Skip to main content
Skip to main content

IoT cyber security – hacking satellites

Home > News, views & events > IoT cyber security – hacking satellites

< View all views
22 September 2020 | Dawid Golunski, Pentest

One small step for Pentest:
Hack-A-Sat CTF

Dawid Golunski  of information security company Pentest, talks about one of the company’s latest challenges – attempting to hack a satellite in a ‘capture the flag’ challenge  

We’ve tested some cool stuff in our time here at Pentest. Oil rigs, face recognition systems, banking systems, health applications, the list goes on … But we’ve never tested anything in space. That may be our final frontier.

So, when we heard about the Hack-A-Sat Capture the Flag (CTF) challenge run by The United States Air Force, in conjunction with the Defense Digital Service, we knew we had to get involved in.

Space systems aren’t something we have experience in, and we had no expectations going into the competition. Using it more as a learning opportunity rather than having any hopes of getting near the top of the leaderboard. But we were up for a challenge, and what a challenge it proved to be.

For those who don’t know the format of the competition, this qualifying stage consisted of a set challenges in a number of different categories, with the top 10 teams being invited back later in the year to hack a representative ground-based and on-orbit satellite system.

Lasting for two days, the CTF started with a small selection of ‘easy’ challenges, points were awarded when solved and the quickest teams had the advantage of being able to choose which categories they wanted to open up further.

These categories included:

  • Astronomy, Astrophysics, Astrometry, Astrodynamics (AAAA)
  • Satellite Bus
  • Ground Segment
  • Communication Systems
  • Payload Modules
  • Space and Things

The easy challenges were fine, and we solved them shortly after the quickest team. However, the quickest team decided to open the AAAA category. Eek!

This was not within our comfort zone and quite a few hours passed before any teams started to solve the problems. When they did, they then decided to open more challenges within the AAAA category – the monsters! That meant it was quite a few hours before more ‘familiar’, and we use that term loosely, technical stuff started to open.

In the end, we finished 127th out of 1278 teams, solving several challenges, including two within the AAAA category, which is amazing! To see just how difficult the challenges were, you take a look at our solution to ‘I Like to Watch’ AAAA challenge by clicking here.

Considering the size of our team, the nature of the challenges and the people we were competing against, we can be extremely proud of our efforts and we’re looking forward to the next one.

To infinity and beyond.