The Revenge of Angry Birds

Hacking a Bird in the SkyThe Revenge of Angry Birds

Jim Geovedi, Raditya Iryandi, Raoul Chiesa

Satellite CommunicationWhen terrestrial communication FAIL, we PREVAIL!

Arthur C. Clarke1917-2008

Local ISPs

Video Contribution

Teleport PSTN

End Users

End Users

InternetTeleport

Corporate Data Networks(Interactive & Multicast)

Direct Broadcast TVLast-mile Broadband

Broadcast Video toCable Headends

EARTH

Geostationary OrbitAltitude: 35,786 km

Low Earth OrbitAltitude: 500-2,000 km

Medium Earth OrbitAltitude: 8,000-20,000 km

average distance to moon:384,400 km

Highly Elliptical OrbitAltitude: >35,786 km

Propulsion System

Solar Arrays Solar ArraysTelemetry, Attitude Control, Commanding, Fuel, Batteries, Power/Thermal Systems

High Power,Amplifier,Filter

Down-converter,Pre-amplifier,Filter

TransponderTransmitterSection

TransponderReceiverSection

Uplink Downlink

Earth Stations / Antennas

RX AntennaJakarta

TX AntennaJayapura

Telkom-1 Footprint / 108.0º East (C Band)

C Band

38 40 42

Frequency Band Designations

Example of Frequency and Polarisation Distribution

37201

37603

38005

38407

38809

392011

396013

400015

404017

408019

412021

416023

406018

410020

414022

394012

398014

402016

38206

38608

390010

3701T/M

37402

37804

418024

4199T/M

3700 4200

Frequency MHz

Transmit

Ho

rizo

ntal

P

ola

risa

tion

Vert

ical

P

ola

risa

tion

59451

59853

60255

60657

61059

614511

618513

622515

626517

630519

634521

638523

628518

632520

636522

616512

620514

624516

60456

60858

612510

59652

60054

640524

6424CMD

5925 6245

Frequency MHz

Receive

Vert

ical

P

ola

risa

tion

Ho

rizo

ntal

P

ola

risa

tion

Channel spacing = 40 MHz — Usable bandwidth = 36 MHz

VSAT / Very Small Aperture Terminal

‣ Two-way satellite communication

‣ Use small dish antennas (diameter: 75cm-2,4m)

‣ Managed by the HUB(master earth station)

VSAT / Services

‣ One-way multicast

‣ One-way with terrestrial return

‣ Two-way satellite access

Hub EquipmentHub EquipmentHub EquipmentHub Equipment

TV Station / HQ Network Affiliated TV Stations

VSAT Network Topologies / Simplex Transmission

VSAT Network Topologies / Point-to-Point Duplex Transmission

Customer Site

Private Network

Public Network

Customer Site

Private Network

Public Network

CPE CPE

VSAT Network Topologies / Point-to-Multipoint Transmission

CPE CPE CPE

Network or Sites Network or Sites Network or Sites

VSAT Network Topologies / Mobile Antenna Service

Hub Equipment

Customer Site

Private Network

Public Network

VSAT Network Topologies / Star Network

Hub EquipmentHub EquipmentHub EquipmentHub Equipment

Public/Private Networks Networks or Sites

VSAT Network Topologies / Mesh Network

Hub Equipment

Networks or Sites

Hub Equipment

Networks or Sites

Hub Equipment

Networks or Sites

f1 f2 f3

Transponder

f1 f2 f3

Access Methods / FDMA (Frequency Division Multiple Access)

Access Methods / TDMA (Time Division Multiple Access)

f1

Transponder

f1

f1f1 f1

Access Methods / CDMA (Code Division Multiple Access)

Transponder

f1 f1 f1 f1

------------------------------------------

oooooooooooooooooooooooooooooooooooooooooo

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

++++++++++++++++++++++++++++++++++++++++++

Satellite VulnerabilitiesCurrent systems are vulnerable to a variety of attacks, and future systems promise little improvement.

Unless you have millions of dollars and a team of engineers, you have no hope of taking over commercial or governmental satellites.

If someone did put together the power to try such a stunt, they would be more likely to damage a satellite than take it over.

How to Break into Satellites: Not!Carolyn Meinel’s GUIDE TO (mostly) HARMLESS HACKING

Gobbles!

hackers will eventually find a way to hack

network of trust

vendors

government

customers

management

employees

spieS

It is worth noting that the most likely cause of damage to or loss of service from a satellite is the actual operator.

Dan Veeneman

Dan VeenemanLow Earth Orbit Satellites

Dan VeenemanFuture & Existing Satellite Systems

WarezzmanDVB Satellite Hacking

Jim Geovedi, Raditya Iryandi,Hacking a Bird in the Sky: Hijacking VSAT Connection

Jim Geovedi, Raditya Iryandi, Anthony ZboralskiHacking a Bird in the Sky: Exploiting Satellite Trust Relationship

Adam Laurie$atellite Hacking for Fun & Pr0fit!

Leonardo Nve Egea, Christian MartorellaPlaying in a Satellite Environment 1.2

Jim Geovedi, Raditya IryandiHacking Satellite: A New Universe to Discover

1996 1998 2004 2006 2008 2009 2011

Jim Geovedi, Raditya Iryandi, Raoul ChiesaHacking a Bird in the Sky: The Revenge of Angry Birds

Veeneman’s Satellite Hypothetical Attacks

Jam Uplink

Overpower Uplink

Jam Downlink

Denial of Service

?

Takeover Spare Satellite

Raging Transponder Spoofing

Direct Commanding

Command Replay

Insertion

Orbital Positioning

Satellite Operation Centre

FrequencyConversion

GeolocationSpectrumMonitoring

Digital/Analog Record and Replay

Network Gateway

Network Gateway COMSEC Front-end Processor

IP

GroundAntenna

Command and Control

Receivers/Modems

Satellite TT&C Ground Networks

Land Earth Station Attacks

Satellite-based Attacks Against ATMs and Bank NetworksIt's not a big truck. It's a series of tubes.

CORE

TRADE FINANCE TREASURY

DATA WAREHOUSING

ANTI MONEY LAUNDERINGREMITTANCE

CRM

COLLECTION SYSTEMATM SWITCH

INTERNET BANKING

ISLAMIC (SHARIA) BANKING

MOBILE BANKING

CARD MANAGEMENT

VSAT / Automated Teller Machine Networks

Hub EquipmentHub EquipmentHub EquipmentHub Equipment

Core Banking Networks Automated Teller Machines

Standard Network Equipment

ATM ATM ATM ATM

VSAT / Automated Teller Machine Networks

Automated Teller Machine

Automated Teller Machine

OMFGWTFKTHXBYE

The Usual Culprits

People ProblemsWeak Passwords

Lack of AwarenessLack of Skills

System ProblemsOutdated Systems

Insecure ConfigurationsInsecure Protocols

MANAGEMENT PROBLEMS

Distributed Satellite Scanning FrameworkIdentify potential problems at an early stage.

Framework Goals

‣ Dead or Alive status / checking if the bird is still alive

‣ Protocols / understand which protocols the target is running

‣ Service type / knowing which service we can (ab)use

‣ Distributed IP C&C / widening the coverage

Distributed IP C&C

Satellite Carrier Monitoring System

‣ Spectrum Analyser and Digital Spectrum Processor analysis

‣ Reference trace and measurement

‣ Automatic alerts for abnormal and missing carriers

Shared Data

What’s Next?No, the journey doesn't end here.

http://www.dunnspace.com/leo_on_the_cheap.htm

Fin.Jim Geovedi <jim@geovedi.com>, @geovediRaoul Chiesa <raoul.chiesa@mediaservice.net>