
Cracking satellites for high speed Internet (Feb 2010) - gasull
http://www.forbes.com/2010/02/02/hackers-cybercrime-cryptography-technology-security-satellite.html
======
_delirium
Fwiw, here are two slide decks of his from Black Hat '10:

17-slide version: [http://www.blackhat.com/presentations/bh-
dc-10/Nve_Leonardo/...](http://www.blackhat.com/presentations/bh-
dc-10/Nve_Leonardo/BlackHat-DC-2010-Nve-Playing-with-SAT-1.2-wp.pdf)

105-slide version: [http://www.blackhat.com/presentations/bh-
dc-10/Nve_Leonardo/...](http://www.blackhat.com/presentations/bh-
dc-10/Nve_Leonardo/BlackHat-DC-2010-Nve-Playing-with-SAT-1.2-slides.pdf)

~~~
sp4rki
Thanks a bunch, I was left wanting to read more about this. If there only was
a video online of his presentation.

------
adulau
This is relying on the classical approach of the ground equipment operated by
satellite operator or internet provider relying on satellite. The upstream and
the downstream are independent from each other. Usually you have two
independent channels for encapsulation : a DVB-S/DVB-S2 (with MPE
encapsulation) on the downstream and a proprietary DVB-RCS (a strange concept
for a standard ;-) on the upstream.

By so, it was somehow difficult to keep track of active terminal as packet
encapsulation and decapsulation as this is often independent infrastructure
doing so. By so, an attacker could benefit from this lack of state tracking,
by injecting packet in one direction to have a functional transmission
channel. This allows collateral attacks on the downstream when the traffic is
unauthenticated and in clear (like some explained in the slides at BlackHat).

To limit such attacks, an authentication and encryption layer/scheme must be
provided on the downstream (and a smaller scale, on the upstream). Some VSAT
equipment suppliers implement such scheme (including protocol keys
distribution scheme among terminals) but it's not regularly the case due to
incompatibilities with existing terminals or other limitations.

~~~
burgerbrain
I was under the impression that most satellite internet setups used regular
phone lines instead of actually using a satellite uplink. Are we not talking
about consumer setups here?

~~~
adulau
That was the case some years ago (and still for some old services). But a lot
of new "DVB-RCS"-like services (e.g. , Newtec Sat3Play or Hughes broadband)
now use the uplink as a return channel (usually in Ku or Ka band) instead of
regular phone lines.

------
rbanffy
OK... Now, how about control channels and "rooting" a satellite? Because there
must be some communication from the ground for things like transponder
relocation and attitude control.

~~~
lesterbuck
Even better, how about enabling the military functions in all US commercial
satellites? They all have military override abilities to serve as
communication backups if the primaries are taken out during war.

~~~
rbanffy
I was more in the mood of transmitting a Monty Python's Flying Circus mega-
marathon, but, sure, your plan would be fun too. ;-)

------
stcredzero
This could be exploited to create small mobile "pirate datacenters." Such
equipment could be mounted on a small truck or RV. An entire "pirate cloud"
could be established with redundant datacenters going offline to relocate. I
wonder if it would be easy to hide such uplinks amongst legitimate signals and
avoid detection by police in a country like China.

