Thales – the French multinational company that designs, develops and manufactures electrical systems as well as devices and equipment for the aerospace, defence, transportation and security sectors has just announced that they are the worlds first organisation to hack into an orbiting satellite.
Not a malicious attack!
Don’t worry – satellites aren’t about to come crashing down on our heads just yet – this was a planned and authorised ethical attack to see if it could be done, and if so, what potential damage could a threat actor do.
The attack took place at this years CYSAT event in Paris on the 26th & 27th April which is an event dedicated to cyber security for the space industry.
What did they do?
The Thales team of four cybersecurity researchers accessed the satellite’s onboard system, used standard access rights to gain control of its application environment, and then exploited several vulnerabilities to introduce malicious code into the satellite’s systems. This made it possible to compromise the data sent back to Earth, in particular by modifying the images captured by the satellite’s camera, and to achieve other objectives such as masking selected geographic areas in the satellite imagery while concealing their activities to avoid detection by ESA.
Dedicated flying Hack-Lab
The European Space Agency (ESA) launched OPS-SAT into a circular, polar orbit on the 18th December 2019 with the specific aim that it would be a dedicated orbiting hacking laboratory with a range of resources, including processors, field-programmable gate arrays (FPGAs), cameras, and an attitude determination and control system, all of which experimenters will be able to exploit for demonstrating new mission and operations concepts.
The satellite itself is only 30cm tall but, according to ESA contains an experimental computer “ten times more powerful than any current ESA spacecraft”.
The platform consists of an ‘Altera Cyclone V SoC’ with an ARM dual-core Cortex-A9 MPCore and a Cyclone V FPGA.
The processing platform runs Linux, as the operating system consists of a flexible and reconfigurable framework, featuring sophisticated processing capabilities, interfaces, memory integrity and reconfigurable logic.
In the press-release for OPS-SAT, ESA say that:
“The robustness of the basic satellite itself will give ESA flight control teams the confidence they need to upload and try out new, innovative control software submitted by experimenters; the satellite can be pushed to its limits but can always be recovered if something goes wrong.“
Currently, Over 100 companies and institutions from 17 European countries have registered experimental proposals to fly on OPS-SAT.
OPS-SAT is controlled from the dedicated SMILE (Special Mission Infrastructure Lab Environment) control room at ESOC in Germany.
