Cyber Diner Podcast - Episode 1
Penetration Testing and Space Vulnerabilities w/ Eric Escobar
One of the most effective methods of improving cybersecurity is through penetration testing. Eric Escobar, principal consultant at SecureWorks and three-time Capture-the-Flag champion at DEF CON, describes his journey into cybersecurity, the ins and outs of penetration testing, and the implications of space technology growth for security in space-based systems.
Erics Journey into the world of Hacking
- Attended Cal Poly, SLO for Civil Engineering
- First learned computer skills in engineering classes and practiced them with his roommate in the dorms
- Successfully hacked into the WiFi at his friend’s Dad’s work in order to play Halo, his friend’s Dad, a security lead in Silicon Valley, decided to give him a shot.
Eric’s experience with Pen Testing
- Spends roughly equal time hacking and reporting bugs on the phone and via email, interfacing with clients and recommending solutions for CVEs
- Works primarily with large, enterprise companies, universities, etc.
- Has hacked in almost every single industry you can think of
Security in Space
- Costs run high for even the smallest satellite launches, and security has to be accounted on beforehand.
- Sometimes engineers have to make trade offs between stability and security.
- Timelines on developing space craft are years long, and when exploits are found they can be very costly.
- As hardware becomes cheaper, a whole ecosystem of space activity will start to open up.
- Facing faster launch times, satellite-builders have to make sure the supply chain is secure and the ground networks are secure.
- It’s a miracle that anything works at all!
- Starlink is making 60 satellite-launches look routine, and numbers will increase in space.
- Attack surface increases with more satellites in space, and now hackers have easier access to space transmissions.
Vulnerabilities In Space Systems
- Encryption can be expensive, and the energy and cost is often times spent elsewhere, so it is not uncommon for satellite communications to be left unencrypted
- A thesis states that cosmic particles have potential to flip bits in satellite memory. At scale, there is a theoretical possibility to relay an exploit with a domain that would only be accessible if the right bit were flipped by a cosmic event.
- Throw a hacker on your team who can apply the mindset of “how would I break this?” from the beginning of development.
Mentioned in the Show:
- Talking to Satellites Talk - DEF CON Safe Mode Aerospace Village
- Space & Cybersecurity Symposium
- Cal Poly SmallSat Encryption Device
- Cosmic Radiation Flipping Bits Article
Learn to be Like Eric: