Leading the charge were \u00a0Andrzej Olchawa\u00a0 and \u00a0Milenko Starcik\u00a0, cybersecurity experts from \u00a0Visionspace\u00a0, who approached open-source software with the mindset of an adversary. Within just a few hours, they uncovered a staggering \u00a037 vulnerabilities\u00a0 that could potentially manipulate critical systems in controlled environments. Their proactive collaboration with developers allowed for timely patches of the software before the dissemination of their findings.<\/p>\n
![\"Antennas\"](\"https:\/\/teknomers.com\/en\/wp-content\/uploads\/2025\/09\/Some-of-the-most-advanced-satellites-in-the-world-appeared.jpeg\"\/)
\n <\/div>\n<\/div>\n
The \u00a0Core Flight System (CFS)\u00a0 is crucial for NASA missions, yet exploiting its vulnerabilities is not straightforward. Doing so would require \u00a0physical proximity to a land station\u00a0 and the capability to operate at frequencies designated for space communications. Nonetheless, researchers caution that a state actor with the required resources could feasibly execute such attacks. Their demonstrations illustrated how a sufficiently capable organization could send unauthorized commands, thereby altering satellite behavior.<\/p>\n
The \u00a0Yamcs\u00a0, however, presents a different scenario. Attackers could easily infiltrate this system with a successful \u00a0phishing campaign\u00a0, enabling them to upload malicious configurations to the control center. This vector not only allows arbitrary commands but also facilitates file alterations from any location with an Internet connection, broadening the attack surface significantly.<\/p>\n
![\"Asteroid](\"https:\/\/teknomers.com\/en\/wp-content\/uploads\/2025\/09\/1757577484_944_Some-of-the-most-advanced-satellites-in-the-world-appeared.jpeg\"\/)
\n <\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/div>\nDuring his talk at \u00a0Black Hat USA 2025\u00a0, Olchawa provided deeper insights into the vulnerabilities they exploited. He emphasized that \u00a0all maneuvers were conducted in simulated environments\u00a0, ensuring that no real satellites were jeopardized. This context is vital for understanding the potential risks that exist, especially for actors with the requisite expertise and access to systems.<\/p>\n
“In some cases, we were able to send arbitrary commands to the satellites through the mission control system. In others, we managed to take control of the entire control center,” Olchawa explained. “If you can send commands to the satellite, it’s possible to execute remote code directly.”<\/p><\/blockquote>\n
The security landscape has transformed considerably; previously, private networks and localized stations were the norm, but now we face \u00a0cloud services\u00a0, \u00a0remote control\u00a0, and \u00a0home connections\u00a0. According to researchers, this evolution exponentially increases attack possibilities, thus making once-theoretical vulnerabilities immediate concerns. A case that underscores this alarm is the \u00a02022 attack on Viasat\u00a0, which disrupted thousands of users and coincided with the onset of the Ukraine conflict, indicating that space systems are not immune to global turmoil.<\/p>\n
Fortunately, timely updates have addressed vulnerabilities in open projects, mitigating the risks highlighted in the laboratory tests. Nonetheless, a critical challenge remains: \u00a0closed systems\u00a0 are less accessible for external experts to evaluate, complicating the review process and raising security concerns.<\/p>\n
As we traverse further into \u00a0space technology\u00a0, safeguarding our satellites against vulnerabilities must become a priority. Continuous vigilance, thorough assessments, and proactive collaborations can help us prevent potential crises before they escalate into headlines.<\/p>\n