Satellite & GPS Hacking

A satellite is a moon, planet or machine that orbits a planet or a star.

Earth is a satellite because it orbits the sun. Likewise, the moon is a satellite because it orbits Earth. Usually, the word “satellite” refers to a machine that is launched into space and moves around Earth or another body in space.
Earth and the moon are examples of natural satellites. Thousands of artificial, or man-made, satellites orbit Earth.

Some take pictures of the planet that help meteorologists predict weather and track hurricanes. Some take pictures of other planets, the sun, black holes, dark matter or faraway galaxies. These pictures help scientists better understand the solar system and universe.
Still other satellites are used mainly for communications, such as beaming TV signals and phone calls around the world. A group of more than 20 satellites make up the Global Positioning System, or GPS. If you have a GPS receiver, these satellites can help figure out your exact location.

Why Are Satellites Important?

Satellites fly high in the sky, so they can see large areas of Earth at one time. Satellites also have a clear view of space. That’s because they fly above Earth’s clouds and air.Before satellites, TV signals didn’t go very far. TV signals only travel in straight lines. So they would go off into space instead of following Earth’s curve. Sometimes they would be blocked by mountains or tall buildings.

Phone calls to faraway places were also a problem. It costs a lot and it is hard to set up telephone wires over long distances or underwater.

With satellites, TV signals and phone calls can be sent up to a satellite. The satellite can then send them back down to different spots on Earth.

What Are the Parts of a Satellite?

Satellites come in many shapes and sizes. But most have at least two parts in common – an antenna and a power source. The antenna is used to send and receive information. The power source can be a solar panel or battery. Solar panels make power by turning sunlight into electricity.

Many NASA satellites carry cameras and scientific sensors. They may gather information about Earth’s land, air and water. Or they may collect data from the solar system and universe.

Types and Uses of Satellites

– Astronomy satellites – Hubble Space Telescope

An astronomy satellite is basically a really big telescope floating in space. Because it is in orbit above the Earth, the satellite’s vision is not clouded by the gases that make up the Earth’s atmosphere, and its infra red imaging equipment is not confused by the heat of the Earth. Astronomy satellites, therefore, can “see” into space up to ten times better than a telescope of similar strength on Earth.

Astronomy satellites have many different applications:

– they can be used to make star maps
– they can be used to study mysterious phenomena such as black holes and quasars
– they can be used to take pictures of the planets in the solar system
– they can be used to make maps of different planetary surfaces

Atmospheric Studies satellites – Polar

Atmospheric studies satellites were some of the very first satellites launched into space. They generally have pretty low Earth orbits so that they can study the Earth’s atmosphere.

Communications satellites – Anik E

It is difficult to go through a day without using a communications satellite at least once. Do you know when you used a communications satellite today? Did you watch T.V.? Did you make a long distance phone call, use a cellular phone, a fax machine, a pager, or even listen to the radio? Well, if you did, you probably used a communications satellite, either directly or indirectly.

Communications satellites allow radio, television, and telephone transmissions to be sent live anywhere in the world. Before satellites, transmissions were difficult or impossible at long distances. The signals, which travel in straight lines, could not bend around the round Earth to reach a destination far away. Because satellites are in orbit, the signals can be sent instantaneously into space and then redirected to another satellite or directly to their destination.

The satellite can have a passive role in communications like bouncing signals from the Earth back to another location on the Earth; on the other hand, some satellites carry electronic devices called transponders for receiving, amplifying, and re-broadcasting signals to the Earth.

Navigation satellites – Navstar

Today, most navigation systems use time and distance to determine location. Early on, scientists recognized the principle that, given the velocity and the time required for a radio signal to be transmitted between two points, the distance between the two points can be computed. The calculation must be done precisely, and the clocks in the satellite and in the ground-based receiver must be telling exactly the same time – they must be synchronized. If they are, the time it takes for a signal to travel can be measured and then multiplied by the exact speed of light to obtain the distance between the two positions.

Reconaissance satellites – Kennan, Big Bird, Lacrosse

These days, you hear a lot about satellites for communications and scientific research. Some satellites, though, have far less public uses. Reconnaissance satellites are used to spy on other countries. They provide intelligence information on the military activities of foreign countries. These satellites can even detect missile launches or nuclear explosions in space. Reconnaissance satellites can pick up and record radio and radar transmissions while passing over a country. Finally, they can be used as an orbital weapon by placing warheads on a low orbit satellite to be launched at a ground target.

Here are basically four types of reconnaisance satellites:
First, there are the optical-imaging satellites that have light sensors that detect missile launches and “see” enemy weapons on the ground.
Next are the radar-imaging satellites. They are able to observe the Earth using radar technology through cloud cover.
Third, there are signals-intelligence or ferret satellites that are essentially super-sophisticated radio receivers that capture the radio and microwave transmissions emitted from any country on Earth.
Finally, there are the relay satellites that make military satellite communications around the globe much faster by transmitting data from spy satellites to stations on Earth.

Remote Sensing satellites – Radarsat

Remote sensing is observing and measuring our environment from a distance. So, remote sensing satellites are usually put into space to monitor resources important for humans. For example, remote sensing satellites might track animal migration, locate mineral deposits, watch agricultural crops for weather damage, or see how fast the forests are being cut down.

Search and Rescue satellites – Cospas-Sarsat

Sure satellites can transmit radio and television signals, but can they save lives too? Of course they can! Search and rescue satellites are designed to provide a way for vessels at sea and in the air to communicate from remote areas. These satellites can detect and locate emergency beacons carried by ships, aircrafts, or individuals in remote or dangerous places.

Space Exploration satellites – Galileo

Space exploration satellites are not really satellites at all; they are properly known as space probes. A satellite is defined as something that’s orbiting something else, but space probes instead travel deep into the solar system. However, they are similar to orbiting satellites in design and function.

On their journeys, space probes send back detailed pictures and other data of faraway planets and other stellar phenomena. Space exploration satellites are responsible for many of astronomy’s most important achievements. Jupiter’s rings, for example, were discovered by a space exploration satellite.

Weather satellites – Meteosat

Because of weather satellite technology and communications satellite technology, you can find out the weather anywhere in the world any time of the day. There are television stations that carry weather information all day long. Meteorologists use weather satellites for many things, and they rely on images from satellites.

So, after we’ve covered what a satellite is and a few types there are.
We will be mainly talking about the Communication || GPS Satellite from now on.

How do communications satellites work?

Communications satellites receive information from transmitters on Earth (in an uplink) and beam it down to receivers elsewhere on the planet (in a downlink). Transmitters and receivers differ widely. Transcontinental telephone calls are sent and received by gigantic satellite dish antennas on opposite sides of the globe. At the other end of the scale, handheld electronic “compasses” called GPS (Global Positioning System) receivers pick up signals from 24 Navstar GPS navigational satellites, enabling travelers to pinpoint their position to within a few feet, anywhere on Earth.[Image: yrlZTeg.png] Antennas and transmittersImagine holding out your hand and catching words, pictures, and information passing by. That’s more or less what an antenna (sometimes called an aerial) does: it’s the metal rod or dish that catches radio waves and turns them into electrical signals feeding into something like a radio or television or a telephone system. Antennas like this are sometimes called receivers. A transmitter is a different kind of antenna that does the opposite job to a receiver: it turns electrical signals into radio waves so they can travel sometimes thousands of kilometers around the Earth or even into space and back. Antennas and transmitters are the key to virtually all forms of modern telecommunication.How antennas work1)Electricity flowing into the transmitter antenna makes electrons vibrate up and down it, producing radio waves.
2)The radio waves travel through the air at the speed of light.
3) When the waves arrive at the receiver antenna, they make electrons vibrate inside it. This produces an electric current that recreates the original signal.How GPS works

Satellite navigation systems all work in broadly the same way. There are three parts: the network of satellites, a control station somewhere on Earth that manages the satellites, and the receiving device you carry with you.

Each satellite is constantly beaming out a radio-wave signal toward Earth. The receiver “listens out” for these signals and, if it can pick up signals from three or four different satellites, it can figure out your precise location.

Hacking Satellites -Basic intro

Satellites play a significant role in communication, early warning systems, global broadcasting, meteorology, navigation, reconnaissance, remote sensing, and surveillance. Satellite services cover practically every sector, from mobile cellular communication to telemedicine, so any interference with them could have a serious effect. Satellites are a strategic asset for any country and are considered as “critical infrastructure,” therefore they are considerable as privileged targets for a possible cyber attack.

Satellite Threats

-Tracking – tracking over web data and software
-Listening – listening with the right equipment, frequencies, and locations
-Interacting – protocols and authentication used, radio transmissions need official license!
-Using – take over a bird or a TT&C [use payloads, make pictures, transmit something (DVB or radio)]
-Scanning/attacking – anonymous proof of concept in 2010 by Leonardo Nve Egea, scanning, DoS, and spoofing possible
-Breaking – old technologies used (X.25, GRE)
-Jamming – jamming well-known frequencies for satellites
-Mispositioning/Control – transponder spoofing, direct commanding, command reply, insertion after confirmation but prior to execution
-Grilling – activating all solar panels when exposed to sun, overcharging energy system

We will go over each technique here , with a short explanation , however focus mainly on Jamming, as this is the main well-known technique used in hacking satellites.


The attacker floods or overpowers a signal, a transmitter, or a receiver, interfering with legitimate transmission.

Interference has become the primary cause of the impairment and degradation of satellite services. The hackers use a directed antenna to produce the interference, usually a specifically crafted signal having enough power to override the original transmitted signal. Satellite jamming is a hacking method often used to interfere with communication for distribution of media for censorship purpose. The two forms of satellite jamming are “orbital” and “terrestrial”.

In orbital jamming, the attacker sends a beam of contradictory signals directly toward a satellite via a rogue uplink station. The jamming signals are mixed with the legitimate signals, thus interfering with them. The jamming signals are able to override the legitimate transmission, blocking its transmission to the recipient.

[Image: gDVigwq.png]

In terrestrial jamming, the attacker transmits rogue frequencies in the direction of terrestrial targets (ground satellite dishes). Rather than targeting the satellite itself, as is the case in orbital jamming, terrestrial jamming involves transmitting rogue frequencies in the direction of local consumer-level satellite dishes. The jamming frequencies are limited to a specific area and are able to interfere only with the frequency emanating from the satellite in a specific location. Small, portable terrestrial jammers are easy to purchase and use; they typically have a range of 3-5 kilometers in urban areas, while in rural areas their range can increase to up to 20 kilometers.

Terrestrial Jammers-

[Image: nyV3VZE.png]The jamming attack could be directed against satellite receiving an uplink or against a ground station or user terminal receiving a downlink; the flooding of an uplink is considered the most damaging attack because it is able to saturate/destroy all possible recipients. Otherwise, jamming attacks against a terrestrial device could cause minor damages by impacting a limited portion of the satellite architecture, since downlink jamming is a reversible attack and it affects only users within line of sight of the jammer.Uplink jamming has relatively less impact because it can interfere with the transmission of a satellite over a broad area but only for a temporary period and it does not permanently harm the target system.The uplink jamming of the control link can prevent a satellite from receiving commands from the ground; it can also target user-transmitted data, thus disturbing the recipients. An uplink jammer must have at least the same power of the signal it is attempting to block and, during the attack, it must be located within the footprint of the satellite antenna it is targeting.[Image: fNTMerX.png]The most concerning aspect of jamming attacks is that they can be undertaken using off-the-shelf technology and the detection and attribution of intermittent jamming can be difficult.


Differently from jamming, eavesdropping on a transmission allows an attacker to access transmitted data. Despite the fact that almost every satellite communication is encrypted, it is quite easy to read posts on the internet that describe how to use off-the-shelf products to intercept satellite transmissions whether they carry satellite broadcast media, satellite telephone conversations, or Internet traffic.

Quote:In early 2012 German security researchers demonstrated that satellite phones can be easily intercepted and deciphered using equipment readily available on the market, just a personal computer and an antenna were sufficient to hack the two encryption standard algorithms, known as GMR-1 and GMR-2, implemented to protect satellite phone signals of principal phone operators. These encryption standards were commonly used in the Thuraya satellite phones deployed in Africa, the Middle East, and North Asia.

GMR-1 is a variant of the A5/2 algorithm implemented by the GSM standards. It is vulnerable to cipher-text-only attacks. The GMR-2 standard introduced a new encryption algorithm, also cryptanalyzed.

Quote:One of the most popular cases of satellite eavesdropping has as a protagonist the off-shelf software SkyGrabber, produced by the Russian firm Sky Software and sold for $26. The software was used by hackers in Iraq and Afghanistan to capture unencrypted video feeds of the Predator unmanned aerial vehicles ( UAVs).

The software was used to access data broadcast by satellites. The insurgents in those areas weren’t able to control or disrupt the UAVs but, using SkyGrabber, eavesdropped on the signals sent.

The news created a lot of noise in the military, for it is normal to expect the highest level of security in military equipment, including communication encryption. The fix of the flaw added cost to the military program, but the greatest menace from the eavesdropping of the videos was represented by the disclosure of locations of military areas under military surveillance and of course the patterns followed by drone used for reconnaissance activities.

[Image: tjYGdIY.png]


Hijacking is the unauthorized use of a satellite for transmission, or seizing control of a signal, such as a broadcast, and replacing it with another. The data transmitted could be acquired (eavesdropping) by attackers who could also modify it in transit (spoofing). The term “Control” refers to the capability of a hacker to gain the control of part or all of the satellite architecture (ground station, bus, payload); particularly interesting is the hacker’s capability to maneuver the satellite in orbit. Satellite hijacking is the illegal use of the satellite to transmit the attacker’s signal, which could override or modify legitimate transmitted data. Attacks against Internet data connections and media broadcasts are very common

Controlling a satellite involves breaching the TT&C (tracking, telemetry and control) links; the wrong commands are sent to the satellite system, causing device rotation or movement that could direct solar panels and antenna in the wrong directions. Satellite control is considered very difficult to implement because security measures to protect satellites are very effective against these intentional attacks.

[Image: qPIacyZ.png]

In military environments, TT&C ground stations are not freely accessible; they are, in fact, usually protected within a secure area that has controlled access and physical countermeasures to avoid intrusion from external entities. Despite the high level of security the menace must be properly approached. An attacker could exploit a flaw in the command and control of commercial satellites, such as VSAT hubs, to compromise also military satellite systems.

A word on Telemetry, Tracking & Command (TT&C):

-Telemetry is an automated communications process where data is collected and then transmitted to receiving equipment for monitoring, display, and recording
-In the case of satellites, the data from the satellite is about its operations (eg. temperature of batteries) or about its mission (eg. scientific data being collected)
-Ground control “commands” transmitted to the satellite could control a process, switch transmitters on/off, reschedule some equipment function, or adjust the satellite’s altitude
-A transducer converts the physical stimulus to be measured (eg. vibration, temperature) into an electrical signal
-The signal is then transmitted to the ground by radio waves
-Once the ground station receives the transmission, the data must be extracted from the received signal and displayed in a form which can later be processed by computers
-This entire process as a whole makes up telemetry

[Image: 0KFoZUl.png]

GPS- Global Positioning System

One of the most classic examples of satellite control attack is the exploitation of the vulnerability of GPS systems, a technology widely used today in commercial and military sectors.
The wide range of applications based on the technology in today’s society requires a continuous reassessment of the risks related to the exposure of incidents

The most insidious threat for GPS systems is known as “GPS spoofing,” whereby interference with the GPS receiver is fooled into tracking counterfeit GPS signals. Unlike the case of jamming of GPS signals, in spoofing the targeted receivers are deceived. GPS “spoofers” are devices that create false GPS signals to fool receivers into thinking that they are at a different location or different times, this type of attacks can be really useful in a multitude of scenarios, such as the hijacking of drone or a vessel.

These attacks are difficult to detect and can be conducted in numerous sectors, from transportation to financial environments.

During the risk assessment, numerous countermeasures that have been classified for their implementation have been evaluated. Principal countermeasures implemented in software on GPS receivers are:

-Amplitude discrimination
-Time-of-arrival discrimination

More sophisticated techniques are:

-Consistency of navigation inertial measurement unit (IMU) cross-check
-Polarization discrimination
-Angle-of-arrival discrimination
-Cryptographic authentication

Some of the above attacks are difficult to conduct because they require sophisticated and expensive hardware, such as multiple antennas or a high-grade inertial measurement unit (IMU). The most efficient countermeasure against these attacks is the adoption of signal encryption; the receiver and transmitter use mutual authentication processes to avoid interferences from external sources. Unfortunately, these techniques, while compatible with a classic GPS, require more powerful hardware and systems able to manage the overhead introduced by authentication procedures. For this reason, encryption is limited to the military sector.

Scanning / Attacking

When explaining scanning and attacking concepts, it is useful to remember the content of a presentation made in 2010 by Spanish cyber security researcher Leonardo Nve at the Black Hat security conference in Arlington. The expert exposed to the audience a variety of tricks to
access to satellite Internet connections and exploit them.

Quote:What’s interesting about this is that it’s very, very easy … Anyone can do it: phishers or Chinese hackers; it’s like a very big Wi-Fi network that’s easy to access.

At a cost of only $75 in tools he was able to intercept digital video broadcast (DVB) signals to get free high-speed Internet. Nve used a Skystar 2 PCI satellite receiver card along with open source Linux DVB software applications and the popular network sniffing tool Wireshark. NVE’s techniques exploited the lack of encryption for DVB signals. The technique was already known to the hacking community but Nve also demonstrated how to use satellite signals to anonymize his Internet connection, intercept satellite Internet users’ requests for Web content, and replace them to gain access to private networks. Nve exploited the satellite signal’s ability to spoof any user identity on the Internet via satellite. The Spanish researcher was also able to impersonate a website operating on the user DNS requests. He was in fact able to manipulate IP addresses received in response to request of conversion from an ISP for a website name. He made a DNS entry point to another IP than the one it would be supposed to point to (DNS spoofing). The IP address was sent back by Nve faster than the ISP deceiving the user and hijacking it on a fake website. The repercussion of this attacker is easily imaginable: An attacker in this way could serve malware or steal a user’s credentials.

Nve revealed that during his test he was also able to hijack signals using GRE (generic routing encapsulation) or TCP protocols that entities use to communicate between PCs and servers.

[Image: MrRJLo5.png]

Resuming, the researcher was able to perform:

-DNS spoofing
-TCP hijacking
-Attacking GRE

Signal Encryption and Hardening

The principal countermeasures to protect satellite infrastructures are the encryption of signals and the hardening of single components, such as the ground stations.

Encryption is crucial to protect signals from spoofing attacks and it is also used to mutually authenticate communication interlocutors. It is fundamental to understand that encryption doesn’t represent a definitive solution; it adds a supplementary layer of defense as occurred for the algorithms A5-GMR-1 and A5-GMR-2, which have been cracked few years back.
Hence, using sat-phones (Satellite phones, isn’t as secure as you’d think).

The algorithms used and the level of encryption adopted is functional in the field of application. Managing signal encryption requires supplementary hardware capabilities, with repercussions on the overall cost of the systems, on the maintenance activities, and on the performance and the global security of the platform.

Another element to consider is the encryption of signals exchanged between the modules of the satellite structure. Multiple nodes can be encrypted, such as data and TT&C uplinks or access between terrestrial networks and the ground stations.

Due to the above reason, most commercial satellite systems are designed without encryption of the signals; every transmission has “open access,” and is transmitted without any protection. The information security could be improved by introducing encryption, while physical security could be increased with the adoption of hardening methods in different parts of the satellite system.

The intrusion could be physical or electronic (e.g., radio signal interception and jamming). To protect signals from attackers, the satellite antennas are often obscured with barriers to prevent attacks that are dependent on line of sight.

Other techniques could be used for terrestrial equipment protection such as directional antennas that reduce interception, shielding and radio emission control measures to mitigate surveillance or jamming activities from third parties.

The satellite itself may be hardened against radiation, meteoroids, and orbital debris. To minimize disruption in case of kinetic or natural disaster, the deployment of satellite networks with redundant components having multiple satellites and ground stations is suggested.


Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: