![Page 1: D1T1 - Jim Geovedi - Hacking a Bird in the Sky 2.0](https://reader031.vdocument.in/reader031/viewer/2022012302/547814eeb4af9f76108b4af8/html5/thumbnails/1.jpg)
2.0
Exploiting Satellite Trust Relationship
Raditya [email protected]
Hacking a Bird in the Sky
Anthony [email protected]
![Page 2: D1T1 - Jim Geovedi - Hacking a Bird in the Sky 2.0](https://reader031.vdocument.in/reader031/viewer/2022012302/547814eeb4af9f76108b4af8/html5/thumbnails/2.jpg)
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Hack In The Box Security Conference 2008
DisclaimerThis presentation is intended to demonstrate the inherent security, design and configuration flaws in publicly accessible satellite communication networks and promote the use of safer satellite communication systems. Viewers and readers are responsible for their own actions and strongly encourage to behave themselves.
![Page 3: D1T1 - Jim Geovedi - Hacking a Bird in the Sky 2.0](https://reader031.vdocument.in/reader031/viewer/2022012302/547814eeb4af9f76108b4af8/html5/thumbnails/3.jpg)
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Hack In The Box Security Conference 2008
Slanguage Dictionary‣ Bird: a variety term for satellite; "The proposed
channel would be carried by an Asian bird to be launched next spring."
![Page 4: D1T1 - Jim Geovedi - Hacking a Bird in the Sky 2.0](https://reader031.vdocument.in/reader031/viewer/2022012302/547814eeb4af9f76108b4af8/html5/thumbnails/4.jpg)
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Hack In The Box Security Conference 2008
Satellite‣ A satellite is any object that orbits another object
(which known as its primary).
![Page 5: D1T1 - Jim Geovedi - Hacking a Bird in the Sky 2.0](https://reader031.vdocument.in/reader031/viewer/2022012302/547814eeb4af9f76108b4af8/html5/thumbnails/5.jpg)
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Hack In The Box Security Conference 2008
Artificial Satellite‣ It was the English sci‐fi writer
Arthur C. Clarke who conceived the possibility of artificial communication satellites in 1945. Clarke examined the logistics of satellite launch, possible orbits and other aspects.
Arthur C. Clarke, science fiction author, meeting with fans, at his home office in Colombo, Sri Lanka.
source: http://en.wikipedia.org/wiki/Arthur_C._Clarke
![Page 6: D1T1 - Jim Geovedi - Hacking a Bird in the Sky 2.0](https://reader031.vdocument.in/reader031/viewer/2022012302/547814eeb4af9f76108b4af8/html5/thumbnails/6.jpg)
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Hack In The Box Security Conference 2008
Artificial Satellite‣ The first artificial satellite
was Sputnik 1 launched by Soviet Union on 4 October 1957.
In 1957, the Soviet Union launched Sputnik, a basketball‐size capsule that became the Earth’s first man‐made satellite. Sputnik’s radio signals were a “raspberry” from the Soviets, fumed one U.S. pundit. The next year, the United States created NASA, and the space race was under way.
source: http://magma.nationalgeographic.com/ngm/2007‐10/space‐travel/space‐travel‐photography.html
![Page 7: D1T1 - Jim Geovedi - Hacking a Bird in the Sky 2.0](https://reader031.vdocument.in/reader031/viewer/2022012302/547814eeb4af9f76108b4af8/html5/thumbnails/7.jpg)
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Hack In The Box Security Conference 2008
Satellite Internet Services‣ One‐way multicast: used for IP multicast‐based data,
audio and video distribution.
‣ Most Internet protocols will not work correctly over one‐way access, since they require a return channel.
‣ One‐way with terrestrial return: used with traditional dial‐up access to the Internet, but downloads are sent via satellite at a speed near that of broadband Internet access.
‣ Two‐way satellite access: allows upload and download data communications.
![Page 8: D1T1 - Jim Geovedi - Hacking a Bird in the Sky 2.0](https://reader031.vdocument.in/reader031/viewer/2022012302/547814eeb4af9f76108b4af8/html5/thumbnails/8.jpg)
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Hack In The Box Security Conference 2008
Very Small Aperture Terminal‣ A one or two‐way terminal used in
a star, mesh or point to point network with. Antenna size is restricted to being less than or equal to 3.8 m at Ku band and 7.8 m at C band.
‣ It consists of a large high performance hub earth station (with an antenna of up to 9 m in diameter) and a large number of smaller, lower performance terminals. These small terminals can be receive only, transmit only or transmit/receive. A 2.5m parabolic dish antenna for
bidirectional high‐speed satellite Internet.source: http://en.wikipedia.org/wiki/VSAT
![Page 9: D1T1 - Jim Geovedi - Hacking a Bird in the Sky 2.0](https://reader031.vdocument.in/reader031/viewer/2022012302/547814eeb4af9f76108b4af8/html5/thumbnails/9.jpg)
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Hack In The Box Security Conference 2008
Frequency Band Designations
SHF EHF
8 GHz 12 GHz 18 GHz 40 GHz 75 GHz
30 GHz3 GHz
C X Ku K VKa
SLUHFVHF
3 GHz
UHF
1 GHz
300 MHz
VHF
source: http://www.satcom‐services.com/sat_freq.htm
![Page 10: D1T1 - Jim Geovedi - Hacking a Bird in the Sky 2.0](https://reader031.vdocument.in/reader031/viewer/2022012302/547814eeb4af9f76108b4af8/html5/thumbnails/10.jpg)
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Hack In The Box Security Conference 2008
Data communication service using satellite access media with Time Division Multiplex (TDM) / Time Division Multiple Access (TDMA) technology based on Internet‐protocol.
source: http://www.lintasarta.net/PRODUKLAYANAN/Satelit/VsatIP/tabid/85/Default.aspx
![Page 11: D1T1 - Jim Geovedi - Hacking a Bird in the Sky 2.0](https://reader031.vdocument.in/reader031/viewer/2022012302/547814eeb4af9f76108b4af8/html5/thumbnails/11.jpg)
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Hack In The Box Security Conference 2008
Data communication service using satellite access media with Single Channel per Carrier (SCPC) connecting point‐to‐point and point‐to‐multipoint.
source: http://www.lintasarta.net/PRODUKLAYANAN/Satelit/VsatLink/tabid/86/Default.aspx
![Page 12: D1T1 - Jim Geovedi - Hacking a Bird in the Sky 2.0](https://reader031.vdocument.in/reader031/viewer/2022012302/547814eeb4af9f76108b4af8/html5/thumbnails/12.jpg)
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Hack In The Box Security Conference 2008
Attacks against Satellite Systems‣ Hypothetical Attacks‣ Denial of services (uplink/downlink jamming, overpower uplink), orbital
positioning attacks (raging transponder spoofing, direct commanding, command replay, insertion after confirmation but prior to execution)
‣ Practical Attacks
![Page 13: D1T1 - Jim Geovedi - Hacking a Bird in the Sky 2.0](https://reader031.vdocument.in/reader031/viewer/2022012302/547814eeb4af9f76108b4af8/html5/thumbnails/13.jpg)
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Hack In The Box Security Conference 2008
![Page 14: D1T1 - Jim Geovedi - Hacking a Bird in the Sky 2.0](https://reader031.vdocument.in/reader031/viewer/2022012302/547814eeb4af9f76108b4af8/html5/thumbnails/14.jpg)
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Hack In The Box Security Conference 2008
Abusing Satellite Systems
"Satellite Piggyjacking"(Exploiting Satellite Trust Relationship on VSAT Network)
![Page 15: D1T1 - Jim Geovedi - Hacking a Bird in the Sky 2.0](https://reader031.vdocument.in/reader031/viewer/2022012302/547814eeb4af9f76108b4af8/html5/thumbnails/15.jpg)
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Hack In The Box Security Conference 2008
![Page 16: D1T1 - Jim Geovedi - Hacking a Bird in the Sky 2.0](https://reader031.vdocument.in/reader031/viewer/2022012302/547814eeb4af9f76108b4af8/html5/thumbnails/16.jpg)
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Hack In The Box Security Conference 2008
Satellite Piggyjacking
![Page 17: D1T1 - Jim Geovedi - Hacking a Bird in the Sky 2.0](https://reader031.vdocument.in/reader031/viewer/2022012302/547814eeb4af9f76108b4af8/html5/thumbnails/17.jpg)
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Hack In The Box Security Conference 2008
Satellite Piggyjacking‣ Selecting target
![Page 18: D1T1 - Jim Geovedi - Hacking a Bird in the Sky 2.0](https://reader031.vdocument.in/reader031/viewer/2022012302/547814eeb4af9f76108b4af8/html5/thumbnails/18.jpg)
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Hack In The Box Security Conference 2008
Satellite Piggyjacking‣ Selecting target
‣ Pointing antenna
![Page 19: D1T1 - Jim Geovedi - Hacking a Bird in the Sky 2.0](https://reader031.vdocument.in/reader031/viewer/2022012302/547814eeb4af9f76108b4af8/html5/thumbnails/19.jpg)
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Hack In The Box Security Conference 2008
Satellite Piggyjacking‣ Selecting target
‣ Pointing antenna
‣ Find "free" frequency
![Page 20: D1T1 - Jim Geovedi - Hacking a Bird in the Sky 2.0](https://reader031.vdocument.in/reader031/viewer/2022012302/547814eeb4af9f76108b4af8/html5/thumbnails/20.jpg)
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Hack In The Box Security Conference 2008
Satellite Piggyjacking‣ Selecting target
‣ Pointing antenna
‣ Find "free" frequency‣ Transmit and receive
![Page 21: D1T1 - Jim Geovedi - Hacking a Bird in the Sky 2.0](https://reader031.vdocument.in/reader031/viewer/2022012302/547814eeb4af9f76108b4af8/html5/thumbnails/21.jpg)
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Hack In The Box Security Conference 2008
Satellite Piggyjacking‣ Selecting target
‣ Pointing antenna
‣ Find "free" frequency‣ Transmit and receive
‣ Detection evasion
![Page 22: D1T1 - Jim Geovedi - Hacking a Bird in the Sky 2.0](https://reader031.vdocument.in/reader031/viewer/2022012302/547814eeb4af9f76108b4af8/html5/thumbnails/22.jpg)
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Hack In The Box Security Conference 2008
Demo
![Page 23: D1T1 - Jim Geovedi - Hacking a Bird in the Sky 2.0](https://reader031.vdocument.in/reader031/viewer/2022012302/547814eeb4af9f76108b4af8/html5/thumbnails/23.jpg)
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Hack In The Box Security Conference 2008
Rogue Carrier Detection Evasion
![Page 24: D1T1 - Jim Geovedi - Hacking a Bird in the Sky 2.0](https://reader031.vdocument.in/reader031/viewer/2022012302/547814eeb4af9f76108b4af8/html5/thumbnails/24.jpg)
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Hack In The Box Security Conference 2008
Rogue Carrier Detection Evasion
Allocated Frequency
![Page 25: D1T1 - Jim Geovedi - Hacking a Bird in the Sky 2.0](https://reader031.vdocument.in/reader031/viewer/2022012302/547814eeb4af9f76108b4af8/html5/thumbnails/25.jpg)
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Hack In The Box Security Conference 2008
Rogue Carrier Detection Evasion
Allocated Frequency
Real User
![Page 26: D1T1 - Jim Geovedi - Hacking a Bird in the Sky 2.0](https://reader031.vdocument.in/reader031/viewer/2022012302/547814eeb4af9f76108b4af8/html5/thumbnails/26.jpg)
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Hack In The Box Security Conference 2008
Rogue Carrier Detection Evasion
Allocated Frequency
Real User
![Page 27: D1T1 - Jim Geovedi - Hacking a Bird in the Sky 2.0](https://reader031.vdocument.in/reader031/viewer/2022012302/547814eeb4af9f76108b4af8/html5/thumbnails/27.jpg)
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Hack In The Box Security Conference 2008
Rogue Carrier Detection Evasion
Allocated Frequency
Real User Us
![Page 28: D1T1 - Jim Geovedi - Hacking a Bird in the Sky 2.0](https://reader031.vdocument.in/reader031/viewer/2022012302/547814eeb4af9f76108b4af8/html5/thumbnails/28.jpg)
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Hack In The Box Security Conference 2008
Rogue Carrier Detection Evasion
Allocated Frequency
UsReal User
![Page 29: D1T1 - Jim Geovedi - Hacking a Bird in the Sky 2.0](https://reader031.vdocument.in/reader031/viewer/2022012302/547814eeb4af9f76108b4af8/html5/thumbnails/29.jpg)
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Hack In The Box Security Conference 2008
Rogue Carrier Detection Evasion
Allocated Frequency
UsReal User
![Page 30: D1T1 - Jim Geovedi - Hacking a Bird in the Sky 2.0](https://reader031.vdocument.in/reader031/viewer/2022012302/547814eeb4af9f76108b4af8/html5/thumbnails/30.jpg)
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Hack In The Box Security Conference 2008
Rogue Carrier Detection Evasion
Allocated Frequency
Us
![Page 31: D1T1 - Jim Geovedi - Hacking a Bird in the Sky 2.0](https://reader031.vdocument.in/reader031/viewer/2022012302/547814eeb4af9f76108b4af8/html5/thumbnails/31.jpg)
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Hack In The Box Security Conference 2008
Rogue Carrier Detection Evasion
Allocated Frequency
Us
![Page 32: D1T1 - Jim Geovedi - Hacking a Bird in the Sky 2.0](https://reader031.vdocument.in/reader031/viewer/2022012302/547814eeb4af9f76108b4af8/html5/thumbnails/32.jpg)
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Hack In The Box Security Conference 2008
Rogue Carrier Detection Evasion
Allocated Frequency
Us
![Page 33: D1T1 - Jim Geovedi - Hacking a Bird in the Sky 2.0](https://reader031.vdocument.in/reader031/viewer/2022012302/547814eeb4af9f76108b4af8/html5/thumbnails/33.jpg)
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Hack In The Box Security Conference 2008
Rogue Carrier Detection Evasion
Allocated Frequency
![Page 34: D1T1 - Jim Geovedi - Hacking a Bird in the Sky 2.0](https://reader031.vdocument.in/reader031/viewer/2022012302/547814eeb4af9f76108b4af8/html5/thumbnails/34.jpg)
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Hack In The Box Security Conference 2008
Detection Issues‣ Require at least another satellite and satellite
operator to detect rogue carrier (similar to GPS mechanism).‣ Satellite operator alliance co‐operation.
‣ Specialised company detecting rogue carrier.
‣ Hard to detect if rogue carrier has ability to switch frequency automatically prior detection.
![Page 35: D1T1 - Jim Geovedi - Hacking a Bird in the Sky 2.0](https://reader031.vdocument.in/reader031/viewer/2022012302/547814eeb4af9f76108b4af8/html5/thumbnails/35.jpg)
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Hack In The Box Security Conference 2008
The End‣ Last year, we managed to present how to
compromise data link layer.
‣ Today, we present how to compromise network layer.
![Page 36: D1T1 - Jim Geovedi - Hacking a Bird in the Sky 2.0](https://reader031.vdocument.in/reader031/viewer/2022012302/547814eeb4af9f76108b4af8/html5/thumbnails/36.jpg)
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Hack In The Box Security Conference 2008
The End‣ Last year, we managed to present how to
compromise data link layer.
‣ Today, we present how to compromise network layer.
Data Link + Network = ?