Tobias Scharnowski and Felix Buchmann (Ruhr-Universitat Bochum), Simon Woerner and Thorsten Holz (CISPA Helmholtz Center for Information Security)

Presenter: Tobias Scharnowski

Satellites perform critical functions of our modern digital infrastructure, such as providing communications, navigation, and earth observation services. Maintaining a satellite requires remote access, so securing that access is an essential aspect of developing and operating a satellite. While satellites have traditionally not been subjected to regular attacks, this might not hold in the future. Hence, securing satellite firmware—the software that controls the space segment of satellite missions— becomes increasingly relevant.

In this work, we perform a case study of applying recent embedded firmware analysis techniques to satellite payload data handling systems. We explore whether FUZZWARE, a state-of-the-art firmware fuzz testing system, can be used to these firmware images. During this case study, we also describe and apply the process of manually optimizing FUZZWARE configurations for firmware targets, and measure the impact of different optimizations. Finally, we identify challenging aspects of fuzz testing satellite firmware and directions for future work to optimize fuzz testing performance in a fully automated manner. As part of our case study, we identified and responsibly disclosed 6 bugs in 3 satellite firmware images.

View More Papers

ProbFlow : Using Probabilistic Programming in Anonymous Communication Networks

Hussein Darir (University of Illinois Urbana-Champaign), Geir Dullerud (University of Illinois Urbana-Champaign), Nikita Borisov (University of Illinois Urbana-Champaign)

Read More

Sticky Fingers: Resilience of Satellite Fingerprinting against Jamming Attacks

Joshua Smailes (University of Oxford), Edd Salkield (University of Oxford), Sebastian Köhler (University of Oxford), Simon Birnbach (University of Oxford), Martin Strohmeier (Cyber-Defence Campus, armasuisse S+T), Ivan Martinovic (University of Oxford)

Read More

Location Spoofing Attacks on Autonomous Fleets

Jinghan Yang, Andew Estornell, Yevgeniy Vorobeychik (Washington University in St. Louis)

Read More

MetaWave: Attacking mmWave Sensing with Meta-material-enhanced Tags

Xingyu Chen (University of Colorado Denver), Zhengxiong Li (University of Colorado Denver), Baicheng Chen (University of California San Diego), Yi Zhu (SUNY at Buffalo), Chris Xiaoxuan Lu (University of Edinburgh), Zhengyu Peng (Aptiv), Feng Lin (Zhejiang University), Wenyao Xu (SUNY Buffalo), Kui Ren (Zhejiang University), Chunming Qiao (SUNY at Buffalo)

Read More