Hack the Mars rover (fwd)

Dave Emery die at pig.die.com
Sun Jul 6 15:06:09 PDT 1997 


Jim Choate wrote :

> Forwarded message:
> 
> > Date: Sun, 6 Jul 1997 06:43:06 -0400 (edt)
> > From: Ryan Anderson <randerso at ece.eng.wayne.edu>
> > Subject: Re: Hack the Mars rover
> 
> 
> The place to attack is the up-link. This requires physical access (ie a van
> with a dish and xmtr.) as well as a means to crack the encryption on the
> control channels. At least one French satellite has been cracked and
> de-orbited via a network attack.
> 
> > Besides, how much encryption is needed between two points if intercepting
> > the traffic is expensive, the communications protocol is undocumented (as
> > far as anyone outside NASA is concerned), and the actual frequency is also
> > hard to find? 
> 
> The communications are not only documented but easily observable with the
> correct commercialy available equipment. The frequencies are a matter of
> public record, I would further bet that 5 minutes with a search engine would
> bring that data to light...

	Two very imprtant points.   The space path loss to and from Mars
is very large.  So a very large dish is required to have sufficient G/T
to see readable data.  Most NASA deep space stations use 85 foot dishes
and some also have 300 footers.   Without that kind of antenna gain one
is not going to see anything at all, and without that kind of gain on
the command uplink as well as a multi KW high power microwave amplifier
to feed the dish one is not going to be able to put enough signal into
Mars to do anything.

	There are essentially no 85 foot or larger dishes in the hands
of anyone who might be attempting to hack a NASA spacecraft.   Such an
antenna is simply not your back yard satellite dish....  they cost more
than a million dollars and are major construction projects.

	The second point is that the NSA has been supplying space
hardened crypto chips and related ground equipment to every US satellite
manufacturer and operator for at least the last 15 years for use in
protecting the command uplinks against unauthorized access.   One can be
quite sure that NASA has used these, or if they haven't has good reason
to believe they don't have to.

	The attack that is barely conceivable is for some cracker to
break into a NASA terrestrial communications link associated with the
Deep Space Network (some links use satellite communications for example
and others microwave links) and access the command uplink systems of a
NASA DSN site.  Whether they have fully secured all of these against
such attack is unclear.  Obviously good old secret key encryption would
work here, and there certainly is a lot of command validation done at
the uplink before the command is sent, so whoever was doing this would
have to have great in-depth knowlage of the command uplink system and
the spacecraft itself.

	And finally, demodulating the downlinks and recovering
information from them is relatively easily accomplished once the hard
part  (obtaining the G/T required) is somehow handled.  NASA tends to
use very straightforward modulations and FEC and does not encrypt the
downlinks.   And a fair amount of detail about the data formats is
publicly available.

							Dave Emery
							die at die.com
							Weston, Mass.

More information about the cypherpunks-legacy mailing list