Tweet
Tweet

Slide 1

Slide 1 text

Hacking a Bird in the Sky The Revenge of Angry Birds Jim Geovedi, Raditya Iryandi, Raoul Chiesa

Slide 2

Slide 2 text

Satellite Communication When terrestrial communication FAIL, we PREVAIL! Arthur C. Clarke 1917-2008

Slide 3

Slide 3 text

Local ISPs Video Contribution Teleport PSTN End Users End Users Internet Teleport Corporate Data Networks (Interactive & Multicast) Direct Broadcast TV Last-mile Broadband Broadcast Video to Cable Headends

Slide 4

Slide 4 text

EARTH Geostationary Orbit Altitude: 35,786 km Low Earth Orbit Altitude: 500-2,000 km Medium Earth Orbit Altitude: 8,000-20,000 km average distance to moon: 384,400 km Highly Elliptical Orbit Altitude: >35,786 km

Slide 5

Slide 5 text

Propulsion System Solar Arrays Solar Arrays Telemetry, Attitude Control, Commanding, Fuel, Batteries, Power/Thermal Systems High Power, Amplifier, Filter Down-converter, Pre-amplifier, Filter Transponder Transmitter Section Transponder Receiver Section Uplink Downlink Earth Stations / Antennas RX Antenna Jakarta TX Antenna Jayapura

Slide 6

Slide 6 text

Telkom-1 Footprint / 108.0º East (C Band) C Band 38 40 42

Slide 7

Slide 7 text

Frequency Band Designations

Slide 8

Slide 8 text

Example of Frequency and Polarisation Distribution 3720 1 3760 3 3800 5 3840 7 3880 9 3920 11 3960 13 4000 15 4040 17 4080 19 4120 21 4160 23 4060 18 4100 20 4140 22 3940 12 3980 14 4020 16 3820 6 3860 8 3900 10 3701 T/M 3740 2 3780 4 4180 24 4199 T/M 3700 4200 Frequency MHz Transmit Horizontal Polarisation Vertical Polarisation 5945 1 5985 3 6025 5 6065 7 6105 9 6145 11 6185 13 6225 15 6265 17 6305 19 6345 21 6385 23 6285 18 6325 20 6365 22 6165 12 6205 14 6245 16 6045 6 6085 8 6125 10 5965 2 6005 4 6405 24 6424 CMD 5925 6245 Frequency MHz Receive Vertical Polarisation Horizontal Polarisation Channel spacing = 40 MHz — Usable bandwidth = 36 MHz

Slide 9

Slide 9 text

VSAT / Very Small Aperture Terminal ‣ Two-way satellite communication ‣ Use small dish antennas (diameter: 75cm-2,4m) ‣ Managed by the HUB (master earth station)

Slide 10

Slide 10 text

VSAT / Services ‣ One-way multicast ‣ One-way with terrestrial return ‣ Two-way satellite access

Slide 11

Slide 11 text

Hub Equipment Hub Equipment Hub Equipment Hub Equipment TV Station / HQ Network Affiliated TV Stations VSAT Network Topologies / Simplex Transmission

Slide 12

Slide 12 text

VSAT Network Topologies / Point-to-Point Duplex Transmission Customer Site Private Network Public Network Customer Site Private Network Public Network CPE CPE

Slide 13

Slide 13 text

VSAT Network Topologies / Point-to-Multipoint Transmission CPE CPE CPE Network or Sites Network or Sites Network or Sites

Slide 14

Slide 14 text

VSAT Network Topologies / Mobile Antenna Service Hub Equipment Customer Site Private Network Public Network

Slide 15

Slide 15 text

VSAT Network Topologies / Star Network Hub Equipment Hub Equipment Hub Equipment Hub Equipment Public/Private Networks Networks or Sites

Slide 16

Slide 16 text

VSAT Network Topologies / Mesh Network Hub Equipment Networks or Sites Hub Equipment Networks or Sites Hub Equipment Networks or Sites

Slide 17

Slide 17 text

f1 f2 f3 Transponder f1 f2 f3 Access Methods / FDMA (Frequency Division Multiple Access)

Slide 18

Slide 18 text

Access Methods / TDMA (Time Division Multiple Access) f1 Transponder f1 f1 f1 f1

Slide 19

Slide 19 text

Access Methods / CDMA (Code Division Multiple Access) Transponder f1 f1 f1 f1 ------------------------------------------ oooooooooooooooooooooooooooooooooooooooooo xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ++++++++++++++++++++++++++++++++++++++++++

Slide 20

Slide 20 text

Satellite Vulnerabilities Current systems are vulnerable to a variety of attacks, and future systems promise little improvement.

Slide 21

Slide 21 text

Unless you have millions of dollars and a team of engineers, you have no hope of taking over commercial or governmental satellites. If someone did put together the power to try such a stunt, they would be more likely to damage a satellite than take it over. How to Break into Satellites: Not! Carolyn Meinel’s GUIDE TO (mostly) HARMLESS HACKING Gobbles!

Slide 22

Slide 22 text

hackers will eventually find a way to hack

Slide 23

Slide 23 text

network of trust vendors government customers management employees spieS

Slide 24

Slide 24 text

It is worth noting that the most likely cause of damage to or loss of service from a satellite is the actual operator. Dan Veeneman

Slide 25

Slide 25 text

Dan Veeneman Low Earth Orbit Satellites Dan Veeneman Future & Existing Satellite Systems Warezzman DVB Satellite Hacking Jim Geovedi, Raditya Iryandi, Hacking a Bird in the Sky: Hijacking VSAT Connection Jim Geovedi, Raditya Iryandi, Anthony Zboralski Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Adam Laurie $atellite Hacking for Fun & Pr0fit! Leonardo Nve Egea, Christian Martorella Playing in a Satellite Environment 1.2 Jim Geovedi, Raditya Iryandi Hacking Satellite: A New Universe to Discover 1996 1998 2004 2006 2008 2009 2011 Jim Geovedi, Raditya Iryandi, Raoul Chiesa Hacking a Bird in the Sky: The Revenge of Angry Birds

Slide 26

Slide 26 text

Veeneman’s Satellite Hypothetical Attacks Jam Uplink Overpower Uplink Jam Downlink Denial of Service ? Takeover Spare Satellite Raging Transponder Spoofing Direct Commanding Command Replay Insertion Orbital Positioning

Slide 27

Slide 27 text

No content

Slide 28

Slide 28 text

Frequency Conversion Geolocation Spectrum Monitoring Digital/Analog Record and Replay Network Gateway Network Gateway COMSEC Front-end Processor IP Ground Antenna Command and Control Receivers/Modems Satellite TT&C Ground Networks

Slide 29

Slide 29 text

Land Earth Station Attacks

Slide 30

Slide 30 text

Satellite-based Attacks Against ATMs and Bank Networks It's not a big truck. It's a series of tubes.

Slide 31

Slide 31 text

CORE TRADE FINANCE TREASURY DATA WAREHOUSING ANTI MONEY LAUNDERING REMITTANCE CRM COLLECTION SYSTEM ATM SWITCH INTERNET BANKING ISLAMIC (SHARIA) BANKING MOBILE BANKING CARD MANAGEMENT

Slide 32

Slide 32 text

VSAT / Automated Teller Machine Networks Hub Equipment Hub Equipment Hub Equipment Hub Equipment Core Banking Networks Automated Teller Machines Standard Network Equipment ATM ATM ATM ATM

Slide 33

Slide 33 text

VSAT / Automated Teller Machine Networks

Slide 34

Slide 34 text

No content

Slide 35

Slide 35 text

Automated Teller Machine

Slide 36

Slide 36 text

Automated Teller Machine

Slide 37

Slide 37 text

OMFGWTFKTHXBYE

Slide 38

Slide 38 text

No content

Slide 39

Slide 39 text

The Usual Culprits People Problems Weak Passwords Lack of Awareness Lack of Skills System Problems Outdated Systems Insecure Configurations Insecure Protocols

Slide 40

Slide 40 text

MANAGEMENT PROBLEMS

Slide 41

Slide 41 text

Distributed Satellite Scanning Framework Identify potential problems at an early stage.

Slide 42

Slide 42 text

Framework Goals ‣ Dead or Alive status / checking if the bird is still alive ‣ Protocols / understand which protocols the target is running ‣ Service type / knowing which service we can (ab)use ‣ Distributed IP C&C / widening the coverage

Slide 43

Slide 43 text

Distributed IP C&C

Slide 44

Slide 44 text

Satellite Carrier Monitoring System ‣ Spectrum Analyser and Digital Spectrum Processor analysis ‣ Reference trace and measurement ‣ Automatic alerts for abnormal and missing carriers

Slide 45

Slide 45 text

Shared Data

Slide 46

Slide 46 text

What’s Next? No, the journey doesn't end here.

Slide 47

Slide 47 text

No content

Slide 48

Slide 48 text

No content

Slide 49

Slide 49 text

No content

Slide 50

Slide 50 text

No content

Slide 51

Slide 51 text

http://www.dunnspace.com/leo_on_the_cheap.htm

Slide 52

Slide 52 text

Fin. Jim Geovedi , @geovedi Raoul Chiesa