Monday, April 04, 2022

How Secure are Decommissioned Communications Satellites?

 

These days, the vast majority of communications signals are carried over fiber-optic cables that gird the globe and form the backbone of the Internet.  But for certain purposes such as broadcasting, geostationary satellites are still important simply because they can access huge geographic areas much more cheaply than wired or fiber networks, and are sometimes the only way to access rural and remote areas. 

 

Like any other hardware, communications satellites have a limited lifetime, and after they are replaced by newer ones, the old satellites are eventually moved into "graveyard" orbits and later burn up in the atmosphere.  But in their retirement-home phase while they are still in place but not being actively used, they are vulnerable to being hacked, as a security researcher named Karl Koscher recently showed and Wired reported.  In contrast to ground-based digital networks, communications satellites are largely analog and can be hacked with relative ease.

 

The first communications satellite, Telstar 1, was launched in 1962, long before the Internet was even a gleam in Vinton Cerf's eye.  But it embodied the essential features of today's comm satellites:  a microwave receiver, some sort of signal processing that changes the frequency band to a different transmitting frequency, and an amplifier that sends out a boosted version of the weak signal received from a ground station.  Depending on the application, the transmitted signal can cover thousands of square miles where anyone with, for example, a DirecTV dish can get them.

 

While Koscher worked with the owners of a decommissioned satellite to perform his hacking, that wasn't strictly necessary.  He borrowed the transmitter and dish of an earth station set up for this sort of thing and aimed the appropriate signals at the dormant satellite, which was a Canadian unit launched in 2005 and at the end of its fifteen-year design life.  In doing so, he successfully demonstrated that he could broadcast to a good part of the North American continent using facilities that are within reach of a determined amateur hacker.

 

Someone with less benign intentions than Koscher could simply overpower a legitimate signal from a satellite's owner and essentially take over the satellite's receiver.  Whether the transmitted signal could be received by the customers would depend on how the signal is digitally encoded, but such encoding can also be hacked as well. 

 

On your list of things to worry about, this issue probably doesn't deserve a very high ranking.  Back when satellites were the only means of broadband connections between continents, they were a much more critical part of our communications infrastructure.  Now that most people, at least in North America, get their data from the Internet without need of a satellite link, because most Internet traffic is carred via undersea fiber-optic cables, the fact that old satellites can be hacked is not that threatening.  Still, the possibility exists that newer satellites could also be taken over with sufficiently powerful earth-station signals, and this would cause problems beyond simple bemusement. 

 

Unlike Internet hackers, who can hide in obscure basements in inaccessible countries and evade detection for months or years, a satellite ground station is not an easy thing to hide.  There is one such installation a few miles south of where I live in San Marcos, Texas, and although I've never driven by it to see how close I can get, the large (10-meter or so) dishes are easily visible from I-35 between here and San Antonio.  So if a satellite hacker began making a habit of pirating, it would not be that difficult to figure out where he was transmitting from, depending on the satellite's own characteristics and the amount of power needed.

 

But we are far from being done with our dependence on communications satellites.  Elon Musk is launching Starlink, a planned array of over 4,000 low-orbit satellites designed to provide Internet service for underserved nations, and eventually the entire world.  Such satellites are much harder to hack in a meaningful way, because they move fast and the loss of one or two out of several thousand is probably only a minor inconvenience to the network.  Any hacking to be done with Starlink will probably be at a higher level, resembling Internet hacking on the fiber network, which is basically independent of the hardware used for conveying the information.

 

Perhaps there is a lesson here about the nature of ethical lapses with regard to communications technologies.  Any technology that conveys meaningful information from one human to another human, regardless of what time or space intervenes, is a communications technology.  Other things being equal, enabling human-to-human communications (which is the only kind we use technology for so far) is better than not enabling it.  Of course, any communications medium can be used for evil purposes, but generally speaking, communications systems can make one of the best claims at being ethically neutral of any technology you can name. 

 

But those systems which by their nature enable one person simultaneously to communicate one way with thousands or millions of others are in a special ethical category.  This was implicitly recognized in the pre-Internet days by the extensive regulatory regimes that broadcasters worked under in many countries.  But with the advent of the Internet, the broadcaster-versus-private-communicator distinction broke down, and outfits such as Facebook found there was money to be made in intentionally blurring that distinction. 

 

Broadcast satellites are one of the few remaining technologies in which that distinction is still distinct.  But the fiber-optic Internet has made them somewhat of a niche issue in the wider scope of communications-technology ethics, and I don't worry much about facing a rash of takeovers of old comm satellites in the future, simply because there are lots easier ways to do nefarious things using communications systems that aren't tied to satellites at all. 

 

Nevertheless,Koscher's feat is a warning for future satellite operators to take extra precautions so that a hacker can't even take over the satellite except to block it from operating, which will always be possible.  But there isn't much illegitimate money to be made from that, and so Koscher's demonstration may be the last of its kind.

 

Sources:   Wired carried Lily Hay Newman's article "Researchers Used a Decommissioned Satellite to Broadcast Hacker TV" on Mar. 30, 2022 at https://www.wired.com/story/satellite-hacking-anit-f1r-shadytel. 

No comments:

Post a Comment