Right after the Captain Midnight incident, the satellite owner/operators were worried about being hacked and wanted to know if they were vulnerable. We did a brief risk assessment and found that surplus RF gear capable of sending commands and getting telemetry or jamming the payload side were easy and cheap to obtain. The control/telemetry frequencies and even some of the typical data structures were in the public domain. Basically they were and most of them still are vulnerable. The tactical military birds are encrypted up and down and there was some transfer of encrypted communication into the non-miltary side. Hanging out near a ground station, sniffing the control channel and watching the telemetry channel is easy. Once the data structure is known, control can be done from some rather obscure and difficult to find locations. This is not news, that fact that the government is just now finding out is also quite typical and shows just how clueless they are about critical infrastructure protection. What can be done to prevent a sathack?... damn near nothing!

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/942/16755#16755