VSAsTer: Uncovering Inherent Security Issues in Current VSAT System Practices
Authors: 
Johannes Willbold, Moritz Schloegel, Robin Bisping, 
Martin Strohmeier, 
Thorsten Holz, 
Vincent LendersAuthors Info & Claims
Johannes Willbold, Moritz Schloegel, Robin Bisping, Martin Strohmeier, Thorsten Holz, Vincent LendersAuthors Info & ClaimsPages 288 - 299
Abstract
Recent geopolitical events have exposed our critical dependence on the wireless infrastructure used to facilitate worldwide communication. State-sponsored groups are actively attacking and exploiting space-based communication networks, causing outages and serious economic damage. Despite initial research findings pointing out a lack of security, such networks enjoy growing adoption and are still placed at the heart of today's communication infrastructure, ranging form the transportation sector over oil rigs to consumer internet. Worryingly, the command and control networks that support this satellite-based communication have received little attention from the security community so far.
This paper addresses this research gap and conducts a systematic security assessment of the Very Small Aperture Terminal (VSAT) ecosystem. More specifically, we investigate the attack surface of the underlying command and control networks and analyze the systems currently used by industry-leading vendors. Through systematic reverse engineering, we uncover a number of wide-reaching vulnerabilities that illustrate the perilous position of the satellite industry. We then systematically formulate a phase-based threat model to categorize these issues and uncover several inherently insecure design practices.
References
[1]
Nora Abdelsalam, Saif Al-Kuwari, and Aiman Erbad. 2023. Physical Layer Security in Satellite Communication: State-of-the-art and Open Problems. arXiv preprint arXiv:2301.03672 (2023).
[2]
André Adelsbach and Ulrich Greveler. 2005. Satellite Communication without Privacy--Attacker's Paradise. In Sicherheit 2005, Schutz und Zuverl"assigkeit. Gesellschaft für Informatik eV, 257--268.
[3]
Michel Barbeau and Jean-Marc Robert. 2006. Rogue-base Station Detection in WiMax/802.16 Wireless Access Networks. Annales des Télécommunications, Vol. 61 (2006), 1300--1313.
[4]
Georg Baselt, Martin Strohmeier, James Pavur, Vincent Lenders, and Ivan Martinovic. 2022. Security and Privacy Issues of Satellite Communication in the Aviation Domain. In International Conference on Cyber Conflict.
[5]
Przemyslaw Bibik, Stanis?aw Gradolewski, Wojciech Zawi?lak, Jacek Zbudniewek, Radoslav Darakchiev, Jerzy Krç?el, Mateusz Michalski, and Krzysztof Strzelczyk. 2012. Problems of Detecting Unauthorized Satellite Transmissions from the VSAT Terminals. In 2012 Military Communications and Information Systems Conference (MCC).
[6]
Nicolò Boschetti, Nathaniel G Gordon, and Gregory Falco. 2022. Space Cybersecurity Lessons Learned from The ViaSat Cyberattack. In AIAA ASCEND.
[7]
Stephen Brown and Cormac J Sreenan. 2009. Software Update Recovery for Wireless Sensor Networks. In International Conference on Sensor Applications, Experimentation and Logistics.
[8]
D.M. Chitre and J.S. McCoskey. 1988. VSAT Networks: Architectures, Protocols, and Management. IEEE Communications Magazine, Vol. 26 (1988), 28--38.
[9]
Merlin Chlosta, David Rupprecht, Thorsten Holz, and Christina Pöpper. 2019. LTE Security Disabled: Misconfiguration in Commercial Networks. In ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec).
[10]
International cyber law: interactive toolkit. 2022. Viasat KA-SAT Attack (2022) -- International Cyber Law: Interactive Toolkit. https://cyberlaw.ccdcoe.org/w/index.php?title=Viasat_KA-SAT_attack_(2022)&oldid=3409.
[11]
Digital Ship. 2020. Marlink Remains Largest Retail VSAT Service Provider in 2019. https://www.thedigitalship.com/news/maritime-satellite-communications/item/6826-marlink-remains-largest-retail-vsat-service-provider-in-2019.
[12]
Ralph Droms and Steve Alexander. 1997. DHCP Options and BOOTP Vendor Extensions. RFC 2132. https://doi.org/10.17487/RFC2132 https://www.rfc-editor.org/info/rfc2132.
[13]
Kate Duffy. 2022. Elon Musk says Russia has stepped up efforts to jam SpaceX's Starlink in Ukraine. https://www.businessinsider.com/elon-musk-spacex-russia-ramps-up-efforts-jam-starlink-ukraine-2022--5.
[14]
Leonardo Egea. 2010. Playing in a Satellite Environment 1.2. http://www.blackhat.com/presentations/bh-dc-10/Nve_Leonardo/BlackHat-DC-2010-Nve-Playing-with-SAT-1.2-wp.pdf.
[15]
European Space Agency. 2023. Space Attacks and Countermeasures Engineering Shield (SPACE-SHIELD). https://spaceshield.esa.int/.
[16]
Tiago M Fernández-Caramés and Paula Fraga-Lamas. 2018. A Review on the Use of Blockchain for the Internet of Things. IEEE Access, Vol. 6 (2018), 32979--33001.
[17]
Giacomo Giuliari, Tommaso Ciussani, Adrian Perrig, and Ankit Singla. 2021. ICARUS: Attacking Low Earth Orbit Satellite Networks. In USENIX Annual Technical Conference (ATC).
[18]
Se Gi Hong and Chi-Jiun Su. 2015. ASAP: Fast, Controllable, and Deployable Multiple Networking System for Satellite Networks. In IEEE Global Communications Conference (GLOBECOM).
[19]
Yurong Hu and V.O.K. Li. 2001. Satellite-based Internet: A Tutorial. IEEE Communications Magazine, Vol. 39 (2001), 154 -- 162.
[20]
Todd E Humphreys, Peter A Iannucci, Zacharias M Komodromos, and Andrew M Graff. 2023. Signal Structure of the Starlink Ku-Band Downlink. IEEE Trans. Aerospace Electron. Systems, Vol. PP (2023), 1--16.
[21]
iDirect. 2020. iDirect-Corporate-Fact-Sheet. https://www.idirect.net/wp-content/uploads/2020/01/2020-STE-iDirect-Corporate-Fact-Sheet-US-1.pdf.
[22]
Valerie Insinna. 2022. SpaceX Beating Russian Jamming Attack was ?Eyewatering': DoD Official. Breaking Defense (2022). https://breakingdefense.com/2022/04/spacex-beating-russian-jamming-attack-was-eyewatering-dod-official/.
[23]
Eric Jedermann, Martin Strohmeier, Matthias Sch"afer, Jens Schmitt, and Vincent Lenders. 2021. Orbit-based Authentication using TDOA Signatures in Satellite Networks. In ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec).
[24]
Eric Johnston. 2022. KA-SAT Technical System: My Guess as to How it Works. https://www.satsig.net/tooway/ka-sat-system-technical.htm.
[25]
Kratos. 2023. Threat Briefing: Russian Satellite Service Provider Dozor-Teleport Targeted by Cyberattack. https://www.kratosdefense.com/constellations/articles/russian-satellite-service-provider-dozor-teleport-targeted-by-cyberattack.
[26]
Adam Laurie. 2009. $atellite Hacking for Fun & Pr0fit! Blackhat.
[27]
Katrina Manson. 2023. The Satellite Hack Everyone is Finally Talking About. Bloomberg (2023). https://www.bloomberg.com/features/2023-russia-viasat-hack-ukraine/##xj4y7vzkg.
[28]
Joseph Menn. 2023. Cyberattack Knocks out Satellite Communications for Russian Military. Washington Post (2023). https://www.washingtonpost.com/technology/2023/06/30/satellite-hacked-russian-military/.
[29]
Christopher Miller, Mark Scott, and Bryan Bender. 2022. UkraineX: How Elon Musk's Space Satellites Changed the War on the Ground. https://www.politico.eu/article/elon-musk-ukraine-starlink/.
[30]
Glyn Mood. 2016. New Snowden Leaks Reveal "Collect it All" Surveillance was Born in the UK. https://arstechnica.com/tech-policy/2016/09/snowden-leaks-collect-all-signals-surveillance-born-in-uk/.
[31]
newtec. 2016. MDM2200 IP Satellite Modem. http://nposp.ru/wp-content/uploads/2016/11/newtec-mdm2200-on-the-newtec-dialog-platform.pdf.
[32]
Kirill Nikitin, Eleftherios Kokoris-Kogias, Philipp Jovanovic, Nicolas Gailly, Linus Gasser, Ismail Khoffi, Justin Cappos, and Bryan Ford. 2017. CHAINIAC: Proactive Software-Update Transparency via Collectively Signed Skipchains and Verified Builds. In USENIX Security Symposium.
[33]
Gabriele Oligeri, Savio Sciancalepore, and Roberto Di Pietro. 2020. GNSS Spoofing Detection via Opportunistic IRIDIUM Signals. In ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec).
[34]
James Pavur and Ivan Martinovic. 2022. Building a Launchpad for Satellite Cyber-security Research: Lessons from 60 Years of Spaceflight. Journal of Cybersecurity (2022), tyac008.
[35]
James Pavur, Daniel Moser, Vincent Lenders, and Ivan Martinovic. 2019. Secrets in the Sky: On Privacy and Infrastructure Security in DVB-S Satellite Broadband. In ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec).
[36]
James Pavur, Daniel Moser, Martin Strohmeier, Vincent Lenders, and Ivan Martinovic. 2020. A Tale of Sea and Sky: On the Security of Maritime VSAT Communications. In IEEE Symposium on Security and Privacy (S&P).
[37]
JC Pavur, Martin Strohmeier, Vincent Lenders, and Ivan Martinovic. 2021. QPEP: An Actionable Approach to Secure and Performant Broadband from Geostationary Orbit. In Symposium on Network and Distributed System Security (NDSS).
[38]
Alexandru Radovici, Ioana Culic, Daniel Rosner, and Flavia Oprea. 2020. A Model for the Remote Deployment, Update, and Safe Recovery for Commercial Sensor-based IoT Systems. Sensors, Vol. 20 (2020), 4393.
[39]
Bingyin Ren, Hailong Ge, Guangfei Xu, and Yongxin Zhang. 2023. Anti-Jamming Analysis and Application of Starlink System. In International Conference on Networking, Informatics and Computing (ICNETIC).
[40]
Edd Salkield, Simon Birnbach, Sebastian Kohler, Richard Baker, Martin Strohmeier, and Ivan Martinovic. 2023 a. Firefly: Spoofing Earth Observation Satellite Data through Radio Overshadowing. In Workshop on the Security of Space and Satellite Systems (SpaceSec).
[41]
Edd Salkield, Marcell Szakály, Joshua Smailes, Sebastian Köhler, Simon Birnbach, Martin Strohmeier, and Ivan Martinovic. 2023 b. Satellite Spoofing from A to Z: On the Requirements of Satellite Downlink Overshadowing Attacks. In ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec).
[42]
Ruben Santamarta. 2022. VIASAT Incident: From Speculation to Technical Details. https://www.reversemode.com/2022/03/viasat-incident-from-speculation-to.html.
[43]
Bruce Schneier. 1993. Description of a new variable-length key, 64-bit block cipher (Blowfish). In International Workshop on Fast Software Encryption.
[44]
Ewa Syta, Iulia Tamas, Dylan Visher, David Isaac Wolinsky, Philipp Jovanovic, Linus Gasser, Nicolas Gailly, Ismail Khoffi, and Bryan Ford. 2016. Keeping Authorities "Honest or Bust" with Decentralized Witness Cosigning. In IEEE Symposium on Security and Privacy (S&P).
[45]
Pietro Tedeschi, Savio Sciancalepore, and Roberto Di Pietro. 2022. Satellite-based Communications Security: A Survey of Threats, Solutions, and Research Challenges. Computer Networks, Vol. 216 (2022), 109246.
[46]
The Aerospace Corporation. 2023. Space Attack Research & Tactic Analysis (SPARTA). https://sparta.aerospace.org/.
[47]
Patrick Tucker. 2022. As Satellite Images Reshape Conflict, Worries Mount About Keeping Them Safe. https://www.defenseone.com/technology/2022/04/satellite-images-reshape-conflict-worries-mount-about-keeping-them-safe/366265/.
[48]
ViaSat. 2021. Q4 FY21, Shareholder Letter. https://investors.viasat.com/static-files/393791ed-ba16--4116-a556-cebf19ae5eb1.
[49]
Viasat Corporate. 2022. KA-SAT Network Cyber Attack Overview. https://www.viasat.com/about/newsroom/blog/ka-sat-network-cyber-attack-overview/.
[50]
AJ Vicens. 2023. Russian Telecom Confirms Hack after Group Backing Wagner Boasted about an Attack. Cyberscopp (2023). https://cyberscoop.com/russia-satellite-hack-wagner/.
[51]
Pingyue Yue, Jianping An, Jiankang Zhang, Jia Ye, Gaofeng Pan, Shuai Wang, Pei Xiao, and Lajos Hanzo. 2023. Low Earth Orbit Satellite Security and Reliability: Issues, Solutions, and the Road Ahead. IEEE Communications Surveys & Tutorials, Vol. 25 (2023). io
Index Terms
- VSAsTer: Uncovering Inherent Security Issues in Current VSAT System Practices
Recommendations
Security Analysis of the Estonian Internet Voting System
CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications SecurityEstonia was the first country in the world to use Internet voting nationally, and today more than 30% of its ballots are cast online. In this paper, we analyze the security of the Estonian I-voting system based on a combination of in-person election ...
OVER: overhauling vulnerability detection for iot through an adaptable and automated static analysis framework
SAC '20: Proceedings of the 35th Annual ACM Symposium on Applied ComputingInternet of Things (IoT) exposes various vulnerabilities at the software level. In this paper, we propose a static analysis framework for IoT. The proposed framework is designed for detecting security vulnerabilities such as Buffer Overflow, Memory ...
Software-driven Security Attacks: From Vulnerability Sources to Durable Hardware Defenses
There is an increasing body of work in the area of hardware defenses for software-driven security attacks. A significant challenge in developing these defenses is that the space of security vulnerabilities and exploits is large and not fully understood. ...
Comments
Information & Contributors
Information
Published In
May 2024
312 pages
ISBN:9798400705823
DOI:10.1145/3643833
- General Chairs:
- Yongdae Kim,
- Jong Kim,
- Program Chairs:
- Farinaz Koushanfar,
- Kasper Rasmussen
Copyright © 2024 Owner/Author.
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives International 4.0 License.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 27 May 2024
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
WiSec '24: 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks
May 27 - 29, 2024
Seoul, Republic of Korea
Acceptance Rates
Overall Acceptance Rate 98 of 338 submissions, 29%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 146Total Downloads
- Downloads (Last 12 months)146
- Downloads (Last 6 weeks)60
Reflects downloads up to 30 Aug 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in