Satellite Hacking: From Science Fiction to Reality

At the Black Hat security conference in Las Vegas, Johannes Wilbold, a PhD student at Ruhr University Bochum in Germany, presented the results of his research on satellite security. He studied three types of orbital devices and found that many of them are completely vulnerable to remote takeover, lacking even the most basic security systems.

“People think satellites are well protected. These are expensive assets, and they should have encryption and authentication,” Wilbold said.

However, services like Ground Station as a Service (GSaaS) from AWS and Microsoft Azure allow users to communicate with satellites using little more than a credit card. Wilbold estimated that a hacker could build their own ground station for as little as $10,000.

The researcher examined three different types of satellites, and the results were discouraging. Most lacked authentication protocols and transmitted signals without encryption. Wilbold demonstrated how someone could take over basic satellite control functions and lock out the legitimate owner.

Security concerns in satellite development have proven to be a very low priority. Of nine developers who responded—who collectively worked on 132 satellites during their careers—only two had ever conducted penetration testing.

Potential consequences of a hack could include transmitting malicious information or code to Earth, or in the worst case, causing satellites to collide and create orbital debris that could disable other systems.

When asked whether it is possible to upgrade satellite security systems, Wilbold replied, “Technically, it’s possible. But the reality is that these systems are built with very limited resources. Existing systems simply don’t have the capacity to run encryption or authentication. It’s not practical.”