Evaluating an Effective Ransomware Infection Vector in Low Earth Orbit Satellites

TL;DR

This paper demonstrates a novel ransomware infection method for satellites, showing a 33.3% success rate in an emulated environment, highlighting security vulnerabilities in satellite systems.

Contribution

It introduces the first end-to-end exploit path for ransomware infection in satellite systems without supply chain or credential attacks.

Findings

33.3% infection success rate in emulation

First demonstration of satellite ransomware exploit

Highlights security vulnerabilities in satellite systems

Abstract

Non-Terrestrial Networks (NTNs) and satellite systems have become an important component of modern data communication systems in recent years. Despite their importance, the security of these systems is often limited, leaving them vulnerable to determined attackers. In this paper, we outline a scenario in which an attacker can infect an in-orbit NASA Core Flight System (cFS) based satellite with ransomware and communicate the infection back to a satellite operator. This paper is the first to demonstrate an end-to-end exploit path that results in a ransomware infection without the need for a supply chain attack or compromised credentials. Novel ransomware is delivered to an emulated satellite system using custom shellcode that exploits a weakness in the considered scenario. The scenario considered by this initial piece of work achieves a success rate of 33.3\% for a complete successful infection.