The offensive cybersecurity team from Thales recently conducted the world's first ethical satellite hacking exercise, demonstrating how to take control of the satellite OPS-SAT operated by the European Space Agency (ESA).
The exercise aimed to test the resilience of satellites to cyberattacks – a topic gaining increasing importance in light of secret U.S. intelligence documents suggesting that China is developing capabilities to take over satellites operated by adversary states. Launched in December 2019, the OPS-SAT satellite contains an experimental computer ten times more powerful than any current ESA satellites.
The Thales team demonstrated how to access the satellite’s onboard system and then used standard access rights to take control of its application environment. The team identified and exploited several vulnerabilities in the satellite systems to introduce malicious code. The experts managed to compromise the data sent to Earth, including images taken by the satellite camera.
During the exercise, participants utilized ethical hacking techniques to take control of the system managing the global positioning system, attitude control system, and onboard payload camera. The Thales team found and exploited several vulnerabilities in the satellite systems to introduce malicious code, which ultimately compromised the data sent to Earth and images taken by the satellite camera.
Despite Thales’ successful hack, the ESA had access to the satellite systems throughout the exercise to maintain control. The Thales researchers emphasized the importance of ensuring cybersecurity at every stage of a satellite’s lifecycle, from the first design through system development to maintenance.
This unprecedented exercise provides the opportunity to raise awareness of potential vulnerabilities and weaknesses to enhance the cyber resilience of satellites and space programs in general, including ground segments and orbital systems.
