Hacking demo at CYSAT 2023: world first or “déjà vu”❓ Here is what I know 👇

0
112

CYSAT 2023 is over. It’s time to review everything that has happened during this amazing event. But first, let’s remember what CYSAT is.

CYSAT is the leading European cybersecurity and space exhibition that took place 26th-27th April in Paris (Station F). This is the biggest European event entirely focused on cybersecurity for the space industry.

Since 2021, the event brings space and cybersecurity experts together to create a European ecosystem capable of responding to the current and future challenges faced by the European space industry.

Faced with cybersecurity challenges and the growing importance of data protection in space, it is crucial to bring together communities of cybersecurity experts to build a European ecosystem capable of addressing current and future industry challenges.

Last years’ event saw more than 450 space specialists, decision-makers and experts come together. In its third year, CYSAT highlighted Europe’s cybersecurity capabilities and solutions dedicated to space from both a technological and geostrategic perspective.

To find the full programme and more information on the event, visit: https://cysat.eu/

Mathieu Bailly, VP at CYSEC, Co-founder and Director of CYSAT, has published on his linkedin profile about the Hacking demo at CYSAT 2023: world first or “déjà vu”❓ Here is what he knows 👇

We publish these key takeaways below with his permission. Thank’s to Mathieu for sharing whith us its key takeaways.

Mathieu Bailly, VP Space chez CYSEC et Directeur de CYSAT

#Hacking demo at CYSAT 2023: world first or “déjà vu”❓Here is what I know 👇

The exact claim is first “ethical hacking demonstration performed on a flying satellite” 🏅

⚠️ Every word counts!

1️⃣ in the real world

Since satellites have been used for intelligence and military communications oh boy they’ve suffered many cyber attacks. Some have been successful, many haven’t.

I’d say most of the “attacks” publicly disclosed have not actually managed to disturb the nominal operations of the space segment
Examples include the Luch-Olympe fly-by, the Viasat attack (the Ka-sat satellite is still working perfectly fine!), all the jamming / spoofing attacks in the black Sea or Iran, etc etc

For the very few which seem to be related to the space segment I’d be very careful as most of the time the actual facts remain scarce and hard to prove (example: ROSAT story in 1998)

2️⃣ Security research

Some researchers did some really interesting stuff to point out the vulnerabilities of space systems but to my best knowledge never actually went all the way

I’m thinking about James Pavur for example that was among the pioneers in space security. He made a big splash by showing he was able to #eavesdrop quite easily on sensitive data transmitted by satellite 📡 but never performed an experiment on the satellite itself.

3️⃣ Ethical hacking

In terms of ethical hacking the number one reference is the US Air Force competition Hack-a-sat.
💬 “it’s been done already in Hack-a-sat” is the number one comment I’ve read below the CYSAT articles.
Well, no. Not yet exactly.
Hack-a-sat 1, 2 and 3 were done on the ground. On flatsats. Nothing was flying in orbit. Check out the testimonials of European hackers at CYSAT 2021 and 2022.
However it is true that hackers will get the chance to hack “Moonlighter”, a flying 3U cubesat during Hack-a-sat 4 later this year 👾

4️⃣ Hack CYSAT 2022

There is also a bit of confusion regarding of what happened last year.
We had this idea of hacking a flying satellite back in the summer 2021 with CYSEC CEO and CYSAT co-founder Patrick Trinkler.
It took us a while to find a satellite operator that was okay to let hackers play with it
Finally I heard of OPS-SAT which I thought would be the ideal spacecraft to do a security demo.

Then it took David Evans and I some time to build the case to ESA’s management.
Finally in February 2022 we published the Hack CYSAT open call to invite hackers to submit their ideas, among them Didelot Maurice-Michel that blogged about a vulnerability he spotted and told ESA to fix it, which ESA did. But nothing was done on the 🛰️

5️⃣ random articles

Various articles out there are mixing the words “satellite” and “hacking”, like the guys that “hijacked” a satellite to play a movie, etc etc. None of them did what we claim the Thales team did at CYSAT.

👉 So to me it looks like it had never been done before but maybe I’m wrong!

👇 PLEASE comment below if you have other references!

Check this demo in video

All 2023 CYSAT videos are online

All videos about 2023 CYSAT in Paris, the biggest European event around cybersecurity for commercial space, are online and can be seen here.

A propos de CYSEC 

CYSEC is a Franco-Swiss cybersecurity company that is a pioneer in the protection of satellites and data collected and transmitted in space.

The company has just launched two security products in 2023, ARCA SATCOM dedicated to the satellite internet market, and ARCA SATLINK dedicated to constellation operators.

For more information : www.cysec.com

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.