Hacking Risks for Satellites
Transcript of Hacking Risks for Satellites
WSRF 2012, Dubai
Hacking Risks for Satellites
Felix ‘FX’ Lindner Head of Recurity Labs
WSRF 2012, Dubai
Agenda
• Review of hacker interest in satellites – Motivations and Methods – Current and emerging
trends in satellite hacking
• Lessons from computer security challenges in similar fields
• Recommendations for secure design and operation
WSRF 2012, Dubai
History of Hacker Interest
• Generally, hackers are interested in everything that is technologically challenging – I was introduced into hacking by
people who broke into Russian military/spy satellites for imagery
• Astra signals were decoded by hackers using Commodore C64 home computers – Satellite Pay-TV used to be the
driver of interest
WSRF 2012, Dubai
Satellite Hacking Presentations at BlackHat and DEFCON
Year Title
1998 Low Earth Orbit Satellites
1999 Future & Existing Satellite Systems
2003 Satellite TV Technology
2004 Weaknesses in Satellite Television Protection Schemes
2007 How to freak out your Satellite Navigation
2007 Satellite Imagery Analysis
2009 Satellite Hacking
2010 Playing in a Satellite Environment
WSRF 2012, Dubai
Top 5 Recent Hacking Incidents
• Stuxnet: Using a highly specialized computer worm to delay the Iranian uranium enrichment program
• Aurora: Using 0day attacks on client computers, attacking Google and several other Fortune100 companies over 1-2 years to extract their intellectual property
• RSA: Breaking the security of the most widely used and trusted one-time password token system in the world to break into US defense contractor networks
• HBGary Federal: Breaking into all relevant email accounts of a defense contracting consultancy and publishing the contents
• LulzSec hacktivism: spending 50 days to break into Fox News, PBS, Nintendo, pron.com, the NHS, Infraguard, the US senate, Bethesda, Minecraft, League of Legends, Escapist magazine, EVE online, the CIA, The Times, The Sun
WSRF 2012, Dubai
Motivation Drives Goals
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Confidentiality
Integrity
Availability
WSRF 2012, Dubai
Days of Attack
-
200
400
600
800
1,000
1,200
1,400
1,600
1,800
2,000
Anonymous LulzSec Recreational Cybercrime Military BlackHat Services
WSRF 2012, Dubai
Emerging Satellite Hacking
• “What would one need to do in order to hijack a satellite?” – August 2011 on “IT Security Exchange” – Voted “Security Question of the Week”
• Hackerspace Global Grid – “The hacker community needs a fallback infrastructure in case of natural and
economic disaster to stay connected.“ – Highly publicized as “visions of space-borne 'SOPA Wars‘”
• Constellation – “Constellation is a platform for research projects that use Internet-connected
computers to do research in various aerospace related sciences and engineering.”
• Small Satellites Program Stuttgart – “To allow the development of satellites despite high space transportation
costs it was necessary to apply miniaturization and new space technologies”
WSRF 2012, Dubai
Satellite Assisted Hacking
• Most satellite hackers come from DVB background – Accordingly, they keep their hardware as it is and explore
• 32% of all easily observable satellite traffic is now some corporation’s network traffic (TCP/IP) – The satellite downlinks provide the most convenient attack
path into corporate networks
– The ability to see one part of all the communication enables many attacks that are otherwise a lot harder
• Reputation databases for IP address blocks have a dedicated field for “Satellite Provider”
WSRF 2012, Dubai
Satellite Assisted Hacking Example
WSRF 2012, Dubai
Breaking Satellite Phone Encryption
• Secret encryption algorithms developed by European Telecommunications Standards Institute (ETSI) – Researchers from Ruhr University Bochum (Germany)
simply obtained the respective phones and reverse engineered them
• GMR-1 turned out to be similar to GSM A5/2 – Cipher text only attack possible due to design flaw – Requires about 30 minutes on a standard PC
• GMR-2 is only slightly better – Design weaknesses allow known plaintext attacks
WSRF 2012, Dubai
Future Targets
• TT&C intrusions in order to obtain control when it is needed
• More intelligence in satellite payloads (e.g. IP routing) highly increases chance of successful direct attacks – Removes the need to attack TT&C
• Nations could consider attacks on launch control systems in order to prevent new military satellites from reaching orbit
WSRF 2012, Dubai
LESSONS FROM THE FIELD
“He who doesn’t understand history is doomed to repeat it. And when it's repeated, the stakes are doubled.” - Pittacus Lore
WSRF 2012, Dubai
The Domain Knowledge Myth
• One of the most common myths:
“The domain specific knowledge required to attack our stuff is not readily available.” – Disproved countless times in all domains – Keep in mind that we are no longer talking about bored teenagers
• A few quotes from hackers describing satellites: – “Higher-level protocols may be standard TCP/IP, plaintext, encrypted,
or some totally imaginary 17 bit codeword system.” – “The weak link are satellites themself. When you build a satellite, you
don't care about security, but you care about MTTF (mean time to fail) and MTTR (mean time to repair).”
– “All I'm saying is, it's hardly rocket science.”
WSRF 2012, Dubai
The Secret System Myth
• Assumption that the attacker needs specifications of your system in order to attack it is wrong – Reverse engineering is what drives many people. You
are providing an incentive, not a deterrent!
• Secret encryption is the worst form of the secrecy myth – In 1883 Auguste Kerckhoffs defined in the design
principles for military ciphers (now known as Kerckhoffs’ Principle): “It must not be required to be secret, and it must be able to fall into the hands of the enemy without inconvenience.”
– Common Weakness Enumeration CWE-656: Reliance on Security Through Obscurity
WSRF 2012, Dubai
False Focus
• People tend to look at potential security threats to their system by how they would attack it
• Lack of formal threat modeling uses up all the time and budget in the wrong place – Firewalls, anti-virus, intrusion prevention …
• Even most penetration tests are done wrong! – “You cannot attack this TT&C, it’s in production!” – The hidden agenda is often to limit the scope of a
penetration test to the maximum level of ineffectiveness, in order to look good to higher management and customers
WSRF 2012, Dubai
DESIGN AND OPERATION FOR SECURITY
It can be done right.
WSRF 2012, Dubai
Threat Modeling
• Threat Modeling is a well established process to holistically determine possible attacks, mitigations and defenses of a complex system – Identifies processes, external actors, data stores and data
flows – Establishes expected trust and process boundaries – Results in data flow diagrams (DFD) of increasing detail
• Systematically working though all threats automatically determined from the DFDs models attacker process
• Results in efficient investment of the scarce defense resources
WSRF 2012, Dubai
Test and Audit
• The only way to really know is to try it – Use people with a track record in such things.
They may be harder to get, but they are worth it.
• Follow your threat model – Don’t exclude components from 3rd parties
– Verify the promised properties of everything
• Once you know what you can rely on and what not, you have won half of the battle
WSRF 2012, Dubai
The Environment Dictates Everything
• There is no “one size fits all” • We have developed solutions in automotive, aerospace
and medical environments – Specialized cryptography protocols – Multiple secure fallback mechanisms – Zero maintenance scenarios
• Several of our customers are now 5+ years ahead of their industry, while their competition makes the news in undesirable ways – The longer the lifetime of your product, the better security
the payoff from early security investments
WSRF 2012, Dubai
CONCLUSION
“Predictions are hard – especially if they concern the future” – Halvar Flake
WSRF 2012, Dubai
Satellites are Collateral Targets
1. High-end attackers focus on high profile targets
2. High profile targets make ever increasing use of satellite communications
3. Everything in the satellite infrastructure is a perfect vantage point for the attackers
Satellites will be attacked to hit their customers
WSRF 2012, Dubai
Thank you.
Recurity Labs GmbH, Berlin, Germany http://www.recurity-labs.com
Felix FX Lindner Head
WSRF 2012, Dubai
Felix ‘FX’ Lindner
• Founder, technical and research lead of a high-end security consulting and research team
• 23 years of computer programming • 15 years of attack specialization • 10 years of speaking at IT-security conferences • First remote exploit against Cisco routers • First attack programs running on HP printers • First network router forensics system • First provably secure solution for Adobe Flash
WSRF 2012, Dubai
Recurity Labs GmbH
• Program code audits for security and reliability – 30+ programming languages, 15+ CPU architectures
• Security Architecture and Design – Reviews, verifications and proofs – Invention, development and prototyping
• Challenging customer base – Large scale scenarios – Long living products – Non standard requirements