Next time your GPS app functions without interruption, or a credit card transaction is approved on the first try, consider thanking a hacker.
Both of those everyday activities, along with many others, are made possible in part because of satellites, those orbiting chunks of metal that only a fraction of the population thinks about on a regular basis. Now, though, security-minded officials in the Pentagon’s Defense Digital Service (DDS), the Air Force and New York-based vendor Red Balloon Security are trying to improve satellite security by sending computer researchers the technology they would need to hack them. It’s part of an effort to ensure that those big satellites orbiting the Earth remain reliable, and keep the GPS navigation running.
One research challenge, called Nyan-Sat, is broken up into three parts. Hackers are building their own satellite tracking antennae, exploiting a ground station modem, and then participating in a live-streamed ground station event. And with DEF CON going virtual this year to avoid the spread of the coronavirus, Red Balloon, which is coordinating Nyan-Sat with DDS and the Air Force, has mailed DEF CON attendees hacking “kits” for $1 that will allow them to track satellites.
“The hardware costs more than $1, it’s $100. But we figure this year since we can’t be at DEF CON physically and we’re not sponsoring any events, we would spend the money we would have spent sponsoring events and spend it on hardware instead,” Red Balloon CEO Ang Cui told CyberScoop. “Even though we can’t physically be with our community, we can … all play with the same thing at the same time.”
Nyan-Sat is one of a number of workshops taking place this week as a part of DEF CON’s aerospace “village,” where hackers can flex their skills with other security researchers from around the world. Participants may also join other aerospace programs sponsored by DDS and the Air Force, including two in which hackers can attack mock satellites and one, called “Bricks in the Air,” for hacking model airplanes made of LEGO Technic bricks. DEF CON is also hosting its first-ever Hack-A-Satellite capture the flag challenge this year.
Satellites help power some of our most sensitive communications and services, like weather forecasting, television, and banking services. But their security has historically been lacking, and they’re vulnerable to data interception and takeovers, research has shown. Suspected Chinese and Russian hackers have been particularly interested in the technology.
In many ways, however, the security community is still playing catchup. It was only last year, for instance, that a security company stood up the first-ever Space Information Sharing and Analysis Center (S-ISAC) in Colorado. The Pentagon established the U.S. Space Force within the Air Force just last year as well.
“A lot of people are realizing we’re at this inflection point where space is obviously going to be very important going forward,” Cui said, noting the decreasing cost of technology required to track or meddle with satellites is only going to increase cybersecurity risks in space. “This is the perfect, obvious storm. You have a whole lot of these very vulnerable devices, you have a whole planet of hackers that are dying to get access to them, and all of a sudden technology that allows you to get access cheaply.”
The goal of the Aerospace Village is to pique security researchers’ interest in investigating satellite security, Cui said. If any hackers find vulnerabilities or security issues this week, Cui said that will be an added benefit.
“The most important thing is we have to go and fix the security problems people point out. To do that, we need talented people to come and put their attention on this because we have a whole lot of work to do in the next decade,” Cui said.
“We believe the flying public deserves safe, reliable, and trustworthy air travel, which is highly dependent on secure aviation and space operations,” the Director of Communications for the Aerospace Village, Kaylin Trychon, said in a statement shared with CyberScoop.
Virtual reality in the time of the coronavirus
Normally, DEF CON attendees would be squeezing past slot machines and through bustling hallways to make their way to an even more crowded Las Vegas hotel conference rooms to hack mock satellites. This year the ambiance will be quite different.
In a nod to the typically hands-on nature of DEF CON, the Pentagon worked with a vendor to create a virtual reality environment for the aerospace workshops, Clair Koroma, a project manager at DDS, told CyberScoop.
“Instead of creating a web page with a bunch of links, we wanted them to have a place sort of like if they were on the floor of DEF CON where they can walk around, try out different workshops,” Koroma told CyberScoop.
DDS provided CyberScoop with an exclusive tour of the virtual reality environment, which although is devoid of human interaction in the physical world, is quite pleasant.
Participants will first be welcomed into a purple-infused virtual world adorned with floor-to-ceiling windows boasting views of fluffy cloud cover. Attendees can then navigate through the world by clicking on floating DEF CON skulls to cave-like “rooms” where they can join security challenges. In a “room” on the left waits the airplane hacking challenge. On the right, they will find the satellite hacking workshops — Nyan-Sat, SimpleSat, and DDSAT-1.
Attendees will be directed to participate in challenges through a Twitch stream, in a nod to the gaming community that’s often prominent at DEF CON, Koroma said. To change workshops, participants just click on a new skull.
And in an effort to make the virtual village feel analogous to past DEF CONs, DDS will be giving away stickers, and sprinkled some nostalgic visuals throughout the world, too.
Participants don’t need any special virtual reality equipment. It should just work with an internet connection and a mouse, Koroma said.
And five years into its existence, DDS still employs Star Wars nerds, so, of course, DDS slipped in Star Wars-themed items throughout the village as well.