Securing the Stars: Comprehensive Analysis of Modern Satellite Vulnerabilities and Emerging Attack Surfaces
2024-10-23 , Europe - Main Room

This talk provides an extensive overview of security challenges in satellite systems. It covers vulnerabilities across space, ground, link, and user segments, using real-world examples in the past security research and the Viasat incident. By analyzing various attack methods from software vulnerabilities to radio frequency interference, this talk offers crucial insights for protecting current satellite infrastructures and anticipating future security challenges in the rapidly evolving field of satellite technology.In addition, the open community cubesat projects are growing.Vulnerabilities in these projects could also be a new threat.There will be 1 case study and new found vulnerabilities sharing for open project and a special case study of ground-station system in this talk.


In the past, due to the high costs of satellite manufacturing, design, and launch, as well as regulatory restrictions, satellite research and production were closely linked to government agencies, research institutions, and military defense. In recent years, with the small size and light weight of small satellites, the widespread use of commercial components, and the significant reduction in satellite launch costs, the development and extensive use of small satellites have emerged. As a result, there has been a substantial increase in projects involving self-developed open-source satellite protocols and DIY small satellites. This article will share classic vulnerabilities from past satellite-related attacks and discuss new security vulnerabilities in open-source satellite protocols.
The case studies include three vulnerabilities related to CAN bus transmission in the open-source library SPACECAN, which is used for internal satellite communication in the LibreCube project, an open-source satellite project. It also covers issues with libcsp, an open-source satellite communication protocol with a 10-year history that has been used by several satellites, including those of the European Space Agency (ESA). Additionally, the article includes a special case study of a ground station-like system, analyzing the process and implications of achieving remote code execution (RCE) and affecting satellites.

See also: slides

Vic Huang
Independent researcher / Security engineer
Member @ UCCU Hacker
Working on Web/Mobile/ICS/Privacy domain
He shared his research on several cybersecurity conference such as HITB,CODE BLUE,Ekoparty,ROOTCON,REDxBLUE pill,HITCON, CYBERSEC,DEFCON.