Black Hat USA 2025 | Burning, Trashing, Spacecraft Crashing

The Black Hat USA 2025 session, led by Mileno Star and Andre of Vision Space, highlighted the growing cyber‑risk landscape for space systems. With commercial constellations such as Starlink and OneWeb proliferating alongside renewed military satellite launches, the orbital environment now presents a massive, high‑value attack surface that was largely absent during the Cold War era.

The presenters traced the evolution of research from early hobbyist satellite hacks to the 2022 Viasat incident, emphasizing that legacy mission‑control software—YAMCs, NASA’s Open MCT, OpenC3, and the Core Flight System (CFS)—was never built with zero‑trust principles. Demonstrations showed how simple cross‑site scripting (XSS) flaws in YAMCs and OpenC3 can let an adversary inject JavaScript, issue unauthorized telecommands, and even seize full control of a ground station interface.

A more sophisticated exploit targeted the CFS memory‑management module, manipulating the global offset table to redirect function calls and obtain a reverse shell directly from an onboard Linux system. The demo simulated a spacecraft’s orbit being altered and a remote code execution payload returning to the attacker, mirroring the kind of cyber‑physical sabotage previously achievable only with kinetic anti‑satellite missiles.

These findings underscore an urgent need for industry‑wide security hardening: adopting zero‑trust networking, rigorous code audits, and secure software supply chains for both ground and flight segments. Failure to address these vulnerabilities could enable nation‑states or criminal groups to disrupt communications, espionage, or even de‑orbit critical assets, reshaping the strategic calculus of space operations.