cyranoRussian spy spacecraft have intercepted Europe’s key satellites, officials believe
talThe official expressed concern that sensitive information — notably command data for European satellites — is unencrypted, because many were launched years ago without advanced onboard computers or encryption capabilities.
According to the article the satellites that were shadowed were:
Satellite Launch date RASCOM-QAF1R August 4, 2010 Eutelsat 3B July 2014 Eutelsat Konnect VHTS September 7, 2022 Astra 4A November 18, 2007 SES-5 July 9, 2012 Eutelsat KA-SAT 9A December 26, 2010 Eutelsat 9B January 30, 2016 Eutelsat 3C February 12, 2009That wasn’t that long ago relative to encryption being done on computers.
reabsorbthelightYeah, wtf is going on. GPG was released in 1999 and encryption existed before that too. www.ssldragon.com/…/history-of-ssl-tls-versions/
How is this unencrypted
There was something of a to-do a couple years ago when some researchers were trying to see how strong encryption satellites were using and whether they could break it and discovered that a number of of satellite operators weren’t bothering to encrypt things at all.
EDIT:
This might be more recent than that:
kratosspace.com/…/the-state-of-satellite-encrypti…
A new study from the University of California San Diego (UCSD) and the University of Maryland has performed the most comprehensive public exploration into geostationary (GEO) satellite security yet, logging large amounts of unencrypted data being broadcast across 411 transponders on 39 GEO satellites, which were intercepted with a simple commercial-off-the-shelf satellite dish costing a few hundred dollars.
Wow. Amazing. I basically encrypt everything by default because I’m so paranoid. Sometimes multiple layers of encryption
BeltalowdaI’m a software engineer in space and the things I’ve heard are astounding. Basically space software as a sector is super backwards and operated under a “We’re too far away to be hacked” mentality for way too long.
Thankfully, that is changing, and the EU Space Act mandates cybersec in some cases
What I observe is not so much a “we’re too far away to be hacked” mentality, but rather a lackluster approach to software:
“Software is just the cream on top that enables the real power of the hardware. So let’s have our hardware engineers do the software as a side exercise. Surely it can’t be that hard.”
Then you get hardware engineers, most of whom are fucking stupid in terms of SW development, writing flight software.
acargitzMy understanding is that in space systems, generally robustness trumps everything else, so old stable versions of everything are preferred. So it’s generally a very conservative software stack and process.
generally robustness trumps everything else
Theoretically
So it’s generally a very conservative software stack and process.
Yes, but that sort of process promotes non-adoption of techniques and processes that could increase robustness but are shunned due to pessimistic conservativeness
Yeah a fair bit of that too!
Ah yes, assuming experience in your field basically translates to every other field. A tale as old as time.
No, we tape it to the table, duh. But it’s annoying when the tape covers the spacebar!
How quickly could a radio wave get to Earth orbit? Three minutes? Nah, it’s fine. /s