Jump to content

Security of old systems

technion

By technion
in Science & Spaceflight

 Share

Recommended Posts

technion

technion

Posted
Posted

Hey guys,

When I look at the IT landscape today vs what it was like in the early 90's, there are major differences. Aside from just "computers were slow", things like, "you could connect to any email server anywhere and have it send email on your behalf claiming to be anyone you like", and "the fact no one outside this office knows about this system is all the security we need" come to mind.

So when I look at something like Voyager 1, which presumably is still taking orders from NASA based on a protocol built long before that, the question in my mind is:

What stops someone from sending it forged signals? I mean, the only encryption to exist that long ago was single stage DES. If there's a password involved, it's probably all zeroes...

I have visions of a high school prank being very nasty here!

Link to comment
Share on other sites
Kerbin Dallas Multipass

Kerbin Dallas Multipass

Posted
Posted

Hmm. You're thinking that old hardware still floating in space could be hacked?

Very interesting thought.

I'm assuming here: The voyagers were launched during the cold war, so they will probably have some protection against evil soviet sabotage. This will not be NSA-proof encryption but maybe not eight zeros as a password (if you get my hint)

Being hacked is also more likely if there is an incentive and if the target is accessible.

Both factors are not really there. The incentive would be pure sabotage of a widely accepted scientific project. To gain access you probably need a 30m dish.

There is a huge difference between this and the 100 million outlook express users you can potentially target with your 200 dollar netbook once you are online.

Link to comment
Share on other sites
pxi

pxi

Posted
Posted (edited)
And you know a lot of high school students with a total, unsupervised access to a radio telescope, which by now you'd need to pull such a prank?

Because hackers avoid trying to climb seemingly unconquerable peaks....

Being hacked is also more likely if there is an incentive and if the target is accessible.

Both factors are not really there. The incentive would be pure sabotage of a widely accepted scientific project. To gain access you probably need a 30m dish.

There is a huge difference between this and the 100 million outlook express users you can potentially target with your 200 dollar netbook once you are online.

What's the incentive in hacking anything? The challenge, and/or because you can.

I agree the scenario is unlikely, but not beyond the realms of possibility.

EDIT: And then there's this: http://en.wikinews.org/wiki/Voyager_1_signal_received_by_radio_amateurs

Edited by pxi
Link to comment
Share on other sites
technion

technion

Posted
  • Author
Posted (edited)
And you know a lot of high school students with a total, unsupervised access to a radio telescope, which by now you'd need to pull such a prank?

It's a theoretical question about the capabilities, so "let's say a group of kids did have such access".

I'm interested in what protections (or lack thereof) may actually exist moreso than the likelihood of it being exploited.

Edit: If "hacking" involves defeating the security of "no attacker would have access to an appropriate antenna", that is a very interesting prospect. From the security landscape of the day, that would not surprise me.

Edited by technion
Link to comment
Share on other sites
NGTOne

NGTOne

Posted
Posted

OK, so Voyager's out - I wonder if there's anything closer to home (and that nobody really cares too much about) that's still active (or dormant, rather than dead)? One of the old lunar probes/rovers, maybe?

Link to comment
Share on other sites
K^2

K^2

Posted
Posted
It's a theoretical question about the capabilities, so "let's say a group of kids did have such access".

Then we might as well assume they have the protocol and access codes. In fact, I wouldn't be surprised if these things, if not completely open to public, are under such low security that someone who really wants them, can get them.

Access to communication hardware is the hard part here. That's the only real obstacle in you taking control of the Voyager spacecraft. Everything else might as well be just given in comparison.

OK, so Voyager's out - I wonder if there's anything closer to home (and that nobody really cares too much about) that's still active (or dormant, rather than dead)? One of the old lunar probes/rovers, maybe?

Given the amount of junk that's up there? Probably.

Link to comment
Share on other sites
Kerbin Dallas Multipass

Kerbin Dallas Multipass

Posted
Posted
Because hackers avoid trying to climb seemingly unconquerable peaks....

What's the incentive in hacking anything? The challenge, and/or because you can.

I agree the scenario is unlikely, but not beyond the realms of possibility.

EDIT: And then there's this: http://en.wikinews.org/wiki/Voyager_1_signal_received_by_radio_amateurs

You are basically repeating my points.

The incentive is childishness (lowest thinkable), the hurdle to get access is gigantic. So the likelyhood of being targeted by hackers is extremely low but not impossible.

Regarding your edit: You are totally aware that receiving signals from a space probe and sending commands to a space probe are incomparable.

Link to comment
Share on other sites
pxi

pxi

Posted
Posted
You are basically repeating my points.

The incentive is childishness (lowest thinkable), the hurdle to get access is gigantic. So the likelyhood of being targeted by hackers is extremely low but not impossible.

Regarding your edit: You are totally aware that receiving signals from a space probe and sending commands to a space probe are incomparable.

I think that depends on your point of view. If you can recieve the signals, from a radio perspective you've solved half of the being able to talk to it problem. The other half of the problem is simply a larger challenge. Comparable enough to be mentioned in the discussion in my humble opinion.

Link to comment
Share on other sites
Kilmeister

Kilmeister

Posted
Posted

I'd say it would be plausible, but extremely unlikely and it would require a huge amount of effort with little to no payoff.

But for funsies let me throw down some thoughts. Assuming you had access to some kind of capable hardware, lets find one to hack.

First off, as a list of possible candidates, you'd need one that hasn't been properly decommissioned. Ones that were decommissioned via deorbiting are obviously not viable candidates.

"When NOAA decommissions a geostationary satellite, it is boosted further into orbit, the remaining fuel is expended, the battery is disabled and the transmitters are turned off."

So you'd need one that the previous owners didn't feel bothered to turn off, but it would have to be fairly recently retired so that it's still oriented in a position to receive a signal. So your list of candidates is getting smaller.

But lets assume you find one. Don't know very much about satellite communication and control protocols, but I'd imagine most older ones would be very hardware specific. It's not like if you hacked into Hubble you could hit the "take picture" button and receive a jpeg of a galaxy. You would have to know specifically the commands to send, how to send them, then have software(possibly hardware) to decode the signals into something useful.

But as mentioned previously, you are a hacker, and you tricked some old retired engineer to send you the protocols to communicate with your target by promising him billions from his recently deceased uncle who was a Nigerian prince. So we have all the tools required to pull off our hack. Now depending on the type of satellite it was, our payoff could be really cool, or be really lame. Now we have to power up and get our baby working again. Assuming all the hardware is still functional(It was retired for a reason).

If we got some kind of imaging satellite with still working reaction wheels we could now decode random pictures of earth at varying times. It'd be like using Google maps, but instead of being able to see what you want we'd get a random picture every few hours! (This is the good payoff) otherwise we get a number feed which is some random science fact which we could've just looked up.

But hey, we put all that effort into it. Who cares if we get a random spew of insignificant numbers. We put a lot of time and money into this. The world should know my 1337ness. Lets post our exploits on the internet to boast about our number feed. Unfortunately, this would require others to gain access to the same hardware resources just to verify, which most people wouldn't do being that they won't even get the benefit of accomplishing it themselves, so the "look at me" benefit is kinda low.

Offtopic: Something I found while looking stuff up for this. Okay, back to work! Cool timelapse video. 2004 in Florida was fun :(

Link to comment
Share on other sites
Idobox

Idobox

Posted
Posted

http://robert.accettura.com/blog/2012/04/24/oldest-working-satellites/

A list of possible targets.

Hacking a satellite is difficult, and can be easily detected. Unless you know the protocol before hand, you will need to communicate with the target and/or spy on its normal communication (up and down stream).

Which means the military could easily detect your attempts and localize you (if they care about your target, which they probably do). You also need to be somewhere the satellite antenna is pointing at, for a geostationary one, it would mean relatively close to the owner's antenna.

You can't ddos a satellite if you don't have an emitter at least comparable to the owner, usually a country or major corporation with a budget that has a few more zeros than yours. Again, very easy to detect.

Another issue is that you aren't hacking a popular, multi-purpose system. The device has a reasonable chance of being unique, with very limited possibilities. You couldn't hack Spoutnik more that you can hack a mechanical clock at a distance. If the thing has ROM memory and analog processing (quite likely in a machine that old), the best you could would be to give it instructions similar to what the owner might, like attitude or orbit change, which could easily render the satellite inoperable. The kind of hackers would do harmless jokes for the lulz would be out (why make a 40 year old satellite turn by 5° if you can try to post shopped pics of colonel Hadfield on ISS computers (yes, they have internet))

Also, I'm not sure the premise is true. We're not talking of an corporate office software here, we're talking of high impact, high budget, high value military projects. Disabling the enemy communications is a priority in war times, and people responsible for this type of projects would have that in mind, especially during the cold war.

Link to comment
Share on other sites
Dunbaratu

Dunbaratu

Posted
Posted (edited)

The main reason that old low "resolution" encryption methods aren't good enough today is that modern computers can brute force their way through solutions quicker. But if you're trying to talk to something with a lightspeed delay involved the speed of your computer isn't the limiting factor. You're not going to be making 1,000,000 attempts per second to hack into a device with a round-trip time of 8 minutes, or even one of just 0.1 seconds.

The other problem is that you can't hide your break-in attempts inside massive internet traffic to camouflage what you're doing. Someone beaming data at your craft from a different location on Earth is more out of the ordinary than someone trying to log in to your server.

It would probably be easier to get to the craft indirectly by first breaking into the ground control system and then using it to direct the craft.

Edited by Steven Mading
Link to comment
Share on other sites
jwenting

jwenting

Posted
Posted

indeed. The vast majority of crackers and other computer criminals are employed by organised criminal gangs or nation states.

They work to either damage the national interests of other nation states or to steal things, usually money but sometimes information.

Voyager provides neither incentive, and the cost of such an operation makes it less than ideal to use as a practice run.

Link to comment
Share on other sites
Idobox

Idobox

Posted
Posted

Wooo, there exist hackers that do it for fun, that completely disproves the affirmation by jwenting.

I'd like to point out that nation states are very interested in hacking satellites, but since that would probably be considered an act of war, don't do it too often. They even invest in missile to shoot them down, and jet fighter based launch system to replace those taken down by the enemy, which is probably much more expensive than even a very good team of hackers.

Link to comment
Share on other sites
technion

technion

Posted
  • Author
Posted
They even invest in missile to shoot them down, and jet fighter based launch system to replace those taken down by the enemy, which is probably much more expensive than even a very good team of hackers.

But that would apply to MODERN satellites. Following technological trends, satellite built more recently would have a much higher level of security. You can't touch a Government system unless it's FIPS-compliant, which, interestingly, seems to be demonstrated to be one of the weaker standards.

Link to comment
Share on other sites
3_bit

3_bit

Posted
Posted

I'd wager brute force could easily get one into an old satellite.

The best part is your smartphone could easily handle it, as you really don't need much processing power by today's standards to do that kind of stuff. Unfortunately, seeing as how it takes some 17 hours for a signal to reach Earth from there, such things could take a while. If you would actually have the capability to do such things, you can find the frequency to send signals to it at, being 2114.676697 MHz. Unfortunately, as I have also just found out, it will cease function around 2025. So much for a long-duration journey. I'm confident it will find loads of data before then, however.

Link to comment
Share on other sites
This thread is quite old. Please consider starting a new thread rather than reviving this one.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...