How did you spend your time at university? Pizza, booze, sleeping? This Oxford student is snooping on satellites

Bug-hunter details how his team slurped data… IN SPAAAAACE

DEF CON FYI, if you didn't already know: readily available satellite TV electronics can be used to sniff and inspect satellite internet traffic.

That's according to a team lead by University of Oxford PhD student (and occasional GDPR exploiter) James Pavur, who presented his crew's findings on the matter at this year's remote edition of the DEF CON hacking conference. See below for the presentation in full.

Youtube Video

Pavur said that, armed with around $300 of easy-to-find hardware plus some custom code, he and his colleagues were able to snoop on non-encapsulated internet traffic beamed via satellite. By non-encapsulated, we mean, internet traffic that wasn't already encrypted before it was relayed by the satellite – the satellite network didn't provide any protection itself. Customers of satellite broadband ISPs include large enterprises, shipping companies, and communications providers using orbiting birds to relay traffic.

The research effort, said Pavur, began as a summer project to test whether the findings of satellite hackers in the 2000s had withstood the test of time. He says that while some of the methods of transmission have changed, the results are pretty much unchanged; a miscreant with minimal resources can sniff non-encapsulated internet traffic bounced around the heavens.

"It allows someone to get away with $200 or $300 of home television equipment and do harm that they would otherwise need tens of thousands of dollars for," Pavur claimed.

Most satellite internet services, we're told, do not wrap their signals in encryption, so if you can pick up the packets over the air, you're in business: you'll be able to receive and read any data sent in plaintext. Armed with a satellite decoder PCI card and an off-the-shelf satellite telly dish, anyone can tune to the right frequency and eavesdrop on non-encapsulated data, such as plaintext DNS lookups and HTTP connections.

In short, if you use a satellite internet service you should wrap your connections in encryption – via a VPN or SSH tunnel, for example – because most of the ISPs do not provide it, and collecting data beamed down from birds is not hard to do.


Relax, satellite hacking is unlikely to lead to Earth-blinding Kessler effect – at least not yet


To be clear, a few hundred bucks is not going to let you get a complete wiretap on a company's internet traffic. Pavur said that his crew's bare-bones setup was not always able to reliably snoop on connections – there was a high noise-to-signal ratio and getting complete packets was rare – but they were able to collect enough info to make any organization uneasy.

One example was traffic showing a lawyer sending emails to clients, and a shipping company giving out employee passport info. Among the other data collected was business documents and internal communications from Fortune 500 businesses, as well as from ordinary folks. They were even able to harvest Windows PC information from local networks.

"A lot of these enterprise networks operate basically as a LAN network across the satellite feed," he explained. "The internal Windows traffic from that network was being broadcast."

More worryingly, Pavur noted that the setup his team used pales in comparison to what most state-sponsored groups have at their disposal. Given what his team were able to do with a bit of knowhow and some easily available hardware, it's understood government intelligence agencies armed with large dish arrays and special equipment can collect far more data more reliably.

In summary, anyone relying on a satellite internet service needs to step up their encapsulation encryption, because you can't assume your traffic is being protected otherwise. ®

Similar topics

Other stories you might like

  • Battlefield 2042: Please don't be the death knell of the franchise, please don't be the death knell of the franchise

    Another terrible launch, but DICE is already working on improvements

    The RPG Greetings, traveller, and welcome back to The Register Plays Games, our monthly gaming column. Since the last edition on New World, we hit level cap and the "endgame". Around this time, item duping exploits became rife and every attempt Amazon Games made to fix it just broke something else. The post-level 60 "watermark" system for gear drops is also infuriating and tedious, but not something we were able to address in the column. So bear these things in mind if you were ever tempted. On that note, it's time to look at another newly released shit show – Battlefield 2042.

    I wanted to love Battlefield 2042, I really did. After the bum note of the first-person shooter (FPS) franchise's return to Second World War theatres with Battlefield V (2018), I stupidly assumed the next entry from EA-owned Swedish developer DICE would be a return to form. I was wrong.

    The multiplayer military FPS market is dominated by two forces: Activision's Call of Duty (COD) series and EA's Battlefield. Fans of each franchise are loyal to the point of zealotry with little crossover between player bases. Here's where I stand: COD jumped the shark with Modern Warfare 2 in 2009. It's flip-flopped from WW2 to present-day combat and back again, tried sci-fi, and even the Battle Royale trend with the free-to-play Call of Duty: Warzone (2020), which has been thoroughly ruined by hackers and developer inaction.

    Continue reading
  • American diplomats' iPhones reportedly compromised by NSO Group intrusion software

    Reuters claims nine State Department employees outside the US had their devices hacked

    The Apple iPhones of at least nine US State Department officials were compromised by an unidentified entity using NSO Group's Pegasus spyware, according to a report published Friday by Reuters.

    NSO Group in an email to The Register said it has blocked an unnamed customers' access to its system upon receiving an inquiry about the incident but has yet to confirm whether its software was involved.

    "Once the inquiry was received, and before any investigation under our compliance policy, we have decided to immediately terminate relevant customers’ access to the system, due to the severity of the allegations," an NSO spokesperson told The Register in an email. "To this point, we haven’t received any information nor the phone numbers, nor any indication that NSO’s tools were used in this case."

    Continue reading
  • Utility biz Delta-Montrose Electric Association loses billing capability and two decades of records after cyber attack

    All together now - R, A, N, S, O...

    A US utility company based in Colorado was hit by a ransomware attack in November that wiped out two decades' worth of records and knocked out billing systems that won't be restored until next week at the earliest.

    The attack was detailed by the Delta-Montrose Electric Association (DMEA) in a post on its website explaining that current customers won't be penalised for being unable to pay their bills because of the incident.

    "We are a victim of a malicious cyber security attack. In the middle of an investigation, that is as far as I’m willing to go," DMEA chief exec Alyssa Clemsen Roberts told a public board meeting, as reported by a local paper.

    Continue reading

Biting the hand that feeds IT © 1998–2021