Cyber Diner Podcast - Episode 1

Penetration Testing and Space Vulnerabilities w/ Eric Escobar

One of the most effective methods of improving cybersecurity is through penetration testing. Eric Escobar, principal consultant at SecureWorks and three-time Capture-the-Flag champion at DEF CON, describes his journey into cybersecurity, the ins and outs of penetration testing, and the implications of space technology growth for security in space-based systems.

Watch on YouTube

Erics Journey into the world of Hacking

• Attended Cal Poly, SLO for Civil Engineering
• First learned computer skills in engineering classes and practiced them with his roommate in the dorms
• Successfully hacked into the WiFi at his friend’s Dad’s work in order to play Halo, his friend’s Dad, a security lead in Silicon Valley, decided to give him a shot.

Eric’s experience with Pen Testing

• Spends roughly equal time hacking and reporting bugs on the phone and via email, interfacing with clients and recommending solutions for CVEs
• Works primarily with large, enterprise companies, universities, etc.
• Has hacked in almost every single industry you can think of

Security in Space

• Costs run high for even the smallest satellite launches, and security has to be accounted on beforehand.
• Sometimes engineers have to make trade offs between stability and security.
• Timelines on developing space craft are years long, and when exploits are found they can be very costly.
• As hardware becomes cheaper, a whole ecosystem of space activity will start to open up.
• Facing faster launch times, satellite-builders have to make sure the supply chain is secure and the ground networks are secure.
• It’s a miracle that anything works at all!

Space-based Internet

• Starlink is making 60 satellite-launches look routine, and numbers will increase in space.
• Attack surface increases with more satellites in space, and now hackers have easier access to space transmissions.

Vulnerabilities In Space Systems

• Encryption can be expensive, and the energy and cost is often times spent elsewhere, so it is not uncommon for satellite communications to be left unencrypted
• A thesis states that cosmic particles have potential to flip bits in satellite memory. At scale, there is a theoretical possibility to relay an exploit with a domain that would only be accessible if the right bit were flipped by a cosmic event.

Eric’s Recommendation

• Throw a hacker on your team who can apply the mindset of “how would I break this?” from the beginning of development.

Mentioned in the Show:

• Talking to Satellites Talk - DEF CON Safe Mode Aerospace Village
• Space & Cybersecurity Symposium
• Cal Poly SmallSat Encryption Device
• Cosmic Radiation Flipping Bits Article

Learn to be Like Eric:

• Learning to code
• Intermediate code
• Hacking 101