A team of cybersecurity experts from French defense contractor Thales successfully hacked a test satellite belonging to the European Space Agency (ESA). Thales revealed that the ESA had given them permission to conduct a “unique” experiment to confirm that space cybersecurity needs significant improvement. The group of four exploited multiple vulnerabilities to smuggle malicious code onto the satellite before manipulating its data transmission to Earth. Despite successfully hiding their activities from ESA, they maintained constant access and could have restored the satellite to its normal operations at any time.
The experiment was part of a test for the Cysat cybersecurity conference in Paris, where hackers were tasked with exploiting the OPS-SAT satellite, measuring just 30 centimeters and launched in 2019 by the ESA. The satellite features powerful mission control systems on board that allow scientists to conduct experiments and tests that would be too risky to carry out on operational satellites. ESA had announced its availability for such hacking experiments in early 2022.
Thales announced that its team had also managed to manipulate satellite images to hide specific geographical areas. They discovered and exploited vulnerabilities on board the satellite, which they reported to the ESA. This is not the first hacking experiment involving OPS-SAT, as French IT security researcher Maurice-Michel Didelot conducted a similar hack a year ago and identified vulnerabilities that were also reported to the agency.
This successful experiment confirms that there is a strong need for enhanced cybersecurity efforts in space. Space agencies and satellite manufacturers must adopt better security practices and techniques to prevent future attacks. The Thales experiment serves as a wakeup call for the entire space industry to step up and ensure space cybersecurity. As more aggressive cybercriminals seek to exploit potential weaknesses in space systems, proactive security measures have become essential for everyone involved in satellite-based operations.
Moving forward, it is expected that ESA and other space organizations will increase their collaboration with cybersecurity firms to develop robust security protocols. By working together, they can identify and address any vulnerabilities and strengthen satellite systems’ cybersecurity against emerging threats.
