TV Equipment Used To Eavesdrop On Sensitive Satellite Communications

With just £270 ($300) of home television equipment an Oxford University-based security researcher caught terabytes of real-world satellite traffic including sensitive information from “some of the world’s largest organizations.”

The news comes as the number of satellites in the orbit is said to have an increment from around 2,000 today to more than 15,000 by 2030. James Pavur, a Rhodes Scholar and DPhil student at Oxford will detail the attack in a session at the Black Hat security conference toward the beginning of August.

Alongside it Pavur will demonstrate that, “under the right conditions” attackers can easily hijack active meetings by means of the satellite link, a session overview revealed.

While full details of the attack won’t be uncovered until the Black Hat conference, a 2019 conference paper published by Pavur gives a ‘sneak peek’ into a small part of the challenges of security in the satellite communications space.

It seems to all come down into the absence of encryption-in-transit for satellite-based broadband communications.

The May 2019 paper (“Secrets in the Sky: On Privacy and Infrastructure Security in DVB-S Satellite Broadband“) notes: “Satellite transmissions cover vast distances and are subject to speed-of-light latency effects and packet loss which can impair the function of encryption schemes designed for high-reliability terrestrial environments (e.g. by requiring re-transmission of corrupted key materials). Moreover, satellites themselves are limited in terms of computing capabilities, and any on-board cryptographic operation risks trading off with other mission functionality.”

It additionally uncovers how a small portion of the eavesdropping in was led utilizing a “75 cm, flat-panel satellite receiver dish and a TBS-6983 DVB-S receiver….configured to receive Ku-band transmissions between 10,700 MHz and 12,750 MHz”

Image2B1
Pavur grabbed sensitive communications using tools costing less than $300, including a Selfsat H30D Satellite Dish, a TBS 6983 Satellite PCI-E, and a three-meter coaxial cable.

Pavur even focuses on the Digital Video Broadcasting-Satellite (DVB-S) and DVB-S rendition 2 protocols, which transmit information in MPEG-TS format. The paper includes: “A collection of Python utilities… was used to analyze each of these transponders for signs of DVB-based internet transmissions.”

The 2018 experiment takes note of that through manual review of the intercepted traffic, the security researchers distinguished “[traffic] flows associated with electrical power generation facilities”

“Vulnerable systems administration pages and FTP servers were publicly routable from the open internet. This means that an attacker could sniff a session token from a satellite connection, open a web browser, and log in to the plant’s control panel…”

Alongside further details on the attack, Pavur will at Black Hat present an “open-source tool which individual customers can use to encrypt their traffic without requiring ISP involvement.”

Original Source