Researcher James Pavur of Oxford University has presented his findings on the Black Hat USA 2020, which this year is an online conference, and his research is around satellite broadband communications - a hot topic for the years to come. We are going to see scores of satellites being launched into low-Earth orbit, with their owners promising high-speed internet even at the most remote locations on our planet.
However, there’s a growing concern about the cybersecurity flaws that plague these cheap CubeSats, and Pavur’s presentation focuses right on this aspect.
The researcher explained that an attacker using something as inexpensive as a $90 satellite dish and a $200 digital video broadcasting tuner, can intercept satellite broadband traffic. To make matters even better for the attacker, this interception would leave no traces, so the victims wouldn’t know it’s happening and wouldn’t have any way to tell who’s doing it.
Additionally, recording the intercepted traffic for analysis would be very easy as well, since multiple free tools can help with signal recording. So, all in all, the hacking process wouldn’t require any particularly sophisticated equipment nor highly technical knowledge.
If you’re wondering what the consequences of this may be, the answer can be summed up in the word ‘outermost.’ If your internet traffic is intercepted, someone could access your communications, documents sent or received, and even your username and passwords on various online platforms.
The researcher presented an example of intercepting maritime shipping communications and managed to extract vessel identification details, the operating systems used on the onboard computers, and even personal information on the crew. Other real-world examples presented by Pavur include the private data of a billionaire’s yacht captain and also data from people using airplane Wi-Fi.
There are already critical industry sectors that rely on satellite internet, so the problems are already crucial even before a large number of people join this tech in the years to come. For this reason, Pavur didn’t name which satellite internet vendors, manufacturers, and organizations can be compromised this way, and he instead informed them of his findings directly.
The message that we’re to keep from the report is that this type of interception is possible, and satellite internet shouldn’t be treated any differently than the ground to ground networks as far as cybersecurity is concerned. When data packets are flying around, there’s always a chance that someone will grab them, so encrypting that data would be a good idea anyway.