the revenge of angry birds
TRANSCRIPT
Hacking a Bird in the SkyThe Revenge of Angry Birds
Jim Geovedi, Raditya Iryandi, Raoul Chiesa
Satellite CommunicationWhen terrestrial communication FAIL, we PREVAIL!
Arthur C. Clarke1917-2008
Local ISPs
Video Contribution
Teleport PSTN
End Users
End Users
InternetTeleport
Corporate Data Networks(Interactive & Multicast)
Direct Broadcast TVLast-mile Broadband
Broadcast Video toCable Headends
EARTH
Geostationary OrbitAltitude: 35,786 km
Low Earth OrbitAltitude: 500-2,000 km
Medium Earth OrbitAltitude: 8,000-20,000 km
average distance to moon:384,400 km
Highly Elliptical OrbitAltitude: >35,786 km
Propulsion System
Solar Arrays Solar ArraysTelemetry, Attitude Control, Commanding, Fuel, Batteries, Power/Thermal Systems
High Power,Amplifier,Filter
Down-converter,Pre-amplifier,Filter
TransponderTransmitterSection
TransponderReceiverSection
Uplink Downlink
Earth Stations / Antennas
RX AntennaJakarta
TX AntennaJayapura
Telkom-1 Footprint / 108.0º East (C Band)
C Band
38 40 42
Frequency Band Designations
Example of Frequency and Polarisation Distribution
37201
37603
38005
38407
38809
392011
396013
400015
404017
408019
412021
416023
406018
410020
414022
394012
398014
402016
38206
38608
390010
3701T/M
37402
37804
418024
4199T/M
3700 4200
Frequency MHz
Transmit
Ho
rizo
ntal
P
ola
risa
tion
Vert
ical
P
ola
risa
tion
59451
59853
60255
60657
61059
614511
618513
622515
626517
630519
634521
638523
628518
632520
636522
616512
620514
624516
60456
60858
612510
59652
60054
640524
6424CMD
5925 6245
Frequency MHz
Receive
Vert
ical
P
ola
risa
tion
Ho
rizo
ntal
P
ola
risa
tion
Channel spacing = 40 MHz — Usable bandwidth = 36 MHz
VSAT / Very Small Aperture Terminal
‣ Two-way satellite communication
‣ Use small dish antennas (diameter: 75cm-2,4m)
‣ Managed by the HUB(master earth station)
VSAT / Services
‣ One-way multicast
‣ One-way with terrestrial return
‣ Two-way satellite access
Hub EquipmentHub EquipmentHub EquipmentHub Equipment
TV Station / HQ Network Affiliated TV Stations
VSAT Network Topologies / Simplex Transmission
VSAT Network Topologies / Point-to-Point Duplex Transmission
Customer Site
Private Network
Public Network
Customer Site
Private Network
Public Network
CPE CPE
VSAT Network Topologies / Point-to-Multipoint Transmission
CPE CPE CPE
Network or Sites Network or Sites Network or Sites
VSAT Network Topologies / Mobile Antenna Service
Hub Equipment
Customer Site
Private Network
Public Network
VSAT Network Topologies / Star Network
Hub EquipmentHub EquipmentHub EquipmentHub Equipment
Public/Private Networks Networks or Sites
VSAT Network Topologies / Mesh Network
Hub Equipment
Networks or Sites
Hub Equipment
Networks or Sites
Hub Equipment
Networks or Sites
f1 f2 f3
Transponder
f1 f2 f3
Access Methods / FDMA (Frequency Division Multiple Access)
Access Methods / TDMA (Time Division Multiple Access)
f1
Transponder
f1
f1f1 f1
Access Methods / CDMA (Code Division Multiple Access)
Transponder
f1 f1 f1 f1
------------------------------------------
oooooooooooooooooooooooooooooooooooooooooo
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
++++++++++++++++++++++++++++++++++++++++++
Satellite VulnerabilitiesCurrent systems are vulnerable to a variety of attacks, and future systems promise little improvement.
Unless you have millions of dollars and a team of engineers, you have no hope of taking over commercial or governmental satellites.
If someone did put together the power to try such a stunt, they would be more likely to damage a satellite than take it over.
How to Break into Satellites: Not!Carolyn Meinel’s GUIDE TO (mostly) HARMLESS HACKING
Gobbles!
hackers will eventually find a way to hack
network of trust
vendors
government
customers
management
employees
spieS
It is worth noting that the most likely cause of damage to or loss of service from a satellite is the actual operator.
Dan Veeneman
Dan VeenemanLow Earth Orbit Satellites
Dan VeenemanFuture & Existing Satellite Systems
WarezzmanDVB Satellite Hacking
Jim Geovedi, Raditya Iryandi,Hacking a Bird in the Sky: Hijacking VSAT Connection
Jim Geovedi, Raditya Iryandi, Anthony ZboralskiHacking a Bird in the Sky: Exploiting Satellite Trust Relationship
Adam Laurie$atellite Hacking for Fun & Pr0fit!
Leonardo Nve Egea, Christian MartorellaPlaying in a Satellite Environment 1.2
Jim Geovedi, Raditya IryandiHacking Satellite: A New Universe to Discover
1996 1998 2004 2006 2008 2009 2011
Jim Geovedi, Raditya Iryandi, Raoul ChiesaHacking a Bird in the Sky: The Revenge of Angry Birds
Veeneman’s Satellite Hypothetical Attacks
Jam Uplink
Overpower Uplink
Jam Downlink
Denial of Service
?
Takeover Spare Satellite
Raging Transponder Spoofing
Direct Commanding
Command Replay
Insertion
Orbital Positioning
Satellite Operation Centre
FrequencyConversion
GeolocationSpectrumMonitoring
Digital/Analog Record and Replay
Network Gateway
Network Gateway COMSEC Front-end Processor
IP
GroundAntenna
Command and Control
Receivers/Modems
Satellite TT&C Ground Networks
Land Earth Station Attacks
Satellite-based Attacks Against ATMs and Bank NetworksIt's not a big truck. It's a series of tubes.
CORE
TRADE FINANCE TREASURY
DATA WAREHOUSING
ANTI MONEY LAUNDERINGREMITTANCE
CRM
COLLECTION SYSTEMATM SWITCH
INTERNET BANKING
ISLAMIC (SHARIA) BANKING
MOBILE BANKING
CARD MANAGEMENT
VSAT / Automated Teller Machine Networks
Hub EquipmentHub EquipmentHub EquipmentHub Equipment
Core Banking Networks Automated Teller Machines
Standard Network Equipment
ATM ATM ATM ATM
VSAT / Automated Teller Machine Networks
Automated Teller Machine
Automated Teller Machine
OMFGWTFKTHXBYE
The Usual Culprits
People ProblemsWeak Passwords
Lack of AwarenessLack of Skills
System ProblemsOutdated Systems
Insecure ConfigurationsInsecure Protocols
MANAGEMENT PROBLEMS
Distributed Satellite Scanning FrameworkIdentify potential problems at an early stage.
Framework Goals
‣ Dead or Alive status / checking if the bird is still alive
‣ Protocols / understand which protocols the target is running
‣ Service type / knowing which service we can (ab)use
‣ Distributed IP C&C / widening the coverage
Distributed IP C&C
Satellite Carrier Monitoring System
‣ Spectrum Analyser and Digital Spectrum Processor analysis
‣ Reference trace and measurement
‣ Automatic alerts for abnormal and missing carriers
Shared Data
What’s Next?No, the journey doesn't end here.
http://www.dunnspace.com/leo_on_the_cheap.htm
Fin.Jim Geovedi <[email protected]>, @geovediRaoul Chiesa <[email protected]>