A new study introduces SpyChain, a framework that exposes how unverified commercial off-the-shelf components in small satellites can be exploited for persistent, multi-stage cyberattacks, reports Security Affairs.Using NASA's NOS3 simulator, researchers demonstrated five escalating attack scenarios, from single timed triggers to multi-module malware activated by GPS data, that quietly exfiltrate mission telemetry once satellites reach orbit.The team showed that malicious hardware could remain dormant during testing, using only legitimate system calls and telemetry channels to evade detection. The study warns that compromised parts could allow espionage or sabotage while appearing to operate normally, a threat compounded by weak authentication and poor runtime monitoring in current satellite systems.Researchers recommend strict inter-component access control, syscall restrictions, and "zero-trust" supply-chain verification. Their findings, shared with NASA, underscore how the growing reliance on modular COTS technology could turn the space sector's efficiency into a major cybersecurity liability.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds