David Brown August 11, 2022 1:46 PM

I was a bit alarmed to read all of the companies sending up their own constellations of satellites. What if they crash into each other and scatter debris all over the place?

On the upside, if there are enough satellites up there, they will shade out the sun and reverse global heating.

Clive Robinson August 11, 2022 2:07 PM

@ ALL,

Some of these attacks “seem obvious” especially as they “keep hapening”.

But there is a reason behind this that we all should consider when building what is new technology starting from down below what some would consider the “physical layer” in the computing and communications stacks.

I’ve talked about “Fault Injection Attacks”(FI) in the past on this blog and started doing EMFI on 8bit CMOS processors back in the early 1980’s[1].

The problem is that if an attacker can inject a signal at a time of their chosing then they can flip a software branch, or reduce the entropy of a True Random Number Generator to next to nothing.

Few hardware engineers have any real experience in FI attacks, and they can be close to impossible to stop without a full system redesign with costly additions.

Any one who has been taught TEMPEST basics will know that active electronics radiate signals on which confidential information can be impressed or modulated and travel sizable distances.

What should be obvious to RF Design enginers is that there is the basic laws of physics “symmetry” at play. That is one of the first things you learn about antennas is that,

“They are reciprocal in most cases”

That is if they cause “emissions” they are also “susceptible” to EM fields. Almost the second thing you learn is,

“Every wire and PCB trace is an antenna.”

And you should design accordingly.

Unfortunately most design engineers do not… The way they work is to come up with the simplest system they can that sort of functions, fit it out with a test harness and then incremently build the system.

That is as I’ve pointed out in the past the way you go about building secure systems where you have a reasonable expectation it’s going to be attacked.

What is not mentioned in the Wired article and should be is why you should never run code from RAM only Masked ROM (which has issues of it’s own[2]). If there is any way the code can be changed, then an attacker with access can find a way to do so, which means there is NO real security in the system.

The second big mistake made by designers is “loading into RAM”. Whilst you can put all sorts of superficial security around loading code such as cryptographic signing, it’s fairly pointless in most cases.

The reason being is the incorrect assumption that once loaded it does bot need to be checked because other OS protection mechanisms will stop it being changed…

As assumotions go it’s a fairly large pile of bovine scat.

Anyone who knows anything about “RowHammer” should know that,

“RAM Contents Can not be Trusted”

As any bubbling up attack will work to far down the computing stack to be stopped. RowHammer and derivatives are in of themselves a form of “glitching attack”…

Oh and do not think that “tagging memory” or adding “Error Correcting Code”(ECC) circuitry will work either. It might make it harder but it’s not going to stop it.

Back a decade or so back when discussing “Castles-v-Prisons” I pointed this out and indicated that there was only two things you could do,

1, Encrypt RAM contents via the CPU memory interface.
2, Halt the CPU and with a second hypervisor state machine, walk the CPU executable memory space every few seconds or faster.

Thus depending on how often you walked the memory you had a certain probability of catching any changes in the code in RAM. Do it to infrequently and you could be “fast cracked” to fast and your resources would be taken up. Hence I named it “Probabilistic Security”.

To design a secure hardware system that will be in an attackers hands as standard and your probability of detecting there attack develipment is low needs a special mind set.

Which is why you also need a “health signal” to be sent out. That is your protection mechanisms actually use signalling from some other part of the system an attacker does not have access to. I won’t go into details but consider it a “challenge response” system that has “proof of integrity” testing an attacker can not predict or falsify.

[1] It came about from testing “Remote Telemetry Units”(RTU) for RF susceptability when VHF or UHF mobile radios were mounted inside the units. Put simply if you stuck the “Rubber Duck” antenna of a walkie-talky close to the CPU or it’s PCB signal traces and “keyed-up” quite often the CPU would “Go for a walk in the park” or just lockup untill the “Brown-out” detector timed out and triggered a reset (if it to had not been locked up by the EM radiation). As I’ve mentioned I went on to modulate the EM carrier in controled ways to reliably trigger a particular fault. I did not make myself popular when I showed that such attacks against “Electronic Wallets”(Mondex) and Pocket Gambling devices (a branch of Casinos) could be profitably attacked to their designers…

[2] If your code can only execute from ROM that can not be changed, you had better make sure that,

1, It’s error free.
2, It’s complete.

Because the price of security is not being able to change it, thus there can be no “patching” or “upgrading”. Something “Embedded Systems” designers who had to use “Masked ROM” parts back befor the late 1990’s were only to aware of. The advent of “Flash ROM” was a disaster for security in two ways,

1, It was easy for an attacker to change.
2, Becsuse it was easy to change there was no real insentive for software engineers to have their code anywhere near being “error free” or “compleate”.

pup vas August 11, 2022 2:56 PM

Hacking satellite and/or gateway looks more productive. If hacking terminal could really simplify such hacking then it is valuable.

Zaphod August 11, 2022 3:11 PM

@David Brown

Agreed – any ‘global heating’, which has not been measured in any reliable way in the recent past btw, will be due to Solar output and not due to mankind’s activities.

Q August 11, 2022 6:39 PM

My understanding is that you buy the device. So it is yours, and you can “hack” it as much as you want. Don’t let some remote company control it.

It should be the norm to have people do whatever they want with their stuff.

It should be forbidden for companies to retain control of things they sold to customers.

We get the excuse that “it is for security”. The problem being it isn’t your security they are talking about.

Clive Robinson August 11, 2022 8:03 PM

@ Q, ALL,

“So it is yours, and you can “hack” it as much as you want.”

Sorry no you can not when it comes to “shared usage” of a fixed resource.

And it’s not a case of,

“Don’t let some remote company control it.”

It’s the legislation and regulation control the FCC has over the “Over the air”(OTA) interface.

And in the case of satellite communications the FCC is also responsible to the UN Security Council via the ITU to ensure equipment stays within regulatory norms.

Q August 11, 2022 8:18 PM

“Sorry no you can not when it comes to “shared usage” of a fixed resource.”

It doesn’t matter. There are laws to govern that. If you hack it to operate illegally then you get consequences. It doesn’t require a company to be in control of everything, individuals can control it exactly the same.

Stop with the support of expecting companies to control our lives. Fuck them, they don’t deserve our slavery (which they pretend is “loyalty”). They got money for whatever it is they sold, that’s all they get, they don’t then get a pass to track/monitor/manipulate/control me or my stuff.

anon August 11, 2022 9:02 PM

“It’s the legislation and regulation control the FCC has over the “Over the air”(OTA) interface.”

Except when the satellites are above every other country…

John August 12, 2022 2:48 AM


As “shared usage of a fixed resource” [radio frequencies] becomes more and more common, limiting ‘regulations’ become more and more irrelevant!!

Hams can use 1000 watts on some WIFI frequencies!


wiredog August 12, 2022 5:30 AM

Wi-Fi is on unregulated frequencies. Ham radios, microwaves, all sorts of stuff there.

Givon Zirkind August 12, 2022 9:01 AM

@Q @Clive Responsibility can be bandied back & forth. The device is yours. You are responsible for it’s effects (jamming frequencies, etc.). However, if it isn’t working according to specs and you didn’t alter it, the manufacturer shares the responsibility. But, if you don’t alter it, that responsibility is now yours. Think walkie-talkies, which have been around for a while.

I would conjecture, if this were a serious hack, the Russians would be exploiting it. They have been trying for quite some time to hack in, monitor & disrupt StarLink’s network, especially now with the war on and the official word is the network is secure. Of course, that is company blustering.

Clive Robinson August 12, 2022 9:13 AM

@ John, Wiredog,

Hams can use 1000 watts on some WIFI frequencies!

You actually have it the wrong way around…

“Due to differences in ITU region allcoations, some WiFi channels were incorrectly assigned to Ham Bands”

Whilst the WiFi usage was technically unlawfull and caused the FCC a lot of head aches a few years back[1] because equipment manufactures made their equipment cover all channels and used easily avoidable “software lock out” of the channels not lawfully available in certain regions. The problem was way to many people used WiFi so the unlawful channels got used regardless.

So those channels in the ham bands where hams are the primary users, became used de facto and the FCC just looked the other way untill the problem was so bad they had no choice but to accept the reality.

Ham’s by and large are not flag waving drum banging “you can take my allocation from my cold dead hand” types so have accepted the reality as well. Which is unfortunate because certain telecoms orgabisations are grabbing large chunks of other Ham bands at ITU decision making conferances.

So what you should say is,

“Unlawfull WiFi use is happening in radio spectrum allocated to Amateur Radio Operators who’s licence conditions alow them to use upto 30dBW ‘Effective Radiated Power'(ERP).”

[1] The Open Source Wireless Router project had information on the outrage their users felt about the FCC proposal to force manufacture to use hard lockouts.

The same problem happened just a couple of years back with the ultra cheap Chinese hand held Radios known as “UV5’s” after the Baofeng UV5R and copies that would work –badly– from the top of the VHF Air Band up to and through the low PMR, Amateur 2meter Band high PMR and up into the VHF marine bands, with some going up through the US Amateur 220Mhz band if not to the bottom of the UHF band. With UHF coverage up towards or beyond 500Mhz…

The FCC does not approve such equipment and when “SHFT Preppers” were buying up thes ~$30 units by the bucket load and using them on any frequency they wabted… The likes of First Responders got significantly upset.

The real problem that none of the worlds spectrum regularion authorities like the FCC want to talk about is the ~$200 “Software Defined Radios”(SDR) that can not only receive all types of modulation from as low as 0.05Mhz all the way to 6000Mhz and beyond but also transmit in all modulation modes with 10-30dBm output.

Google, Analog Devices “Adalm pluto”, Great Scott Gadgets “HackRF One” or Lime Microsystems “LimeSDR” or just look down the list of links for the supported devices on this page,


Getting say 10mW out of a LimeSDR upto 1kW is not very difficult, especially if you have a little hunt on EBay for “scrapped” broadband linear UHF or Microwave PA’s from Mobile Phone or TV Broadcast upgrades.

Oh just a few of the myriad of SDR projects people are Hacking Up,


1984 ish August 12, 2022 2:00 PM

picture crap is from early 80s yawn

replays are so so so…

nothing like a good couch and a good .

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.