first live satellite hacking demo
High Societal importance
Orbital systems are critical infrastructures able to collect and transmit data used on Earth for many services we could not live without (weather, telecommunications, positioning, science, etc).
Underestimated vulnerability
Cybersecurity has been historically a low priority for the space industry, more focused on making satellites reliable. Now that satellites are becoming smaller, more connected and more numerous it is urgent to raise awareness about how vulnerable they might be to cyber threats. Hacking a satellite live will help space engineers realize that it is much closer to reality than science fiction.
Counting
"Hacking a flying satellite live in front of an audience in Paris is not only challenging and exciting but most importantly it will help raising awareness about cyber in the space industry."
"We’re asking people to do, in a controlled environment, exactly what we don’t want to happen in real life. It’s an exciting opportunity to engage with and learn from the best minds across Europe, using one of ESA’s most exciting new missions"
What is OPS- SAT?
OPS-SAT is a cubesat roughly the size of a shoe-box that belongs to the European Space Agency (ESA). Launched on December 18th, 2019, OPS-SAT is flying at an altitude of 515 km. Its goal is to serve as a “flying laboratory” with the sole purpose of testing and validating new techniques in mission control and on-board satellite systems. Over 100 companies and institutions from 17 European countries have registered experimental proposals to fly on OPS-SAT. The satellite is operated from ESOC in Darmstadt, Germany and communicates with mission control via a network of ground stations spread worldwide.
How Hack CYSAT Works
Submit your idea(s)
by filling the form below before February 18th, 2022
- Round 1: On February 25th a jury composed of cyber and space experts will select the top 6 ideas. The selected teams will be invited to develop and test their demos on the “flatsat”, an exact copy of OPS-SAT kept at ESA’s Mission Control for troubleshooting and testing
- Round 2: On March 31st, the jury will announce the top 3 teams selected to perform and present their demos on the flying satellite during the CYSAT conference held at Station F in Paris on April 6-7th
Pro Tips
to stand out from the crowd
- Pro tip 1: Keep in mind your demo needs to include an attack on OPS-SAT’s payloads and/or experimental processing core AS WELL AS the way to detect and mitigate it. You’re playing both the attacker and the defender.
- Pro tip 2: Proposed attacks shall aim at disturbing or interrupting the services on board to jeopardize the integrity, confidentiality and availability of the data collected by the payloads.
- Pro tip 3: Be creative: consider all payloads on board (not only the camera) and all possible attack vectors (operating system, etc) to introduce your malware.
- Pro tip 5: Don’t hesitate to imagine scenarios involving fictive entities to make it easier to understand.
Rules:
There is only one rule: your demo should only involve the experimental processing core and the payloads on board OPS-SAT. The satellite bus, mission control and ground stations network are out of scope. No need to hack the ground network since the access to the satellite WILL BE GRANTED via an IP connection so your demo can be performed with a simple PC connected to the internet.
Jury and selection criteria
Alexandre Karlov
< CYSEC CTO />
Lorem ipsum dolor sit amet, feugait adipisci nec an, an assum dicunt scaevola eam. Ut mel alii nonumy patrioque, mel te vidisse maiorum. Graecis mandamus ullamcorper pri ut, usu ludus facilisi ea. Tritani senserit forensibus sea et, et nam mentitum prodesset repudiandae. At mea aperiri senserit, amet recteque pro ex, duo ex decore voluptatibus. Commune salutatus at vim, no has enim appareat splendide, vitae putant cum at. Cum aliquip vulputate expetendis eu. Per clita doctus oblique at, mei ea tota dicit zril, quas interesset ullamcorper in qui. Veritus voluptua vim te. At nec zril noluisse pericula, albucius forensibus voluptaria et mea, eu sit iudico insolens splendide. Usu te latine voluptatibus, tota erroribus sit ad.
James Pavur
< Ethical hacker />
Lorem ipsum dolor sit amet, feugait adipisci nec an, an assum dicunt scaevola eam. Ut mel alii nonumy patrioque, mel te vidisse maiorum. Graecis mandamus ullamcorper pri ut, usu ludus facilisi ea. Tritani senserit forensibus sea et, et nam mentitum prodesset repudiandae. At mea aperiri senserit, amet recteque pro ex, duo ex decore voluptatibus. Commune salutatus at vim, no has enim appareat splendide, vitae putant cum at. Cum aliquip vulputate expetendis eu. Per clita doctus oblique at, mei ea tota dicit zril, quas interesset ullamcorper in qui. Veritus voluptua vim te. At nec zril noluisse pericula, albucius forensibus voluptaria et mea, eu sit iudico insolens splendide. Usu te latine voluptatibus, tota erroribus sit ad.
Dave Evans
< OPS-SAT_Manager />
Lorem ipsum dolor sit amet, feugait adipisci nec an, an assum dicunt scaevola eam. Ut mel alii nonumy patrioque, mel te vidisse maiorum. Graecis mandamus ullamcorper pri ut, usu ludus facilisi ea. Tritani senserit forensibus sea et, et nam mentitum prodesset repudiandae. At mea aperiri senserit, amet recteque pro ex, duo ex decore voluptatibus. Commune salutatus at vim, no has enim appareat splendide, vitae putant cum at. Cum aliquip vulputate expetendis eu. Per clita doctus oblique at, mei ea tota dicit zril, quas interesset ullamcorper in qui. Veritus voluptua vim te. At nec zril noluisse pericula, albucius forensibus voluptaria et mea, eu sit iudico insolens splendide. Usu te latine voluptatibus, tota erroribus sit ad.
Romain Lecoeuvre
YesWeHack CTO
Mathieu Bailly
CYSAT organizer
Mathieu Bailly CYSAT organizer
ideas will be evaluated based on:
- Creative and realistic scenario:
Judging how much space engineers will freak out when reading your script
- Technical feasibility of the demo:
Do we think that in 2 months you can make it happen live in April on the flying satellite under 6 minutes?
- Educational power:
Judging the potential for story-telling in your scenario and its ability to be understood by non-experts
Awards
The 3 selected teams win an all-paid for trip to Paris to attend the CYSAT conference and perform their demo live!
In addition to an all-paid for trip to Paris, the winning teams will receive a Hack OPS-SAT challenge coin and some surprises!
Fact
You have only 6 minutes of communications with OPS-SAT to hack it or save it. Will you make it?
How to Participate
Team up with friends or colleagues and submit your idea here
Winners
-
Team #1: BAEVR-UK
Team Captain: Dr Adrian Nish
Team background: the team is composed of security professionals from the company BAE Systems
Their demonstration will utilize a known vulnerability to corrupt the images collected by the camera on board
-
Team #2 : JBJ- Finland
Team Captain : Pr Andrei Costin
Team background: the team is composed of security researchers from the University of Jyväskylä (Finland)
Their demonstration will show that malicious code can be remotely installed and executed on board the spacecraft via a simple escalation of privileges
-
Team #3: SpaceBrokers-Germany
Team Captain: Thomas Roth
Team Background: the team is composed of security professionals
Their demonstration will show how a ransomware can be successfully deployed on a satellite
The event
takes
place at
Station F
in Paris
FAQS
What is a flatsat?
A flatsat is a replica of the flying satellite on ground. Connected to the internet, it will be used by the teams to practice their demo before the event and during the event for live demo.
How can I sign up?
Applications for Hack OPS-SAT 2022 are open until February 18th, 2022 on this website
When and where does the event take place?
The event takes place at the Station F in Paris, France, on April 6-7 2022.
How much it Cost?
Participating to Hack OPS-SAT is completely free!
What is the team size?
Teams need to have 2 to 5 members when submitting a project.
Do we need any special equipment to participate?
You will need to your computer and a connection to the internet.
What type of access to the satellite is granted? What interface of connection is used ? What protocol is used to interface with the satellite ?
The access will be both to the stream of SPPs, and a newly added IP VPN endpoint (which is built on top of the SPP stream) to the SEPP, as well as the SFTP directories on the ground Data Relay Server.
IP link allows TCP And UDP protocols, including SSH connections to the unprivileged, experiment-dedicated account onboard or arbitrary experiment applications – the details will be confirmed. In addition there will be access to the stream of SPP PDUs which also serves as an underlying transport for our IP tunnel.
Is there a simulated environment we can play with?
Unfortunately no stand-alone environment, but you can download a full payload platform system image from https://opssat1.esoc.esa.int/dmsf/files/64/view (upon registration). Please use the conventional registration mechanism, simply indicating that you are a security researcher for the CySat challenge. A normal experimenter account will then be granted to the experiment. Conventional registration mechanism means sending an email to ops-sat-experimenter-support@esa.int for an experimenter registration form as a first step.
Are radio interfaces (i.e. AX100 to GOSH) out of scope?
Radio interfaces are not accessible from the experimenter payload platform.