Tobias Scharnowski, Felix Buchmann, Simon Woerner, Thorsten Holz

Presenter: Tobias Scharnowski

Satellites perform key functions of our modern digital infrastructure such as providing communications, navigation, and earth observation services. As maintaining a satellite requires remote access, securing that access is an important aspect of developing and operating a satellite.

While satellites have traditionally not been subjected to regular attacks, the same may not hold in the future. Hence, it becomes increasingly relevant to the community to secure satellite firmware, the software that controls the space segment of satellite missions. In this work, we perform a case study of applying recent embedded firmware analysis techniques to satellite payload data handling systems. We explore whether Fuzzware, a recent firmware fuzz testing system, is applicable to these firmware images. During this, we also describe and apply the process of manually optimizing Fuzzware configurations for firmware targets, and measure the impact of different optimizations. Finally, we identify challenging aspects of fuzz testing satellite firmware and directions for future work to optimize fuzz testing performance in a fully automated manner. As part of our case study, we identified and responsibly disclosed 6 bugs in 3 satellite firmware images.

View More Papers

“I didn't click”: What users say when reporting phishing

Nikolas Pilavakis, Adam Jenkins, Nadin Kokciyan, Kami Vaniea (University of Edinburgh)

Read More

Evasion Attacks and Defenses on Smart Home Physical Event...

Muslum Ozgur Ozmen (Purdue University), Ruoyu Song (Purdue University), Habiba Farrukh (Purdue University), Z. Berkay Celik (Purdue University)

Read More

Securing Federated Sensitive Topic Classification against Poisoning Attacks

Tianyue Chu (IMDEA Networks Institute), Alvaro Garcia-Recuero (IMDEA Networks Institute), Costas Iordanou (Cyprus University of Technology), Georgios Smaragdakis (TU Delft),...

Read More

Adventures in Wonderland: Automotive Cyber beyond the CAN Bus

Michael Westra (In-Vehicle Cyber Security Technical Manager, Ford)

Read More