Hypothetical Attacks
Denial of service
- Jam uplink
- White noise at frequency. Requires directed antenna.
- Overpower uplink
- (Captain Midnight HBO attack). Can be done with transportable.
Power limited. Uplink equipment now contains ID coding.
- Jam downlink
- Requires very low power. Difficult to detect, especially if
intermittent.
Orbital positioning
- Ranging transponder spoofing
- Multiple ground stations triangulate satellite position using a
series of tones sent to a transponder. Ground stations observe
phase differentials. Ground or airborne spoofer could transmit
false responses, resulting in incorrect orbit determination.
- Direct commanding
- Preparation and delivery of telecommand queue.
- Command replay
- Record outbound telecommmand queue from TT&C facility. Replay
later to initiate duplicate action.
- Insertion after confirmation but prior to execution
- OC formulates telecommand queue and sends to TT&C.
TT&C uplinks and receives readback, which it returns to OC.
If readback is correct, IOC waits for proper time to execute.
Channel is vulnerable to update during this period - new
telecommand queue may be uploaded prior to authenticated execute.
Takeover of spare Inmarsat (AOR East and West, POR, IOR)
Spare satellites are not always tracked by TT&C. "Available"
for movement and/or use, especially over AOR.