Home Blog Page 13

First CTF in space with Hack-A-Sat: the US Air Force launches a Bug Bounty and invites hackers to hack one of their satellites in orbit

0
SpaceX Dragon capsule during its approach to the ISS (Photo credits: NASA)

It was the TechCrunch site that revealed the information. The U.S. Air Force will launch a bug bounty program in the form of a CTF (Capture The Flag) whose goal is to hack a real satellite in orbit above the Earth.

Last year, at the famous Defcon cyber security conference, the US Air Force had already asked hackers to hack one of their F-15 fighter planes. And they succeeded! The results, which were not made public, proved to be very interesting according to the organisers.

It was the first time that hackers were allowed to penetrate US Air Force systems and physically access the F-15 system to look for vulnerabilities.

The Washington Post revealed that in just two days, a team of seven hackers managed to discover several critical vulnerabilities that, if exploited in the real world, could have crippled the aircraft’s systems, causing potentially very serious damage.

U.S. Air Force F-15E Strike Eagle (photo crédits : U.S. Air Force – Senior Airman Erin Trowe)

Will Roper, Assistant Secretary of the US Air Force, said at the time: “I left this event thinking that there was a huge national asset in this level of cyber expertise that the US Air Force is sorely lacking”.

Indeed, for years, the US Air Force has historically kept the security of its systems and technology in absolute secrecy, fearing espionage or sabotage by the enemy. “It was like being stuck in the business practices of the Cold War. But in today’s world, this is not the best security posture,” Roper said.

Following the success of this first initiative, the US Air Force decided to repeat the experience and call again on security researchers at the Aerospace Village of the 2020 Defcon28. This time it will involve hacking into a real satellite in orbit, hovering miles above the earth’s surface.

Crédits : hachasat.com

Will Roper reminds us that satellites, even if they are far from earth, face real threats. Among these, he cites the possibility of using “anti-satellite” weapons to jam, blind or even prevent devices from communicating with their base stations.

It is not only the satellites in orbit that are threatened. Earth stations and communication links between earth and sky could be as vulnerable as the satellites themselves, Roper said.

This year’s program is called “Hack-A-Sat“, a space security program that involves attacking an actual satellite in orbit and spotting bugs and vulnerabilities that could be exploited by the enemy.

Teaser vidéo

This is a paradigm shift for the US Air Force, which until now has been used to building closed and locked systems. By moving to semi-open systems, it opens up “satellite” technology to the wider community, while reserving the highest ranked technology for its in-house experts and engineers.

The aim of this initiative is not only to fix existing bugs but also to consolidate the supply chain to prevent the introduction of new bugs,” adds Will Roper.

How to register?

The rules of participation in “Hack-A-Sat” have been published in detail on the hackasat.com website (see PDF). The registration form has been online since April 22nd.

Qualifying events

The first step is to take part in the qualifying events which will be held online from 22 May. Candidates will have to take up several challenges by hacking a test satellite in the form of a kit and solve as many challenges as possible in 48 hours. The end of the qualification tests is scheduled for 24 May.

The goal of the qualifying rounds is to identify the best and keep only the “cream of the crop,” as Will Roper explains.

Crédits : hachasat.com

What is the final event?

Only the top 10 teams will qualify for the final event at the Defcon 2020 conference in Las Vegas in August. The challenge of the final event has been revealed. Besides the fact that the hackers will have to attack a real satellite, they will also have to try to hack its camera and take a picture of the Moon as proof (the famous “flag”). The first three teams will receive prizes ranging from $20,000 to $50,000.

With the current Coronavirus Pandemic continuing, the organizers could hold the final event remotely. In addition to hoping that hackers will find vulnerabilities, the event also aims to raise awareness at the highest level within the US Air Force and change the way they think about security.

Will Roper hopes that in the future, the US Air Force will think about working differently, using the hacker community more often when designing a satellite. “If this future generation becomes a reality, then we’ll be in a much better cyber position. »

For more information

For those who are interested and want to know more about the “Hack-A-Sat” program, the organizers have written a FAQ.

Resources

Crédits : hachasat.com

Back to the lastest “In-Flight Abort Test” from SpaceX before the first manned flight on May 27, 2020

0
The Crew Dragon capsule separating from its Falcon 9 rocket, 84 seconds after liftoff, using its SuperDraco thrusters to move away from the rocket to test its ability to escape a faulty booster. (Credits: SpaceX)

On Sunday, January 19, 2020, the last big test for SpaceX, Elon Musk’s company, took place successfully. It was to simulate a failure of the launcher and to carry out an emergency ejection of the unmanned Crew Dragon capsule, a few minutes after launch. This test is called an “In-Flight Abort Test”.

The test took place at the Kennedy Space Center in Cape Canaveral, Florida. The mission went perfectly well (see video below) and was successfully completed. The Crew Dragon capsule is launched by a Falcon 9 rocket and powered by SuperDraco engines mounted in pairs.

Below is a Twitter video showing the moment of ejection of the launcher capsule.

This mission is ordered to SpaceX by NASA in order to give the United States back its autonomy in the access to manned space flights. It was therefore a crucial test for NASA.

Full video of the security test

The chronology of the test is as follows:

  • 00:00 – Liftoff of the launcher (17:58 of the video)
  • 01:28 – Crew Dragon capsule ejected (19:24 of the video)
  • 01:37 – Launcher explodes (19:35 of the video)
  • 02:35 – Release of the ejection stage (20:23 of the video)
  • 04:44 – Opening of the 2 small parachutes (22:42 of the video)
  • 05:33 – Opening of the 4 large parachutes (23:32 of the video)
  • 08:56 – Ditching of the capsule (26:55 of the video)

The next flight of the Dragon Crew will be a manned flight. It will be a great return for the Americans with the first manned flight since the space shuttle program was shut down after two serious accidents.

Space Shuttle Atlantis at Launchpad 39A in Cape Canaveral, Florida (Photo credits: Dave Mosher)

Since the last flight of Space Shuttle Atlantis in 2011, Americans have been forced to use the services of the Russian Soyuz spacecraft to fly their astronauts into space and back and forth with the International Space Station (ISS).

The Soyuz MS-10 spacecraft carrying NASA astronaut Nick Hague and Russian cosmonaut Alexey Ovchinin on the launch pad at the Baikonur Cosmodrome in Kazakhstan on 11 October 2018. The rocket stopped in mid-flight, but an evacuation system saved the crew. (Photo credits: Shamil Zhumatov/Reuters)

The next launch of the Falcon 9 and the Crew Dragon capsule will take place at the Kennedy Space Center in Cape Canaveral, Florida, where Space Shuttle Atlantis last lifted off. It will be a manned flight with American astronauts Doug Hurley and Bob Behnken as passengers. This mission will take place on May 27, 2020.

This very special mission will be extremely well attended. It will be the subject of a future article.

Hack-A-Sat Challenge, a satellite hacking challenge from the Us Air Force, shifts to fully virtual event

0

It’s official, DEF CON 28, the famous international hackers conference, becomes virtual, as does the Hack-A-Sat event, the US Air Force program that invites hackers to hack one of their satellites in orbit (see our article on this subject).

The organisers are putting in place all the logistics necessary to make this virtual experience as user-friendly as possible for the spectators. It will thus be possible to follow the satellite hacking competition from a distance wherever you are.

The dates for the final event are still set for 7-9 August 2020. All information is available on hackasat.com.

As a reminder, to be able to participate in the final round of the satellite hacking contest, you must have passed the qualifying rounds which starts on May 22nd and be in the first eight teams.

The clock is ticking… so hurry up and register at hackasat.com.

If you’re wondering why we’re looking to hack a satellite, then go to our article about the Hack-a-Sat program to read and understand the whole story.

Last Posts

Two big announcements : the release of SPARTA v3.1 with MITRE’s EMB3D mapping and...

0
In the following article, discover the major advancements announced with the release of SPARTA v3.1: the addition of new NIST space segment guidance, the...

An analysis of the Thales satellite hacking demo at CYSAT 2023 with the METEORSTORM™...

0
Disclaimer Please be informed that the analysis detailed in this article is entirely separate from the hacking experiment conducted by the Thales team on the...

Exploring the power of the METEORSTORM™ framework — a framework built for full-spectrum modeling...

0
I'm very proud to have successfully taken up a new challenge exam in beta version about METEORSTORM™ framework which allowed me to obtain the...

An analysis of the Thales satellite hacking demo at CYSAT 2023 with the MITRE...

0
Disclaimer Please be informed that the analysis detailed in this article is entirely separate from the hacking experiment conducted by the Thales team on the...

Enhancing Threat Understanding: Modeling the Viasat Cyber Attack with MITRE CTID’s Attack Flow Builder

0
Introduction In the complex landscape of modern cybersecurity, understanding the intricate mechanisms of sophisticated cyber attacks has become paramount. On February 24, 2022, Viasat, a global...

Popular posts

Description of the Elements of a Satellite Command and Control System

1
In order to be able to analyse the various threats and identify the risks facing a space system, it is necessary to describe precisely...

Install KYPO Cyber Range Platform on Openstack and Ubuntu in AWS cloud

4
KYPO is a Cyber Range Platform (KYPO CRP) developed by Masaryk University since 2013. KYPO CRP is entirely based on state-of-the-art approaches such as...

An analysis of the Viasat cyber attack with the MITRE ATT&CK® framework

0
Disclaimer To do this analysis of the Viasat cyber attack, I used the open-source intelligence (1) of the team composed by Nicolò Boschetti (Cornell University),...

What are the threats to space systems?

0
In this article, we will try to identify the various threats to space systems. This article is a synthesis of the CSIS (Center for Strategic...

Cartographie des acteurs étatiques du cyber en France

0
Avec l'aimable autorisation de Martial Le Guédard, nous reproduisons ci-dessous sa cartographie au sujet des différents acteurs étatiques évoluant dans le domaine du Cyber...