SpyChain: Multi-Vector Supply Chain Attacks on Small Satellite Systems
- URL: http://arxiv.org/abs/2510.06535v2
- Date: Tue, 14 Oct 2025 21:08:46 GMT
- Title: SpyChain: Multi-Vector Supply Chain Attacks on Small Satellite Systems
- Authors: Jack Vanlyssel, Enrique Sobrados, Ramsha Anwar, Gruia-Catalin Roman, Afsah Anwar,
- Abstract summary: Small satellites are integral to scientific, commercial, and defense missions, but reliance on commercial off-the-shelf (COTS) hardware broadens their attack surface.<n>We present SpyChain, the first end-to-end design and implementation of independent and colluding hardware supply chain threats targeting small satellites.<n>Using NASA's satellite simulation (NOS3), we demonstrate that SpyChain can evade testing, exfiltrate telemetry, disrupt operations, and launch Denial of Service (DoS) attacks.
- Score: 0.6524460254566903
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Small satellites are integral to scientific, commercial, and defense missions, but reliance on commercial off-the-shelf (COTS) hardware broadens their attack surface. Although supply chain threats are well studied in other cyber-physical domains, their feasibility and stealth in space systems remain largely unexplored. Prior work has focused on flight software, which benefits from strict security practices and oversight. In contrast, auxiliary COTS components often lack robust assurance yet enjoy comparable access to critical on-board resources, including telemetry, system calls, and the software bus. Despite this privileged access, the insider threat within COTS hardware supply chains has received little attention. In this work, we present SpyChain, the first end-to-end design and implementation of independent and colluding hardware supply chain threats targeting small satellites. Using NASA's satellite simulation (NOS3), we demonstrate that SpyChain can evade testing, exfiltrate telemetry, disrupt operations, and launch Denial of Service (DoS) attacks through covert channels that bypass ground monitoring. Our study traces an escalation from a simple solo component to dynamic, coordinating malware, introducing a taxonomy of stealth across five scenarios. We showcase how implicit trust in auxiliary components enables covert persistence and reveal novel attack vectors, highlighting a new multi-component execution technique that is now incorporated into the SPARTA matrix. Our findings are reinforced by acknowledgment and affirmation from NASA's NOS3 team. Finally, we implement lightweight onboard defenses, including runtime monitoring, to mitigate threats like SpyChain.
Related papers
- Multi-Agent-Driven Cognitive Secure Communications in Satellite-Terrestrial Networks [58.70163955407538]
Malicious eavesdroppers pose a serious threat to private information via satellite-terrestrial networks (STNs)<n>We propose a cognitive secure communication framework driven by multiple agents that coordinates spectrum scheduling and protection through real-time sensing.<n>We exploit generative adversarial networks to produce adversarial matrices, and employ learning-aided power control to set real and adversarial signal powers for protection layer.
arXiv Detail & Related papers (2026-01-06T10:30:41Z) - FlyTrap: Physical Distance-Pulling Attack Towards Camera-based Autonomous Target Tracking Systems [25.870424901890292]
We present a new type of attack: distance-pulling attacks (DPA)<n>FlyTrap is a novel physical-world attack framework that employs an adversarial umbrella as a deployable and domain-specific attack vector.<n>Our evaluations include new datasets, metrics, and closed-loop experiments on real-world white-box and even commercial ATT drones, including DJI and HoverAir.
arXiv Detail & Related papers (2025-09-24T17:59:54Z) - Cuckoo Attack: Stealthy and Persistent Attacks Against AI-IDE [64.47951172662745]
Cuckoo Attack is a novel attack that achieves stealthy and persistent command execution by embedding malicious payloads into configuration files.<n>We formalize our attack paradigm into two stages, including initial infection and persistence.<n>We contribute seven actionable checkpoints for vendors to evaluate their product security.
arXiv Detail & Related papers (2025-09-19T04:10:52Z) - ASTREA: Introducing Agentic Intelligence for Orbital Thermal Autonomy [51.56484100374058]
ASTREA is the first agentic system executed on flight-heritage hardware for autonomous spacecraft operations.<n>We integrate a resource-constrained Large Language Model (LLM) agent with a reinforcement learning controller in an asynchronous architecture tailored for space-qualified platforms.
arXiv Detail & Related papers (2025-09-16T08:52:13Z) - What is Cybersecurity in Space? [2.0609639926456964]
Satellites, drones, and 5G space links now support critical services such as air traffic, finance, and weather.<n>This paper maps eleven research gaps, including secure routing, onboard intrusion detection, recovery methods, trusted supply chains, post-quantum encryption, zero-trust architectures, and real-time impact monitoring.<n>We propose a five-year roadmap: post-quantum and QKD flight trials, open cyber-ranges, clearer vulnerability shar ing, and early multi-agent deployments.
arXiv Detail & Related papers (2025-09-05T21:08:28Z) - An LLM-based Self-Evolving Security Framework for 6G Space-Air-Ground Integrated Networks [49.605335601285496]
6G space-air-ground integrated networks (SAGINs) offer ubiquitous coverage for various mobile applications.<n>We propose a novel security framework for SAGINs based on Large Language Models (LLMs)<n>Our framework produces highly accurate security strategies that remain robust against a variety of unknown attacks.
arXiv Detail & Related papers (2025-05-06T04:14:13Z) - Evaluating an Effective Ransomware Infection Vector in Low Earth Orbit Satellites [0.0]
In this paper, we outline a scenario in which an attacker can infect an in-orbit NASA Core Flight System (cFS) based satellite with ransomware and communicate the infection back to a satellite operator.<n>This paper is the first to demonstrate an end-to-end exploit path that results in a ransomware infection without the need for a supply chain attack or compromised credentials.
arXiv Detail & Related papers (2024-12-05T20:30:26Z) - Evaluating the Security of Satellite Systems [24.312198733476063]
This paper presents a comprehensive taxonomy of adversarial tactics, techniques, and procedures explicitly targeting satellites.
We examine the space ecosystem including the ground, space, Communication, and user segments, highlighting their architectures, functions, and vulnerabilities.
We propose a novel extension of the MITRE ATT&CK framework to categorize satellite attack techniques across the adversary lifecycle from reconnaissance to impact.
arXiv Detail & Related papers (2023-12-03T09:38:28Z) - Few-Shot Backdoor Attacks on Visual Object Tracking [80.13936562708426]
Visual object tracking (VOT) has been widely adopted in mission-critical applications, such as autonomous driving and intelligent surveillance systems.
We show that an adversary can easily implant hidden backdoors into VOT models by tempering with the training process.
We show that our attack is resistant to potential defenses, highlighting the vulnerability of VOT models to potential backdoor attacks.
arXiv Detail & Related papers (2022-01-31T12:38:58Z) - ADAPT: An Open-Source sUAS Payload for Real-Time Disaster Prediction and
Response with AI [55.41644538483948]
Small unmanned aircraft systems (sUAS) are becoming prominent components of many humanitarian assistance and disaster response operations.
We have developed the free and open-source ADAPT multi-mission payload for deploying real-time AI and computer vision onboard a sUAS.
We demonstrate the example mission of real-time, in-flight ice segmentation to monitor river ice state and provide timely predictions of catastrophic flooding events.
arXiv Detail & Related papers (2022-01-25T14:51:19Z) - Fixed Points in Cyber Space: Rethinking Optimal Evasion Attacks in the
Age of AI-NIDS [70.60975663021952]
We study blackbox adversarial attacks on network classifiers.
We argue that attacker-defender fixed points are themselves general-sum games with complex phase transitions.
We show that a continual learning approach is required to study attacker-defender dynamics.
arXiv Detail & Related papers (2021-11-23T23:42:16Z) - GRAVITAS: Graphical Reticulated Attack Vectors for Internet-of-Things
Aggregate Security [5.918387680589584]
Internet-of-Things (IoT) and cyber-physical systems (CPSs) may consist of thousands of devices connected in a complex network topology.
We describe a comprehensive risk management system, called GRAVITAS, for IoT/CPS that can identify undiscovered attack vectors.
arXiv Detail & Related papers (2021-05-31T19:35:23Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.