How did you spend your time at university? Pizza, booze, sleeping? This Oxford student is snooping on satellites
Bug-hunter details how his team slurped data… IN SPAAAAACE
DEF CON FYI, if you didn't already know: readily available satellite TV electronics can be used to sniff and inspect satellite internet traffic.
That's according to a team lead by University of Oxford PhD student (and occasional GDPR exploiter) James Pavur, who presented his crew's findings on the matter at this year's remote edition of the DEF CON hacking conference. See below for the presentation in full.
Pavur said that, armed with around $300 of easy-to-find hardware plus some custom code, he and his colleagues were able to snoop on non-encapsulated internet traffic beamed via satellite. By non-encapsulated, we mean, internet traffic that wasn't already encrypted before it was relayed by the satellite – the satellite network didn't provide any protection itself. Customers of satellite broadband ISPs include large enterprises, shipping companies, and communications providers using orbiting birds to relay traffic.
The research effort, said Pavur, began as a summer project to test whether the findings of satellite hackers in the 2000s had withstood the test of time. He says that while some of the methods of transmission have changed, the results are pretty much unchanged; a miscreant with minimal resources can sniff non-encapsulated internet traffic bounced around the heavens.
"It allows someone to get away with $200 or $300 of home television equipment and do harm that they would otherwise need tens of thousands of dollars for," Pavur claimed.
Most satellite internet services, we're told, do not wrap their signals in encryption, so if you can pick up the packets over the air, you're in business: you'll be able to receive and read any data sent in plaintext. Armed with a satellite decoder PCI card and an off-the-shelf satellite telly dish, anyone can tune to the right frequency and eavesdrop on non-encapsulated data, such as plaintext DNS lookups and HTTP connections.
In short, if you use a satellite internet service you should wrap your connections in encryption – via a VPN or SSH tunnel, for example – because most of the ISPs do not provide it, and collecting data beamed down from birds is not hard to do.
Relax, satellite hacking is unlikely to lead to Earth-blinding Kessler effect – at least not yetREAD MORE
To be clear, a few hundred bucks is not going to let you get a complete wiretap on a company's internet traffic. Pavur said that his crew's bare-bones setup was not always able to reliably snoop on connections – there was a high noise-to-signal ratio and getting complete packets was rare – but they were able to collect enough info to make any organization uneasy.
One example was traffic showing a lawyer sending emails to clients, and a shipping company giving out employee passport info. Among the other data collected was business documents and internal communications from Fortune 500 businesses, as well as from ordinary folks. They were even able to harvest Windows PC information from local networks.
"A lot of these enterprise networks operate basically as a LAN network across the satellite feed," he explained. "The internal Windows traffic from that network was being broadcast."
More worryingly, Pavur noted that the setup his team used pales in comparison to what most state-sponsored groups have at their disposal. Given what his team were able to do with a bit of knowhow and some easily available hardware, it's understood government intelligence agencies armed with large dish arrays and special equipment can collect far more data more reliably.
In summary, anyone relying on a satellite internet service needs to step up their encapsulation encryption, because you can't assume your traffic is being protected otherwise. ®