If you have a web server you can do lots of things to help - blocking or whitelisting IPs. Rate limiting password attempts. 2FA etc, but also you can have physical access if things really go wrong.
How are these remote systems kept secure? How do you prevent someone just constantly brute forcing the password? Or doing a denial of service attack on them?
Presumably someone (Russia) has tried this given the use of Starlink in Ukraine.
Just very curious how this task is approached.
Hack-A-Sat is a Capture the Flag (CTF) competition designed to inspire the world’s top cybersecurity talent to develop the skills necessary to help reduce vulnerabilities and build more secure space systems.
In Hack-A-Sat 1, 2 and 3, the best of the best have been learning more about all the skills required to hack in space through physical flatsat hardware and digital twin simulation. But, this year, PRACTICE IS OVER, as Hack-A-Sat 4 presents the world’s first CTF competition IN SPACE. Five Finalist Teams will compete on Moonlighter, an on-orbit satellite. Moonlighter is the world’s first and only hacking sandbox in space, designed specifically to advance the cyber security community and secure space for us all.
When considering targeting a single satellite, note that Starlink's Ku-Band beam spans approximately 3 degrees[1]. Given their low-altitude orbits, individual satellites will move out of coverage within minutes, to be replaced by the next in line. Analogous to aiming at a static target is easy, but when the target is rapidly moving, it becomes much more difficult to target, not to imagine the hardware required. The challenge becomes almost insurmountable at certain cost scales when dealing with multiple, swiftly changing targets.
In addition, SpaceX is establishing LISLs[2] (Laser Inter-Satellite Links), where instead of communicating with a ground-station, the satellites can communicate amongst themselves which yields higher data rates, less interference, lower latency, and mostly importantly provides a higher security by eliminating the need for a ground-based intermediary. I was fortunate enough to tour Starlink's assembly factory and witness the development of LISLs firsthand - their work is truly impressive.
In terms of updating and patching the satellites, of course there's the traditional software patches applies. As for hardware updates, it's worth noting that Starlink satellites have about a 5-year lifespan. New satellites are frequently launched to join the constellation, presumably with the latest hardware patches, while older or malfunctioning satellites can be de-orbited.
[0]: https://www.spacex.com/starshield/
As for denial of service, are we talking about data level or physical level? On a data level, you'd have to get your flood through the starlink-controlled uplink station. Or maybe you'd simplify to flooding the uplink station itself. On a physical level you can deny access pretty easily, but only to the specific cell you're in. It would take a lot of power to block communication in completely different directions.
Unless they are morons, they will use some sort of key derivation step, probably on the client side, that is relatively expensive to compute and produces a key of a size that is completely impossible to brute force. That key is the actual "password" verified during authentication. If done on the client side as I suspect, the parameters for this step could be chosen to take up to multiple seconds of compute time, thus making even simple passwords effectively immune to being brute forced in turn.
I doubt you'll get much hard evidence as to which measures are being used, but the above is pretty much guaranteed.
The nature of Starlink should make it more immune to attack not less. Similarly it'd be really difficult to DoS something like youtube, due to the hugely fragmented nature of the deployment. And that's without the added complication of being an entirely wireless system in space.
I guess the closest equivalent here is a remote point of presence for an ISP, which is also unlikely to be staffed on a regular basis. The first step is physical security, ensuring no one can get their hands on the hardware itself… that one’s pretty much in the bag here.
With that out of the way, we then look at the communications channel. This is probably the greatest vulnerability Starlink has, since if you can target the satellite with a powerful enough transmitter you can hypothetically block anyone else communicating with it. I’d be curious to hear if there are any specific defences against that built into Starlink. As another poster mentioned though, you’re only going to be able to do that to a given satellite for a short period before it crosses the horizon, so this is mostly a case of being able to deny service in a specific region of the world.
Next up is remote access. Again, curious to hear otherwise, but there’s probably a couple of control channels here. The satellites are probably running an SSH server, but I’d be surprised if that’s exposed to the public internet, so you’d need to breach whatever VPN or equivalent SpaceX use to communicate with the satellites. In this regard they’re just another computer, apply whatever methods you’d usually apply.
They also likely have a channel via which they’re listening for instructions to update their configuration. In that regard, these are IoT devices, it’s just that instead of receiving instructions to turn on a light bulb, they get instructions to fire rockets and change their orbit. My hunch here is that the primary comms channel for this is going to be the same as the SSH server, but there may well be a direct radio link they can use to recover if IP connectivity is lost. That’s probably the weak point if you want to hack a satellite, but it’ll be encrypted in some manner, and need authentication. Just finding out how that works will be a needle in a haystack because you’d have to intercept the traffic to start analysis.
Or get physical access. Maybe you could contract SpaceX to give you a lift up?
It would be interesting to find out how effective patching methods are in place with satellites considering their somewhat unique location.
I would be somewhat surprised if any proactively secured tech used a password. Key pair encryption is the way. A password over 20 random characters is virtually un-brute-forceable if there was one.
DDOS would involve either a botnet or a nation-state. Both could be solved by the US government if needed. It would be a bad target because you would almost certainly gain fed attention and that isn't attention you want. A satellite could probably be signal jammed with the only possible way to stop it being to blow up the jamming device.
I think your model of a satellite being more special than a web server is probably not all that correct. It's probably not significantly different than your home router in an abstract sense, just with a humongous antennae.
Most serious networking devices separate the control of the device from the operation of the device, so it's possible that there are specific configuration antenna or specific configuration frequencies, or sequences of frequencies that are used for configuration. There is probably some wireless equivalent of "using a different cable."
ACL's are probably standard, rate limiting is probably standard. I would be surprised if there were not 2fac. I would be surprised if there was not an incredibly monitored machine that is the only machine with credentials for those satellites, maybe even air-gapped from the internet at large.
I would potentially be worried about my hardware supply chain, for example if components came from China, they would probably inspect them quite carefully.
Your model of attacking the satellite itself is probably also wrong. Exploiting a companies networking devices, particularly from the outside is probably quite hard, what people go after is employee devices. There are probably a number of starlink employees with access and compromising their laptops might compromise all satellites. This means attacking the satellite system is probably like any other corporate hacking job, phish some employees or compromise a supply chain, use that to move around a company's network, hopefully undetected, etc.
If I wanted to compromise Starlink, and I was a nation-state, I would keep a list of all starlink employees or attempt to get that list via technical means and then try to compromise an employee. Compromises can be done technically, with bribery, extortion, and then violence.
The first stage of hacking is figuring out information. Who are the employees, who are the suppliers, what is the security architecture, etc. That informs the approach. Maybe there is a piece of software that would be easier to find a zero day for. Maybe it would be easier to compromise a supply chain. Maybe it's easiest to honeypot the employee with a beautiful person.
Setting up a coffee shop next to a starlink office and putting some great cameras and microphones in it for example, would probably be fruitful.