Hackers Breached US Air Force Satellite

This year’s Hack-A-Sat competition challenged teams to hack into an actual satellite in orbit. The US Air Force Moonlighter, which was launched especially for the event, was the first real satellite the hackers were permitted to target.

The Aerospace Corporation and the U.S. Air Force Research Laboratory developed the small cubesat known as Moonlighter, launched on June 5, 2023, on a SpaceX Falcon 9 rocket alongside a cargo payload for the International Space Station. 

Five teams participated in the challenge, with “mHACKeroni,” a team of five Italian cyber research firms members, taking first place this year. $50,000 was awarded for first place. 

Poland Can Into Space, a cyber research team, took second place and received $30,000. In addition, the combined British-American team “jmp fs:[rcx]” took third place and received $20,000.

Target Given to the Team

Teams were given the goal of breaking into Moonlighter to bypass the satellite’s limitations on the types of targets it may view on the ground, command it to snap a photograph of that target, and then download the picture to a ground station.

According to information shared with Cyber Security News, one significant obstacle was that the Moonlighter wasn’t always accessible. 

The satellite only had a limited number of open windows during the competition to download or upload files, telemetry, and scripts depending on where it was in orbit.

Since the CTF operates under real-world circumstances, even the CTF runners occasionally fail to establish a connection during the designated contact windows.

The U.S. Air Force and U.S. Space Force’s Space Systems Command strive to find vulnerabilities that may be utilized to enhance the security of satellite systems overhead by organizing competitions like Hack-A-Sat.

The Moonlighter cubesat used in this year’s Hack-A-Sat competition. (Image credit: Aerospace Corporation)

The five teams who proceeded to the Vegas finals defeated hundreds of other teams with thousands of players on them.

Capt. Kevin Bernert of the U.S. Space Force revealed during the announcement that the Hack-A-Sat organizers were still gathering data from the Moonlighter, so the crew congregated in an emergency stairway before relocating to a hotel room to connect to the Moonlighter and gather data to establish the final results.

The CTF host at Hack-A-Sat and the developer of the reverse engineering program Binary Ninja, Jordan Wiens, started to reveal the winners.

Weins announced, “Congratulations to team mHACKeron. Making it here at all is really impressive.”

According to their profile, mHACKeroni is made up of 60 members from Italy who represent the academic community and won both bragging rights and prize money.

“We are so proud of the entire Hack-A-Sat effort, and particularly the development of Moonlighter as the first and only hacking sandbox in space,” Col. Neal Roach of Space Systems Command said in a statement.

“Hack-A-Sat has raised public awareness on the importance of space cybersecurity and has helped to strengthen the industry, security, and government partnership that we need to build more resilient space systems that will keep our nation and our world secure.”

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.