Delivering internet connectivity from satellites orbiting the Earth is becoming an increasingly popular idea especially as Elon Musk continues to launch low-orbit satellites to build out his upcoming Starlink network.
Satellite internet connections are actually already being used today by workers on remote oil rigs, ships traversing international waters and by airlines in areas where broadband or cellular internet is not available. However, the security of these connections has come into question recently thanks to an experiment conducted by Oxford University researcher James Pavur.
Pavur presented the results of his experiment at Black Hat 2020 where he tried to convince the infosec community that the unsecured nature of satellite broadband communications is worth a second look. Over the course of several years, he was able to successfully intercept the signals of 18 satellites transmitting internet across a 100m square kilometre are from a fixed physical location in the UK.
During the course of his experiment, Pavur was able to eavesdrop on all sorts of different communications including navigational information sent to a Chinese airliner over an unencrypted connection, messages relayed from an Egyptian oil tanker that allowed him to decrypt information about the ship and even personally identifiable information about its crew, account reset passwords for the network of a Greek billionaire’s yacht and more.
Intercepting satellite internet traffic
Satellite internet traffic is easy to intercept due to the fact that technology does not currently exist to allow parties to validate the integrity of an encrypted satellite connection.
With just a $90 satellite dish and $200 video-broadcasting satellite tuner purchased off-the-shelf, Pavur was able to intercept satellite internet traffic. By using publicly available sources, he identified the orbitable tracks of satellites and pointed his satellite dish in their direction.
In order to record the data being transmitted, Pavur used signal-recording software and tweaked it to focus on internet traffic by using HTTP protocols. The technique he used didn’t’ require a particularly high level of technical ability and in total, he was able to download over 8TB of information from satellites orbiting above him.
Pavur hopes that his experiment and his presentation at the Black Hat conference this year will bring awareness to the potential lack of security in satellite internet connections.
- We’ve also highlighted the best VPN services