providing specialized, machine-intelligent defense against highly engineered, sophisticated and targeted email attacks.

Citadel Cyber Security

Citadel Cyber Security

Citadel is a leading 'One Stop Shop' provider of consulting services in cyber and information security. Our experts operate in hundreds of business organizations in Israel and around the world.

Private Client Cyber Security (PCCS)

Private Client Cyber Security (PCCS)

PCCS provides enterprise-grade cybersecurity consulting and services to professional practices, executives, athletes, and high net worth families.

Securance Consulting

Securance Consulting

Since 2002, Securance has empowered enterprises to assume proactive security, compliance, and risk management strategies.

Endure Secure

Endure Secure

Endure Secure is a managed cyber security & information security consultancy. Our passion for IS and our understanding of the threat landscape is reflected in the services that we provide.