Cybersecurity of COSPAS-SARSAT and EPIRB: threat and attacker models, exploits, future research

TL;DR

This paper examines the cybersecurity vulnerabilities of the COSPAS-SARSAT satellite rescue system, demonstrating practical attacks and proposing mitigations to enhance its security.

Contribution

It is the first to practically demonstrate attacks on COSPAS-SARSAT protocols and discusses key cybersecurity challenges and potential defenses.

Findings

Successful replay, spoofing, and fuzzing attacks on EPIRB protocols

Identification of critical cybersecurity weaknesses in COSPAS-SARSAT

Outline of future research challenges and mitigation strategies

Abstract

COSPAS-SARSAT is an International programme for "Search and Rescue" (SAR) missions based on the "Satellite Aided Tracking" system (SARSAT). It is designed to provide accurate, timely, and reliable distress alert and location data to help SAR authorities of participating countries to assist persons and vessels in distress. Two types of satellite constellations serve COSPAS-SARSAT, low earth orbit search and rescue (LEOSAR) and geostationary orbiting search and rescue (GEOSAR). Despite its nearly-global deployment and critical importance, unfortunately enough, we found that COSPAS-SARSAT protocols and standard 406 MHz transmissions lack essential means of cybersecurity. In this paper, we investigate the cybersecurity aspects of COSPAS-SARSAT space-/satellite-based systems. In particular, we practically and successfully implement and demonstrate the first (to our knowledge) attacks on COSPAS-SARSAT 406 MHz protocols, namely replay, spoofing, and protocol fuzzing on EPIRB protocols. We also identify a set of core research challenges preventing more effective cybersecurity research in the field and outline the main cybersecurity weaknesses and possible mitigations to increase the system's cybersecurity level.