First CTF in space with Hack-A-Sat: the US Air Force launches a Bug Bounty and invites hackers to hack one of their satellites in orbit

SpaceX Dragon capsule during its approach to the ISS (Photo credits: NASA)

It was the TechCrunch site that revealed the information. The U.S. Air Force will launch a bug bounty program in the form of a CTF (Capture The Flag) whose goal is to hack a real satellite in orbit above the Earth.

Last year, at the famous Defcon cyber security conference, the US Air Force had already asked hackers to hack one of their F-15 fighter planes. And they succeeded! The results, which were not made public, proved to be very interesting according to the organisers.

It was the first time that hackers were allowed to penetrate US Air Force systems and physically access the F-15 system to look for vulnerabilities.

The Washington Post revealed that in just two days, a team of seven hackers managed to discover several critical vulnerabilities that, if exploited in the real world, could have crippled the aircraft’s systems, causing potentially very serious damage.

U.S. Air Force F-15E Strike Eagle (photo crédits : U.S. Air Force – Senior Airman Erin Trowe)

Will Roper, Assistant Secretary of the US Air Force, said at the time: “I left this event thinking that there was a huge national asset in this level of cyber expertise that the US Air Force is sorely lacking”.

Indeed, for years, the US Air Force has historically kept the security of its systems and technology in absolute secrecy, fearing espionage or sabotage by the enemy. “It was like being stuck in the business practices of the Cold War. But in today’s world, this is not the best security posture,” Roper said.

Following the success of this first initiative, the US Air Force decided to repeat the experience and call again on security researchers at the Aerospace Village of the 2020 Defcon28. This time it will involve hacking into a real satellite in orbit, hovering miles above the earth’s surface.

Crédits :

Will Roper reminds us that satellites, even if they are far from earth, face real threats. Among these, he cites the possibility of using “anti-satellite” weapons to jam, blind or even prevent devices from communicating with their base stations.

It is not only the satellites in orbit that are threatened. Earth stations and communication links between earth and sky could be as vulnerable as the satellites themselves, Roper said.

This year’s program is called “Hack-A-Sat“, a space security program that involves attacking an actual satellite in orbit and spotting bugs and vulnerabilities that could be exploited by the enemy.

Teaser vidéo

This is a paradigm shift for the US Air Force, which until now has been used to building closed and locked systems. By moving to semi-open systems, it opens up “satellite” technology to the wider community, while reserving the highest ranked technology for its in-house experts and engineers.

The aim of this initiative is not only to fix existing bugs but also to consolidate the supply chain to prevent the introduction of new bugs,” adds Will Roper.

How to register?

The rules of participation in “Hack-A-Sat” have been published in detail on the website (see PDF). The registration form has been online since April 22nd.

Qualifying events

The first step is to take part in the qualifying events which will be held online from 22 May. Candidates will have to take up several challenges by hacking a test satellite in the form of a kit and solve as many challenges as possible in 48 hours. The end of the qualification tests is scheduled for 24 May.

The goal of the qualifying rounds is to identify the best and keep only the “cream of the crop,” as Will Roper explains.

Crédits :

What is the final event?

Only the top 10 teams will qualify for the final event at the Defcon 2020 conference in Las Vegas in August. The challenge of the final event has been revealed. Besides the fact that the hackers will have to attack a real satellite, they will also have to try to hack its camera and take a picture of the Moon as proof (the famous “flag”). The first three teams will receive prizes ranging from $20,000 to $50,000.

With the current Coronavirus Pandemic continuing, the organizers could hold the final event remotely. In addition to hoping that hackers will find vulnerabilities, the event also aims to raise awareness at the highest level within the US Air Force and change the way they think about security.

Will Roper hopes that in the future, the US Air Force will think about working differently, using the hacker community more often when designing a satellite. “If this future generation becomes a reality, then we’ll be in a much better cyber position. »

For more information

For those who are interested and want to know more about the “Hack-A-Sat” program, the organizers have written a FAQ.


Crédits :


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.