The Birdman: Hacking Cospas-Sarsat Satellites

With the demands of ubiquitous global connectivity, satellite-based communication has been the only valid method for seagoing vessels and aircraft. However, many of the communication protocols in space system are decades old and lacking basic security measures. These legacy space communication technology is widely used by individual customers and global infrastructure might lead to unanticipated harm.

Furthermore, the security research targeting on satellites-based communication is not as popular as normal software security research due to the demands of expensive equipment and knowledge of satellite channels. Motivated by aforementioned challenges, we performed a comprehensive investigation and research on International Cospas-Sarsat Programme – a Global Satellite-based Rescue System which involves in 67 satellites in total and impacts every corner of the globe. With self-built satellite receivers and transmitters, we found multiple serious vulnerabilities in the communication and control protocols which are used by the International Cospas-Sarsat Programme.

The International Cospas-Sarsat Programme (ICSP) is a satellite-based search and rescue (SAR) distress alert detection and information systems. The ICSP manages to detect and locate emergency beacons which activated by aircraft, ships and backcountry hikers in distress. Between September 1982 and December 2017, the Cospas-Sarsat System provided assistance in rescuing at least 46,553 people in 13,627 SAR events. We collected the downlink signals of the satellites involved from multiple regions with portable satellites receivers.

In this presentation, we will introduce the working principle of ICSP and how it’s used in a real rescue operation. Using widely available equipment, we will demonstrate the ability to eavesdrop and spoof the communications link between ICSP satellites and ground stations. We also present several active attack techniques which leverages the unique properties of ICSP satellites networks. A discussion of possible solutions will be proposed to mitigate the security risks.

Note: We will not disclose every detail of our attack against the ICSP due to the responsible disclosure regulation in this presentation. Since the ICSP involves over 40 nations and agencies, we understand it will be extremely difficult to upgrade the ICSP system.

MAIN CONFERENCE
Location: Track 1 Date: May 9, 2019 Time: 2:00 pm - 3:00 pm Hao Jingli