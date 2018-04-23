Hacking a Satellite is Surprisingly Easy (theoutline.com) 89
Caroline Haskins, writing for The Outline: Hundreds of multi-ton liabilities -- soaring faster than the speed of sound, miles above the surface of the earth -- are operating on Windows-95. They're satellites, responsible for everything from GPS positioning, to taking weather measurements, to carrying cell signals, to providing television and internet. For the countries that own these satellites, they're invaluable resources. Even though they're old, it's more expensive to take satellites down than it is to just leave them up. So they stay up. Unfortunately, these outdated systems makes old satellites prime targets for cyber attacks. [...]
A malicious actor could fake their IP address, which gives information about a user's computer and its location. This person could then get access to the satellite's computer system, and manipulate where the satellite goes or what it does. Alternatively, an actor could jam the satellite's radio transmissions with earth, essentially disabling it. The cost of such an attack could be huge. If a satellite doesn't work, life-saving GPS or online information could be withheld to people on earth when they need it most. What's worse, if part of a satellite -- or an entire satellite -- is knocked out of its orbit from an attack, the debris could create a domino effect and cause extreme damage to other satellites.
Security through obscurity is no security at all, and no amount of smugness in a retarded comment will fix that.
Releasing the know how does multiple services. First, it lets independent operators or consumers of said tech determine if the attack vector works on their systems. Second, it encourages the producers / manufacturers to implement fixes. They will be less inclined to spend the resources correcting the issues if they feel the fact that the attack isn't in the wild. Third, it prevents bas actors from
So they are going to do a Windows Update in Orbit??
You just made the AC's point.
didn't Nasa just launch a WSUS server up there
https://www.nasa.gov/directora... [nasa.gov]
Fourth, it allows consumers to implement mitigation strategies and test them, while a solution is being formulated.
What is your proposed "mitigation strategy" to having a multi-ton, faster than sound communication satellite smashed onto the top of your head?
Is it "security by obscurity" when someone creates hypothetical methods of hacking into a system that they have zero knowledge about, and then announces how insecure those systems are?
Say what? (Score:3)
Was thinking the same thing. I am sure there is no satellite (other than perhaps a modern amateur microsat) running anything bearing any resemblance to a desktop operating system. The control system may be running Windows 95, but that's a different problem.
Probably the terrestrial C&C servers. (Score:1)
Although even there I would expect most of them to be running some sort of unix.
As far as satellite OSes go, I would expect something better than linux or embedded OSes. It needs to be a nuclear/medical grade RTOS with failover capabilities on every codepath and piece of hardware. Otherwise what is the point when a stray bit of cosmic radiation flips or damages something important?
Hey, now, I hear he's pretty 1337. If anybody around here can sniff out some srs h@x0ring, it's msmash. You can't have the srs hax that he does without being able to recognize them when he seez them.
I mean, I hear that he once used a bread clip for an iPhone charger holder!
And when it comes to OS's, no one's better. One time, he managed to trick an old lady out of her place at the front of the line at the Genius Bar, and managed to get his password reset in under 10 minutes!
He's a master at networking, t
Re: Say what? (Score:4, Informative)
This whole article is complete bullshit. Of course satellites do not run Windows 95. GPS satellites alone have existed for longer than that.
Wtf Slashdot?
Linked article doesn't even mention Windows 95 except in the title. Shit story.
"Hundreds of multi-ton liabilities—soaring faster than the speed of sound, miles above the surface of the earth—are operating on Windows-95." https://theoutline.com/post/42... [theoutline.com]
Re: (Score:3)
Everything else in that statement was bullshit clickbait fud as well.
Who cares what the satellite's mass is? "faster than the speed of sound" no fucking kidding. "miles above the surface of the earth", just a bit of an understatement.
Are they trying to suggest that someone hacking a satellite can cause it to crash into someone's house?
I agree - total BS. Come on Slashdot, your site advertising is becoming intrusive and flaky, and your article selection is getting lame. Failing to 'get' your audience will diminish your future, which I would mourn.
Windows 95? (Score:5, Interesting)
Windows 95 is a consumer desktop OS? Does the author means that the control software for the satellites runs on Win 95?
I'd imagine that the satellites themselves would use a real-time or server OS i.e. QNX, NT, or a Unixoid OS. Running a desktop OS on hardware with no direct display would be stupid, and satellite engineers aren't likely to be stupid.
... and satellite engineers aren't likely to be stupid.
Yeah, but random bloggers? Not so much...
Emmbeded system from Hell (Score:1)
Just remember that Satellites are embedded systems from Hell.
Many moons ago, I had to work on a MSDOS system because we needed something with a very small foot print - and we rolled our own when it came to network connectivity (Ah yes, using a MAC address as the machine's address! Fun times!!) [Linux was shit back then, btw].
And today's OSes are such bloatware. WTF?! I know they want to give the user an experience and they got to support a lot of hardware, but even then, really?! My Android phone ran out
Re:Windows 95? (Score:4, Insightful)
One might imagine that there are satellites looking down at the earth for sources of interesting, space-beamed transmissions, and their content. There are a lot of monitoring dishes up there these days, pointing directly at that person with a yagi antenna spewing iterations of hack attempts. Then there's a knock at your door.
I'll imagine if you try and hack GPS and other high-value assets, you're not only being watched but by people that play for keeps.
Go ahead. Make some analyst's day.
You'd be right, except the part that kind of assumes that it is the back yard Yagi pointing enthusiast and not the State sponsored bad actor in places hard to reach by normal "people that play for keeps".
One imagines discrete little drones..... isn't that how it's done these days?
True, but their bosses or company owners might be to shave a buck. I've seen co's run public CMS's using Microsoft Access. I warned them, but they didn't want to pay for a real database and don't trust OSS.
I worked with Access in the early 2000s and found it as rapid an application development tool as Visual Basic 6.0. The company database worked well until it hit a million records in the transaction log. Then we moved to SQL Server and everything turned over with just a minor change to the data source string.
Today's SQL Server and Oracle are bloated with things you'll never use, but have taken the magic of sort routines and indexing far further than can easily be explained.
Processor in space? There's the pro
Imagine you use something like a mouse to remote control a satellite that you are interfacing with with something like RDP
... oh the jitter!
Faster than the speed of sound, in space! (Score:2)
Have real doubts about this. (Score:5, Insightful)
NT I Could See
Back in the day, NT was actually a pretty good OS, and used in a number of mission critical applications. (Including some I worked on.)
But... 95? Really?
That was certainly not MILSPEC approved for that sort of thing. And NASA had even tighter requirements and a higher specification bar.
I really suspect that the author has their facts a bit scrambled.
Not all can be hijacked (Score:2)
As some are having their BSOD
Windows 95 didn't really have a BSOD. That was (is) an NT thing.
Security / Jamming (Score:2)
I'd be surprised if modern satellites don't have some sort of protection built into them after the legendary HBO Satellite hack that resulted in the words "HBO Sucks" displayed across North America. Jamming is always a possibility with a high powered transmitter although doing so would be the equivalent of putting a giant bulls-eye on your back since it's hard to hide a massive signal. There's also a huge question of why as well. Some of these hacks require some not so trivial equipment so it's sort of h
Re:Security / Jamming (Score:5, Informative)
Naw, the vast majority of commercial communications satellites are still dumb bent-pipe repeaters. There's no security on them, save for nulling antennas and similar techniques.
I used to work for a company that built flyaway VSAT systems, so I know this stuff pretty intimately. A number of years ago, SES Americom (one of the big operators in North America) called me up for help in locating a wildcat transmitter that was causing interference with one of their birds. They called us because they knew we built stable, small aperture uplink terminals that could be a useful reference. Basically they had me transmit a known narrow-band signal at high power, then used that and my sidelobes as a reference to find the offender. After a weekend of doing doppler locating, they tracked it down to about a 1 x 2 mile ellipse, east of Detroit. Their suspicion was that it was a HughesNet terminal, probably on a gas station, that had gone bad.
I'd love to be able to dig into this author's source material. There are some fairly strong (possibly FUD) claims in the article, but it's missing the useful details.
E.g. It claims that end of life satellites out at GEO could be used for mayhem, but that doesn't seem right. EOL satellites at GEO are, by international convention, moved up to a graveyard orbit, the remaining propellant dumped, and the power subsystems turned off. This is done to reduce the amount of harm a software or hardware glitch (exp
and the power subsystems turned off.
Not just turned off, but permanently disabled, typically by deliberately blowing fuses. There is no coming back from it.
Depends what you mean with jamming.
... same for TV etc.
If you send a strong signal to the satellite, it might be disabled to pick up control commands.
But to jam e.g. GPS, you need to jam the area where the victims are, sending a "flash of energy" to the satellite does not disable it from sending its GPS signals down to earth
But to jam e.g. GPS, you need to jam the area where the victims are,
To jam a GPS receiver, you need to provide a signal to the receiver.
You CAN jam the uplink to the GPS satellite so it does not get the relevant ephemeris data (corrections to its and other SV's locations and timing), BUT
... the GPS satellites are LEO and will move out of range of your jammer very quickly, and there are other in the visible constellation that can provide the same data.
Jamming the uplink just isn't a very productive thing to do. Jamming the downlink, however, can cause issues for regiona
after the legendary HBO Satellite hack that resulted in the words "HBO Sucks" displayed across North America.
Hacking uplink content on a video distribution satellite is NOT hacking the satellite control system. Not even close.
There was a story a few years ago about people "hacking" a military satellite system because they found out that it was acting like an open repeater. That, too, is not hacking the satellite control system.
This summary is crap, the claims are ridiculous, and
/. should never have repeated this nonsense. News for nerds, indeed. Hysteria for morons, more like it. "Oh, those awful hackers could
BULLSH@# (Score:2)
There has never been a microsoft flight certified any thing.
And no intel stuff that i know of.
those birds were designed in the 60s for GPS and more than likely use some version of the IBM AGC for the apollo missions.
LAMENESS FILDER XDDDDD (Score:2, Interesting)
What do you want to bet that "Caroline Haskins, writing for The Outline" has no idea what hacking is.
What a terrible article, and by article, I mean Mail Chimp advertisement.
There was a time when the editors of this site would have augmented the submitted summary of the article to make it significantly more mocking than your comment.
Today, though, it is hard to tell if our benighted editors could get a job at the Apple Genius Bar.
But what does this insensitive old clod know?
We're just the old Greybeards we used to make fun of back in the day.
What do you want to bet that "Caroline Haskins, writing for The Outline" has no idea what hacking is.
She might know a little. She might have a cat. They hack up stiff all the time.
I could find no evidence for the claim about Win95 (Score:5, Informative)
I read the article and while it makes the claim about Win95, it doesn't go into detail about it or support it with facts. I find that claim somewhat incredulous as most satellites would never use a GUI based desktop OS. Maybe some control systems on the ground use Win95 and have ever been updated.
I would agree with the basic premise that many satellites especially older ones are not hardened against cyber attacks.
The actual command/control of the spacecraft themselves is protected by reasonably heavy Cryptography. When a Long March rocket failed in China while launching Intelsat 708, Intelsat failed to recover the cryptographic equipment from the wreckage, despite significant risks taken by their crew.
The Intelsat 708 launch failure occurred in 1996. Typical lifespan for a geostationary satellite is approximately 15 years, before they're moved to a graveyard orbit and rendered inert.
For the most part, the TT&C (Tracking Telemetry and Control) codes for managing the spacecraft themselves has always been a closely guarded secret, and one fo the things that is subject to ITAR controls, due to the cryptography involved.
That said, there have been at least one incident where sabotage of the satellite was s
Also TT&C of spacecraft is the only time you can use encryption on amateur radio.
https://www.law.cornell.edu/cf... [cornell.edu]
Maybe someone googled for "what operating system runs on old satellites" and didn't realize that the Satellite made by Toshiba is a laptop, not an actual Earth orbiting device.
I, too, do not believe that any satellite is running Windows 95. To say the least, Win95 has not been optimized for power efficiency or running on resource-poor radiation hardened microprocessors, memory and support chips. Considering the Win95 is just a gui on top of MSDOS, running just MSDOS would make far more sense than Win95. Who
The SKY IS FALLING.... (Score:4, Insightful)
Literally... Chicken little has confirmed it!
Um... Yea, a lot of stuff is POSSIBLE, but the question really is about how practical it is. What's the actual level of risk? Pretty low.
These things are expensive. Older satellites might be vulnerable to exploits launched from the Web, but I've got to believe that such "over the web" control systems are quite well protected and monitored. Disrupting over the AIR (I.E. RF links) are going to require specialized equipment and some specialized knowledge about what you are doing (not all satellites use the same control uplink frequencies), and actually taking CONTROL is like to require insider knowledge of expected modulation techniques, telemetry formats, encryption keys and a lot of other things.
There are a lot of places that have the uplink equipment, though it's not that long of a list and most of that equipment is already being used for commercial applications. An uplink setup is prohibitively expensive for an individual to build and commercial companies that own them like to keep track of when they are used. You could possibly arrange to use one by stealing a mobile unit or breaking into one and using it, but you will get discovered pretty quick.
All this to say, Disruption is easy, so doing a denial of service attack is pretty high risk, you just need to access the right equipment. DOS attacks (and uplink mistakes) happen all the time now. Taking control? Not very likely, very low risk. State actors might have the resources, but apart from that, it's not going to be worth the effort and costs.
Um... Yea, a lot of stuff is POSSIBLE, but the question really is about how practical it is. What's the actual level of risk? Pretty low.
I disagree because any nation-states would love to have some free satellites under their control, especially if they can spy on other people who do use it. Russia in particular has been known to use hacked sats to try and mask the origin of their hack attacks.
An uplink setup is prohibitively expensive for an individual to build...
but not a nation-state!
State actors might have the resources, but apart from that, it's not going to be worth the effort and costs.
Poppycock! A private sat would be awesome!
Probably just ground control stations use Win95 (Score:3)
There's noo way some satellite up there is actually running Windows 95 for anything on the the satellite hardware itself. I'm not believing that.
But I will believe there might be ground control workstations running Windows 95 for some function due to having custom software developed on it or a hardware device/card that cannot be moved to a newer version of Windows.
I know of all kinds of customer sites with Win95 workstations still in use. These are for specialized applications like manufacturing machine control or scientific test tools. They either keep them completely off the network and block all USB ports, etc, OR they use a very discrete localized network.
. They either keep them completely off the network and block all USB ports, etc, OR they use a very discrete localized network.
That's overkill. Windows 95 doesn't support USB.
Wowza (Score:2)
Sounds like an arsonist's wet dream.
Sad consequence of the Get It Up / Get It Out / Get It Sold NOW mentality, with no foresight about security.
Creativity (Score:2)
And here I thought forks were just a wonderful modern invention.
Really? (Score:2)
The claim that they run Windows 95 is not supported at all. A quick google revealed that most of the older satelites did not have a traditional operating system at all.
The whole article looks mostlly like clickbait, written by somebody with little knowledge of computers and even less about satelites.
Really? (Score:2)
"If a satellite doesn't work, life-saving GPS or online information could be withheld to people on earth when they need it most."
If our GPS satellites are that easily hacked (to say nothing of them running on Win95 - seriously?) then we'd deserve that.
To say which: no, I think a big chunk of the OP is a) wrong, b) getting into histrionics over what they IMAGINE might happen in their wildest dreams.
If our GPS satellites are that easily hacked (to say nothing of them running on Win95 - seriously?) then we'd deserve that.
If ours are that easily hacked, then you can bet that the Russian's GLONASS and China's BDS are not, nor will the EU Galileo (here [wikipedia.org]) be so easy. Modern GPSs compare results and know when to throw out an SV when it gives stupid answers. If you have a GPS, then update to GNSS and be safe. It costs more than a tinfoil hat, but you can sleep peacefully knowing that your location will be well known.
Breaking news: give hackers unlimited access to 25 voting machines and they will hack into all of them. Bruce Schen
Clippy: (Score:1)
"It looks like you are trying to orbit a planet; would you like some help?"
Dont tell me hollywood got it right! (Score:2)