In recent years, independent researchers and the US military have been paying more and more attention to studying potential vulnerabilities in orbiting satellites. Devices created primarily with reliability and durability in mind were basically never intended to provide a high level of cybersecurity. At the ShmooCon security conference in Washington, cybersecurity researcher Karl Koscher raised questions about an important stage in the satellite’s life cycle — what happens when an old satellite is decommissioned and goes into a “burial orbit”?
Last year, Kosher and his colleagues received permission to access and broadcast from the Canadian satellite Anik F1R, launched to support Canadian broadcasters in 2005 and designed for 15 years of use. The satellite’s coverage area extends from the southern border of the United States to the Hawaiian Islands and the easternmost part of Russia. The satellite will soon move to its “burial orbit”, and almost all other services that use it have already switched to the new satellite.
Kosher and his colleagues from Shadytel, using a satellite, conducted a live broadcast of another security conference — ToorCon San Diego. The expert spoke about the tools they used to turn an unidentified commercial uplink facility (a station with a special antenna powered for communication with satellites) into a command center for broadcasting from a satellite.
The researchers had permission to access both the uplink and the satellite, but the experiment raises an interesting topic when the old satellite is no longer in use, but has not yet moved from Earth to its last resting orbit.
“Technically, there are no controls on this satellite or on most satellites — if you can generate a strong enough signal to get there, the satellite will send it back to Earth. People will need a big antenna, a powerful amplifier and knowledge of what they are doing,” Kosher explained to Wired.
According to Kosher, the lack of authentication systems and control over satellites may allow cybercriminals to seize such equipment.