Should We Call Satellite Hackers Space Invaders?
Stop Us If You’ve Heard This One Before
Today The Register published a reminder of just how vulnerable the roughly 12,000 satellites orbiting the Earth are to hacking attempts. Yamcs is an open source application used by NASA and Airbus which has five known CVEs in the code that would allow an attacker to gain complete control over the software on satellites which use the software. OpenC3 Cosmos, another open source app commonly used in ground station systems has seven CVEs, five of which can be leveraged for remote code execution and cross-site scripting attacks.
NASA’s Core Flight System software, Aquila, has four critical flaws one of which is a remote-code-execution vulnerability and CryptoLib which is used in large number of satellites contains seven serious flaws; NASA’s modified version still has four. These include a flaw which can be exploited by an unauthenticated telephone which lets you crash the entire onboard software and when it reboots none of the previous security keys are recreated, leaving the satellite’s systems open for anyone to play with.
One could say that the gravity of these flaws can’t be overstated.
Four countries have now tested anti-satellite missiles (the US, China, Russia, and India), but it's much easier and cheaper just to hack them.
More Tech News From Around The Web
- Linux Desktop Share Tops 6% In 15 Million-System Analysis @ Slashdot
- Fake WhatsApp developer libraries hide destructive data-wiping code @ Bleeping Computer
- Google discovered a new scam—and also fell victim to it @ Ars Technica
- Microsoft’s New Agentic Web Protocol Stumbles With Path Traversal Exploit @ Hackaday
- KLM, Air France latest major organizations looted for customer data @ The Register
- Microchip Adaptec SmartRAID 4300 A New Era of NVMe RAID Controller Without Drive Connectivity @ ServeTheHome
