Satellite safecrackers

Hack-A-Sat competition helps strengthen cybersecurity in space

Why it matters: The competition, sponsored by the U.S. Space Force and Air Force Research Lab, helps improve the cybersecurity of Defense Department satellites. This year, for the first time, hackers targeted a live satellite in orbit, launched specifically for the competition.

Details: The jmp:fs[rcx] team hacked into a real-world satellite called Moonlighter during the two-day competition at DEF CON 2023, the annual August hacker convention in Las Vegas. The 30-member team included current and former RTX employees. Some were members of PFS, the team that won the inaugural competition in 2020.

The jmp:fs[rcx] team won $20,000 during this year’s Hack-A-Sat 4. The team’s name is a combination of RCX and PFS. RCX is shorthand for Raytheon Cyber Offense & Defense Experts, or CODEX. Team members pointed out that jmp:fs[rcx] is also a valid X64 assembly instruction.

The big picture: Hack-A-Sat is an innovative way for the government to bolster its cyber defenses by allowing hackers to demonstrate their skills and identify vulnerabilities in satellite systems. The first-place team was mHACKeroni, a group consisting of members of five Italian cyber research teams.

The second-place team was Poland Can Into Space, created by Polish cyber researchers joined by members from Ireland and Germany.

Between the lines: The Hack-A-Sat contest isn’t just about winning prizes and bragging rights; it’s about improving satellite cybersecurity and building more resilient space systems. By hosting such competitions, the U.S. Air Force and U.S. Space Force’s Space Systems Command aim to spot weaknesses to enhance satellite security.

Zoom in: Teams tackled nine challenges, seven of which required hacking into the toaster-sized Moonlighter cubesat, which orbits the Earth at about 5 miles per second. Some of the challenges included forcing the satellite to take a picture of a ground target of the team’s choice and bypassing the satellite’s blocks on imaging certain areas.

Communicating with the satellite was tough, as teams only had short windows of opportunity when it flew over their ground stations. They also had to use their skills in spacecraft operations, radio frequency communications and reverse engineering.

The five teams in the finals advanced from a field of nearly 700 that competed in a qualifying round in April 2023.

What we’re hearing: “Satellites are critical for our national and global security, as they provide us with vital capabilities such as surveillance, reconnaissance and communications,” said Tylor Childers, PFS captain and a Raytheon CODEX cyber engineer. “They also help us learn about our world by helping us predict the weather, keep an eye on the environment and find our way around, using GPS navigation.

“That’s why we need to constantly test and improve their cybersecurity. That’s what Hack-A-Sat is all about.”

Bottom line: The success of jmp:fs[rcx] and other teams in this year’s Hack-A-Sat competition demonstrates the vital role of public-private collaboration in securing space systems.

What’s next: The U.S. government is investing in research and development to build a more secure space infrastructure, and this year’s findings will guide future security measures.