Whispers Among the Stars: Perpetrating (and Preventing) Satellite Eavesdropping Attacks

The presentation discusses the vulnerabilities of satellite communication systems and the potential risks associated with them, including the interception of sensitive information, the compromise of critical infrastructure systems, and the identification of ships and their operational technology.

• Satellite communication systems are vulnerable to interception and compromise, which can lead to the theft of sensitive information and the manipulation of critical infrastructure systems.
• The presentation provides examples of how satellite communication systems are being used in various industries, including maritime, and how they can be exploited by attackers.
• The presentation also highlights the importance of encrypting data and choosing secure communication protocols to protect against these types of attacks.
• The presenter emphasizes the need for satellite service providers to prioritize security and encryption, as many commercial providers do not currently encrypt their networks.
• The presentation concludes by encouraging individuals and organizations to take proactive measures to secure their satellite communication systems and protect their sensitive information.

The presenter shares an anecdote about intercepting a lawyer's internet traffic and gaining access to their email inbox and website activity. This demonstrates the potential harm that can be caused by an eavesdropper who intercepts all of a user's connections, as opposed to a man-in-the-middle attacker on a specific connection.

Space is changing. The number of satellites in orbit will increase from around 2,000 today to more than 15,000 by 2030. This briefing provides a practical look at the considerations an attacker may take when targeting satellite broadband communications networks. Using $300 of widely available home television equipment I show that it is possible to intercept deeply sensitive data transmitted on satellite links by some of the world's largest organizations. The talk follows a series of case studies looking at satellite communications affecting three domains: air, land, and sea. From home satellite broadband customers, to wind farms, to oil tankers and aircraft, I show how satellite eavesdroppers can threaten privacy and communications security. Beyond eavesdropping, I also discuss how, under certain conditions, this inexpensive hardware can be used to hijack active sessions over the satellite link. The talk concludes by presenting new open source tools we have developed to help researchers seeking to improve satellite communications security and individual satellite customers looking to encrypt their traffic. The talk assumes no background in satellite communications or cryptography but will be most interesting to researchers interested in tackling further unsolved security challenges in outer space.