Kamikaze satellites and shuttles adrift: Why cyberattacks are a major threat to humanity's ambitions in space

Satellite
(Image credit: Shutterstock / Andrey Armyagov)

As private companies like Blue Origin and Virgin Galactic break new ground with fully crewed spaceflights, commercial space travel is beginning to feel less and less like fantasy.

For the time being, space exploration is reserved for scientists, engineers and billionaires, but it’s likely only a matter of time before advances in technology begin to democratize access. And the beneficiaries will include businesses, as well as intrepid tourists.

It’s all too easy, however, to be seduced by the possibilities of space and lose sight of the multitude of risks. For example, a new report from security company Kaspersky asserts that the threat posed by cyberattacks against space infrastructure is in danger of being overlooked.

Although the threat level remains relatively low for now, the report predicts the volume of attacks against space infrastructure is set to skyrocket, with potentially catastrophic consequences.

“In every new domain, people focus on the availability of a service before security. Space exploration is in that phase at the moment; there are a lot of systems with basic or no security,” explained Maher Yamout, Senior Security Researcher at Kaspersky.

“Maybe people think there is no risk for space stations and sensors, because they are ‘out of reach’, but attacks are already taking place.”

A layered system

The report divides space infrastructure into three categories - the user segment, ground segment and space layer - all of which are vulnerable to attack in their own specific ways.

The user segment is made up of the devices and networks used by administrators to monitor technologies deployed in space. The role of the ground segment, meanwhile, is to receive communications from the satellites and craft in the space layer, as well as to deliver instruction.

Already, intrusions have been identified that affect each of these layers. For example, in 2019, NASA discovered a threat actor had successfully compromised its network and deployed a hardware backdoor (in the form of a Raspberry Pi) to steal sensitive information. And in the ground segment, there is an opportunity for traffic interception, which could allow an attacker to snoop on satellite communication and inject traffic to communicate with a virus.

Kaspersky

An illustration of the user, ground and space segments that make up space infrastructure. (Image credit: Kaspersky)

Although there are currently no known examples of cybercriminals hacking directly into satellites, vulnerabilities in the user and ground segments have been exploited in attempt to alter the flight path of satellites in orbit.

“By design, every piece of infrastructure has entry points, each of which has the potential to create opportunities for attackers,” said Yamout. “On Earth, with all the advancements and new technologies, we have a relatively good level of security protection. But in space systems, the protections are much more basic.”

“With evolving technology and science, it is likely we will visit space more than we used to. Cybersecurity has to be considered when designing space systems in all layers and must integrate in all segments and phases of the space domain evolution.”

No matter how well space infrastructure is protected, however, criminals will find a way to launch attacks. The question then becomes: who and why?

Only a matter of time

At the moment, the incentives for cyber actors to launch attacks against space infrastructure are relatively few. With little opportunity to generate revenue, only a minority of hackers are likely to be interested.

The current space cybercrime landscape is dominated by state-sponsored actors, Yamout told us. These individuals or groups are not in it for money, but rather information that might accelerate domestic space research or provide an intelligence advantage over a rival nation. At a stretch, cyber mercenaries employed by private businesses may also be involved in intelligence gathering activities at this stage.

However, as the number of private businesses operating in space increases (think space mining and telecommunications, as well as tourism), the door will open to a variety of different kinds of attack, from a wider range of actors.

“Cybercriminals are only really interested in making money,” explained Yamout. “Once space is commercialized and technology becomes sophisticated enough to install malware, criminals will be able to deploy ransomware against critical infrastructure, for example.”

“This is a big deal, because infrastructure in space costs a lot of money and is not easy to replace, so criminals will have significant leverage in negotiations.”

The fundamental principles of cybercrime are the same in space as they are on earth. As money floods into the sector, it’s likely that some of it will flow into the pockets of cybercriminals too.

It’s even likely, he says, that hacktivists and script kiddies (amateur hackers looking to hone their craft) could cause problems, launching nuisance attacks that bypass the basic levels of protection, if only to prove that it’s possible.

Worst case scenario

In the worst case scenarios Yamout described, cyberattacks on space infrastructure will place human lives at risk, either by causing the loss of communication with Earth or the loss of control of space equipment.

Spacecraft (both manned and otherwise) are heavily reliant on communications to function. And it’s possible, at the whim of a nation-state or cybercriminal actor, that a shuttle could be set adrift with fatal consequences.

According to Yamout, cybercriminals that manage to infiltrate the ground segment could also establish so-called “kamikaze satellites”, which could be instructed to crash into technology deployed at the space layer (and cut off a line of communication in the process).

In some scenarios, the consequences of cyberattacks will be felt most acutely on Earth itself. Imagine a scenario whereby a cybercriminal is able to jam signals emitted by GPS satellites, bringing journeys to a standstill, leaving ships lost at sea and more.

The best way to limit attacks of this kind, says Yamout, is to raise awareness early in the cycle, in the hope the industry will recognize the importance not just of breaking new ground in space, but of building security into infrastructure from the start.

“History proves that new domains often begin with few resources and basic capabilities, opening the gate to a multitude of cyber threats,” he added. “The hope is that we won’t repeat the same mistakes in space - the next cyber frontier.”

Joel Khalili
News and Features Editor

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.