This post was originally published on September 9, 2020.
Satellite internet connections are a necessity in areas where broadband or cellular internet is unavailable. They’re commonly used by workers on remote oil rigs, ships traversing international waters, and airlines.
But a recent experiment by Oxford Univeristy Ph.D. researcher James Pavur demonstrates how easy it is to intercept these signals.
[Interested in the latest cybersecurity news? Sign up for the ExpressVPN newsletter.]
In his research notes, Pavur argues that the infosec community ought to take a closer look at the unsecured nature of satellite broadband communications. His experiment, which spanned several years, used a fixed physical location in the UK and was able to successfully intercept the signals of 18 satellites transmitting internet across a 100 million-square-kilometer area.
Some of the communications that Pavur was able to eavesdrop on included:
- Navigational information sent to a Chinese airliner over an unencrypted connection
- Messages relayed from an Egyptian oil tanker that allowed him to decrypt essential information about the ship, including personally identifiable information about crew members
- Account reset passwords for the network of a Greek billionaire’s yacht
- The session history from when a systems administrator logged in remotely to a wind turbine in France
The main reason satellite traffic is easy to intercept is the lack of technology that would allow parties to validate the integrity of an encrypted satellite connection. In other words, there are no HTTPS certificates for satellite internet traffic.
The equipment Pavur used to intercept the traffic was a 90 USD satellite dish and a 200 USD video-broadcasting satellite tuner, both of which are available freely online. He identified the orbital tracks of satellites using publicly available sources and pointed the satellite dish in that direction.
To record the data being transmitted, Pavur used signal-recording software and tweaked it to focus on internet traffic by using http protocols. By Pavur’s own admission, the technique didn’t require a particularly high level of technical ability. In total, he was able to swipe over 8 terabytes of information.
With the number of satellites in orbit rapidly increasing, “we stand at a critical technical inflection point where the infosec community can contribute and ensure that the security mistakes of the past do not become critical vulnerabilities for the future,” Pavur says.
The researcher didn’t reveal any names of the satellite manufacturers, ISPs, or organizations whose data was infiltrated due to security reasons. He did, however, inform them prior to the publishing of the report, giving them ample time to fix the problem.
Security vulnerabilities in satellite connections aren’t new. The ability to eavesdrop on these signals was first displayed in 2009 by white-hat hacker Adam Laurie, who used off-the-shelf components to intercept emails in transit, web browsing sessions, and live data that’s supposed to be hidden behind a paywall.
With this latest research, however, Pavur hopes that the next stage of satellite design will enable privacy by default. “Its goal is to provide a starting point for researchers interested in tackling challenging security problems in outer space,” he says.
There are signs that the technology is already improving. Starlink, Elon Musk’s high-speed broadband internet provided via low-orbit satellites, will be encrypted. A 2018 tweet by Musk suggested that a custom protocol would be used to make it happen, which means it won’t be available for other commercial satellites just yet.