How hacked satellites could be the next great hardware vulnerability

abstract art of a computer monitor

Hackers are setting their sights high.

If it can be hacked, it gets hacked. 

The latest vulnerable computer system is the kind that’s floating in space aboard satellites. Russian hacker group Turla, named after the malware they use, has targeted commercial satellites to harvest data from military and diplomatic sources in the U.S. and Europe, according to Russian security firm Kaspersky Labs.

This is not the first time a satellite has been made vulnerable, according to Kaspersky principal researcher Kurt Baumgartner, but it’s a particularly noteworthy instance.

“In the past, we’ve seen at least three different actors using satellite-based Internet links to mask their operations,” Baumgartner told the Daily Dot. “However, the solution developed by the Turla group is the most interesting and unusual, because the Turla group doesn’t purchase their own satellite links—instead they piggyback on legitimate users’ satellite Internet connections.”

Turla has previously targeted government sites and commercial concerns in China, Russia, and other countries. 

According to Dmitri Alperovitch, security firm CrowdStrike’s co-founder and CTO, Turla’s malware came from a “sophisticated Russian government-affiliated” hacker group CrowdStrike called Venomous Bear. 

The reason satellites, at least the old ones, are vulnerable, is the simple fact that they do not encrypt their data. Turla targets a terrestrial user who receives data from an Internet provider that uses satellites, then hijacks the satellite’s data stream.

Adam Shostack, security researcher in the Seattle area, offered some simple math for this type of hack:

“I think of this as another story of ‘modern attack tools go through X like a chainsaw through butter.’

X = cars, sniper rifles, lightbulbs, satellites. Substitute in your own value of X. If you’re not threat modeling and following through with modern secure development practices, you’re going to experience this.”

In other words, satellites won’t be the last mind-bending hardware hack. They’re just a point on the threat curve.

Baumgartner agreed. “There are always opportunities for new exploits and vulnerabilities,” he said. “Anything that can provide hidden storage or covert communications has potential to be useful to attackers. Dreaming up something new isn’t difficult, but identifying unusual (advanced persistent threat) techniques in action is very difficult.”

One of the limiting elements of hacking a satellite is the speed. It’s slow in comparison to other types of data streams. Still, the technique could get popular in the future, Baumgartner said, given the low hardware cost. 

“It is not the most reliable method for hosting a [command and control] server online” however. “It depends on when the legitimate user of the satellite Internet connection gets online and offline, and the attackers cannot control that.” 

Those worried that hackers will grab satellites and send them plummeting toward the White House or Downing Street should probably calm down and watch fewer James Bond movies. Hackers, by and large, want information, money, or both. Supervillain status just isn’t as lucrative.

Illustration by Max Fleishman

Curt Hopkins

Curt Hopkins

Curt Hopkins has over two decades of experience as a journalist, editorial strategist, and social media manager. His work has been published by Ars Technica, Reuters, Los Angeles Times, and San Francisco Chronicle. He is the also founding director of the Committee to Protect Bloggers, the first organization devoted to global free speech rights for bloggers