The US government unleashes hackers on working satellites

In August, ethical hackers should be able to attempt to hijack an actual satellite in orbit. However, the project, which is funded by the US government, has had some starting problems: the launch of the rocket that is supposed to carry the satellite into space has already been delayed twice.

For the past four years, the Hack-A-Sat competition has allowed ethical hackers to attempt to hijack a satellite. The competition is jointly organized by the US Air Force and Space Force as part of the annual Def Con security conference. However, these are lab tests – participants can’t actually hack a satellite as part of the competition.

That must change now. The US government funded a project to create a hacking sandbox in space. For this, cubes weighing about 5 kilograms must be put into orbit around the Earth. With solar panels, the satellite is only 50 cm wide, 34 long and 11 high, such as “log“mentioned.

To allow multiple teams to safely compete for control of the satellite, it runs a software payload that behaves like a real flight computer. The satellite, called Moonlighter, must be able to withstand real-world attacks without endangering critical subsystems.

It must be in August. The first hacking attempts are scheduled to take place as part of this year’s fourth Hack-a-Sat competition. Five teams have already qualified for it. The top three teams can look forward to securing prize money of US$50,000, US$30,000 or US$20,000.

“space is hard”

In order for hackers from Earth to hack an orbiting satellite, they must first get there. The Moonlighter was originally scheduled to fly into space on June 3 aboard a SpaceX Falcon 9 rocket. However, due to bad weather, the launch was postponed by a day.

Although on Sunday 4 June, The Falcon 9 has already launched from the Kennedy Space Center in Florida. However, the satellite to be hacked was not on board. Hack-a-Sat organizers announced on Twitterthat the launch has been pushed back another day to June 5th — accompanied by the comment “space is hard.”

If you’d like to catch the launch live today at 5:45 p.m., you can watch it here on the NASA live stream:

This assessment, “space is hard,” also applies to cybersecurity efforts in space. There are certain factors that make the security of systems in space unique. “The most obvious thing is you can’t just go and reboot the system,” James Pavor, a cybersecurity software engineer at Istari and participant in all three previous Hack-A-Sat competitions, quotes the log.

Because the risk of losing a connection is very low, satellites have multiple redundant systems. However, this also means that there are many ways hackers can gain access.

Satellites are also subject to very aggressive environmental pressures: solar radiation, temperature extremes, and space debris flying around. So these physical threats, which certainly exist, are often given more weight than potential cyber attacks – much to the detriment of cybersecurity.