Table of Contents
Fetching ...

Unencrypted Flying Objects: Security Lessons from University Small Satellite Developers and Their Code

Rachel McAmis, Gregor Haas, Mattea Sim, David Kohlbrenner, Tadayoshi Kohno

TL;DR

This work addresses the security gaps in university small satellites by combining qualitative interviews with university satellite club leaders and a hands-on code audit of open-source repositories. It reveals wide variation in security practices, with all studied clubs exposing some vulnerability surface and many lacking robust authentication or encryption in their ground-to-space interfaces. The authors synthesize barriers—time, resources, risk perception, and regulatory concerns—and offer concrete recommendations, including open-source security tools, lightweight threat modeling, and third-party oversight to improve smallsat security without compromising the educational value. The study provides practical implications for both academia and industry, highlighting how targeted tooling and policy support can elevate security across resource-constrained space programs while maintaining reliability and educational goals.

Abstract

Satellites face a multitude of security risks that set them apart from hardware on Earth. Small satellites may face additional challenges, as they are often developed on a budget and by amateur organizations or universities that do not consider security. We explore the security practices and preferences of small satellite teams, particularly university satellite teams, to understand what barriers exist to building satellites securely. We interviewed 8 university satellite club leaders across 4 clubs in the U.S. and perform a code audit of 3 of these clubs' code repositories. We find that security practices vary widely across teams, but all teams studied had vulnerabilities available to an unprivileged, ground-based attacker. Participants foresee many risks of unsecured small satellites and indicate security shortcomings in industry and government. Lastly, we identify a set of considerations for how to build future small satellites securely, in amateur organizations and beyond.

Unencrypted Flying Objects: Security Lessons from University Small Satellite Developers and Their Code

TL;DR

This work addresses the security gaps in university small satellites by combining qualitative interviews with university satellite club leaders and a hands-on code audit of open-source repositories. It reveals wide variation in security practices, with all studied clubs exposing some vulnerability surface and many lacking robust authentication or encryption in their ground-to-space interfaces. The authors synthesize barriers—time, resources, risk perception, and regulatory concerns—and offer concrete recommendations, including open-source security tools, lightweight threat modeling, and third-party oversight to improve smallsat security without compromising the educational value. The study provides practical implications for both academia and industry, highlighting how targeted tooling and policy support can elevate security across resource-constrained space programs while maintaining reliability and educational goals.

Abstract

Satellites face a multitude of security risks that set them apart from hardware on Earth. Small satellites may face additional challenges, as they are often developed on a budget and by amateur organizations or universities that do not consider security. We explore the security practices and preferences of small satellite teams, particularly university satellite teams, to understand what barriers exist to building satellites securely. We interviewed 8 university satellite club leaders across 4 clubs in the U.S. and perform a code audit of 3 of these clubs' code repositories. We find that security practices vary widely across teams, but all teams studied had vulnerabilities available to an unprivileged, ground-based attacker. Participants foresee many risks of unsecured small satellites and indicate security shortcomings in industry and government. Lastly, we identify a set of considerations for how to build future small satellites securely, in amateur organizations and beyond.
Paper Structure (47 sections, 2 figures, 10 tables)

This paper contains 47 sections, 2 figures, 10 tables.

Figures (2)

  • Figure 1: Overview of components in a generic smallsat. Ground station communicates with the satellite radio (comms). The flight computer communicates with all subcomponents, including power, ADCS, the satellite's payload, and comms.
  • Figure 2: Satellite A state transition diagram. The satellite can only flash during the IDLE_FLASH state, which is only reachable after a wait period of 26 orbits for safety reasons. State names correspond closely with satellite actions taken during those states, except for HELLO_WORLD which acts simply as an idle state. The LOW_POWER state is activated any time the satellite detects that the battery levels are too low.