What’s going on with cybersecurity in space | Kaspersky official blog

Credit to Author: Alexey Andreev| Date: Thu, 03 Feb 2022 14:32:08 +0000

It is common knowledge that fantasy authors love sending asteroids or pieces of the Moon careening toward Earth. But the film Moonfall, which is coming to a movie theater near you in February, focuses not on a natural disaster but on something that looks like an artificial, technology-based threat. And you may spot the name Kaspersky among the protection technologies used in this space thriller.

Don’t worry — we won’t be giving away any movie spoilers here. We’re more interested in exploring what a real-world space cyberthreat could involve. Fantasy authors grasped this long ago: in their work, someone often uses their home laptop to divert a missile or types in a single command that lets them hack a control center and wipe out an entire army of drones or at the last second they manage to crack the code for a docking airlock while shouting to their colleagues, “OK, now we just need to go through 600 billion combinations!” In another common story line, aliens in the form of radio signals penetrate the earthlings’ space research equipment and from there go on to hijack the Internet and the people connected to it. Pretty impressive, huh?

In reality, we aren’t yet seeing large-scale, successful cyberattacks on space technology. However, sometimes suspicions are raised. Some conspiracy theorists have blamed hackers for the latest failed launches of Russian probes to Mars. There is a certain logic to this: after all, way back in 1971, the Soviet spacecraft Mars-3 made the first soft landing on Mars, and even deployed the first Mars rover. So you’d think that things could only get better from there. But a quarter century later, in 1996, the Mars-96 spacecraft with four landers went up in flames shortly after launch. Another failure came in 2011, when Russia’s Phobos-Grunt, which was carrying Yinghuo-1, the first Chinese probe headed for Mars, launched unsuccessfully and then met its demise.

Of course, the official account of these accidents says nothing about hackers. But if you read this interview with the former Director General of Lavochkin Research and Production Association, it is clearly stated that there were major problems with security and that the hardware of the Mars spacecrafts could easily have been sabotaged before launch.

With stories like these in mind, a few years ago my colleagues and I held a space panel at a cybersecurity conference. On the whole, the presentations were interesting, but the space experts brought us back to Earth when it came to cyberattacks. They said that the traditional hacking schemes do not work with space control systems. In the classic approach, hackers buy a publicly available controller, download the firmware from the manufacturer, easily examine it on their own test bed and then attack the actual system by exploiting the vulnerabilities they find. But space technology is rather unique, so you need to spend years working on a given system before you know your way around it, and you won’t be able to find a second one just like it for tests.

That means that the main vulnerabilities are not “out there” but on Earth, the space system experts told us. They’re not the stuff that thrillers are made of — they’d be better suited to comedy. For example, suppose you receive secret data from a satellite and need to transfer it to a customer. How would you do that? Through the run-of-the-mill Internet with all its leaks. If you don’t want that, you can go old school: messengers carrying bulletproof briefcases.

Here’s another terrestrial story. In early September 2018, FBI agents evacuated the Sunspot Solar Observatory in New Mexico and shut it down for over a week. Were extraterrestrial beings behind this? After all, this is how Robert Charles Wilson’s fantasy novel “Blind Lake” and Ondřej Neff’s short story “White Cane 7.62” begin. But no, there was a simpler explanation: a janitor at the observatory was using the facility’s Wi-Fi to download child pornography.

But this doesn’t mean that everything is fine with cybersecurity in space and that we should just relax and laugh at those silly space movies. In fact, a lot has changed in the last few years. In the new space systems, analog hardware with its one-of-a-kind technologies is giving way to increasingly standardized digital solutions by well-known manufacturers. This isn’t surprising — after all, it is IT giants who are purporting to be 21st-century space leaders.

Exhibit A is SpaceX, backed by none other than Elon Musk, a founder of PayPal. Another company that is building spacecraft — still suborbital for the time being — is Blue Origin, which is the brainchild of Amazon founder Jeff Bezos. Then there was SpaceShipOne, which was funded by Paul Allen, who cofounded Microsoft with Bill Gates. SpaceShipOne later became Richard Branson’s SpaceShipTwo. Google is also trying to keep up in the new space race through its Lunar XPRIZE moon rover competition. Lastly, Mark Zuckerberg, who needs no introduction, has teamed up with Yuri Milner — the founder of Mail.ru and the DST Global venture capital fund — to create the Breakthrough Starshot interstellar probe project. In the next decade, Starshot is slated for launch to the closest exoplanet to Earth, Proxima Centauri b.

Obviously, transferring today’s IT industry to space brings with it all of the IT industry’s problems, from that unbearable Agile cult to hacker wars.

This affects communication satellites first and foremost. For example, back in the aughts, the Brazilian mafia came up with the idea of using US military satellites. They figured out that to receive high-quality, free, anonymous communication all they had to do was assemble a relatively simple antenna.

There is another feature that is especially valuable for cybercriminals: the physical inaccessibility of the satellites. Imagine a hacker group that controls botnets. To foil an attack by them, law enforcement agencies normally need to trace the address of the C&C center and then go to the provider and seize the server in question. But how do you seize a server if it’s physically located somewhere deep in the jungle and its address is flying in space? You’re out of luck. This is why APT groups such as Turla successfully use hacked satellite links for their activities.

And it’s entirely possible that the launch of the new low-orbiting satellite constellations OneWeb, Starlink and Sfera are helping hackers. Security experts are already detecting in these space projects the very same problems that the terrestrial IT industry has long been aware of. Manufacturers try to cut costs as much as possible, so to assemble and maintain large satellite constellations they use cheap, widely available components. A lot of those components aren’t analyzed for vulnerabilities since that would mean spending more money. At the same time, attackers can easily find these components on Earth and identify the vulnerabilities that are necessary for attacks, or even deploy these vulnerabilities in advance. In addition, there are still no state standards on satellite cybersecurity.

I’d like to conclude by mentioning another scenario for people who usually say, “This has nothing to do with me. I don’t have millions of dollars someone can steal or any servers that can be hacked.” If you’re one of those people, I suggest you watch the Russian fantasy film Invasion, which depicts a very realistic attack on ordinary people. Artificial intelligence from space that has taken over telecommunications begins calling all the humans, impersonating the voices of their bosses and relatives, and asking them to do certain things. The people agree and turn into an army of obedient zombies.

Setting aside the alien origin of the hijacking, this attack has familiar components: modern methods used by phone scammers combined with a more detailed collection of personal data (yes, this already happens), voice simulation (this also already exists), and attacks on satellites to hack telecom systems, which are also far from impossible, as you have surely understood by now.

In short, don’t sit back and assume that space hackers won’t reach you. Finish your Galactic Crunch cereal and glass of Tang and then update your space antivirus.


https://blog.kaspersky.com/feed/