In the past, due to the high costs of satellite manufacturing, design, and launch, as well as regulatory restrictions, satellite research and production were closely linked to government agencies, research institutions, and military defense. In recent years, with the small size and light weight of small satellites, the widespread use of commercial components, and the significant reduction in satellite launch costs, the development and extensive use of small satellites have emerged. As a result, there has been a substantial increase in projects involving self-developed open-source satellite protocols and DIY small satellites. This article will share classic vulnerabilities from past satellite-related attacks and discuss new security vulnerabilities in open-source satellite protocols.
The case studies include three vulnerabilities related to CAN bus transmission in the open-source library SPACECAN, which is used for internal satellite communication in the LibreCube project, an open-source satellite project. It also covers issues with libcsp, an open-source satellite communication protocol with a 10-year history that has been used by several satellites, including those of the European Space Agency (ESA). Additionally, the article includes a special case study of a ground station-like system, analyzing the process and implications of achieving remote code execution (RCE) and affecting satellites.