Tobias Scharnowski, Felix Buchmann, Simon Woerner, Thorsten Holz Presenter: Tobias Scharnowski
Satellites perform key functions of our modern digital infrastructure such as providing communications, navigation, and earth observation services. As maintaining a satellite requires remote access, securing that access is an important aspect of developing and operating a satellite.
While satellites have traditionally not been subjected to regular attacks, the same may not hold in the future. Hence, it becomes increasingly relevant to the community to secure satellite firmware, the software that controls the space segment of satellite missions. In this work, we perform a case study of applying recent embedded firmware analysis techniques to satellite payload data handling systems. We explore whether Fuzzware, a recent firmware fuzz testing system, is applicable to these firmware images. During this, we also describe and apply the process of manually optimizing Fuzzware configurations for firmware targets, and measure the impact of different optimizations. Finally, we identify challenging aspects of fuzz testing satellite firmware and directions for future work to optimize fuzz testing performance in a fully automated manner. As part of our case study, we identified and responsibly disclosed 6 bugs in 3 satellite firmware images.