Moonlighter Satellite to be Hacked at DEF CON 2023

The DEF CON cybersecurity conference in Las Vegas, which will be held in August 2023, will be the first time a real satellite in orbit will be targeted in the annual hacking competition. Researchers will remotely hack the Moonlighter satellite, which was recently successfully delivered into orbit using the SpaceX Falcon 9. The team that discovers a way to capture the satellite will receive the main prize of $50,000.

What is the Moonlighter Satellite?

The Moonlighter is a small cubesat (PDF) weighing around 5 kilograms. When folded, it measures 34 cm x 11 cm x 11 cm, and when fully unfolded with solar panels, it measures 50 cm x 34 cm x 11 cm. The satellite was built by the federally funded The Aerospace Corporation in partnership with the US Space Systems Command and the US Air Force Research Laboratory. It will run software developed by information security and aerospace experts specifically for in-orbit cybersecurity training and exercises.

Inspired by Hack-A-Sat Competition

This project is inspired by the Hack-A-Sat competition, which has been held for four years by the US Air Force and US Space Force specialists at the annual security conference DEF CON. According to project leader Aaron Myrick of the Aerospace Corporation, Moonlighter’s goal is to take offensive and defensive cyber exercises for space systems from a laboratory environment on Earth to low Earth orbit.
In addition, the satellite is designed to withstand attempts by hacker teams competing to take control of its software without the contestants being able to damage or destroy it. “If you’re doing a hacking competition or any other cyber activity or exercise with a real craft, it’s difficult because you’re potentially compromising the mission of that craft,” Myrick says. “Therefore, we decided that if we want to do everything right, you have to build everything from scratch.”
To this end, the satellite runs software that behaves like a real on-board computer and can be subjected to multiple real attacks, allowing you to capture the satellite without harming its critical subsystems. “All this makes the cyber experiment reproducible, realistic and safe, while maintaining the health and safety of the satellite,” explains Aerospace Corp.

Hack-A-Sat Competition at DEF CON

The first test of the Moonlighter will take place in August, when it will be broken as part of the Hack-A-Sat competition in Las Vegas. The five teams that make it to the DEF CON finals will be eligible to try their hand at this area. The top three teams will receive cash prizes: $50,000 for first place, $30,000 for second place, and $20,000 for third.
The Register quoted Istari’s lead cybersecurity software engineer, James Pavur, who has competed in three previous Hack-A-Sat competitions. Pavur describes himself as a “passionate information security researcher” when it comes to finding holes in satellites.
The Moonlighter satellite is a unique project that has been designed to take offensive and defensive cyber exercises for space systems from a laboratory environment on Earth to low Earth orbit. The satellite runs software that behaves like a real on-board computer and can be subjected to multiple real attacks, allowing hackers to capture the satellite without harming its critical subsystems.
The first test of the Moonlighter will take place in August, when it will be broken as part of the Hack-A-Sat competition in Las Vegas. The five teams that make it to the DEF CON finals will be eligible to try their hand at this area. The top three teams will receive cash prizes: $50,000 for first place, $30,000 for second place, and $20,000 for third.
The Moonlighter satellite is a unique project that has been designed to take offensive and defensive cyber exercises for space systems from a laboratory environment on Earth to low Earth orbit. The satellite runs software that behaves like a real on-board computer and can be subjected to multiple real attacks, allowing hackers to capture the satellite without harming its critical subsystems.
The Aerospace Corporation, in partnership with the US Space Systems Command and the US Air Force Research Laboratory, have built the Moonlighter satellite to be used in the DEF CON 2023 hacking competition. The satellite is a small cubesat (PDF) weighing around 5 kilograms. When folded, it measures 34 cm x 11 cm x 11 cm, and when fully unfolded with solar panels, it measures 50 cm x 34 cm x 11 cm.
The Moonlighter satellite is designed to withstand attempts by hacker teams competing to take control of its software without the contestants being able to damage or destroy it. The software that runs on the satellite is developed by information security and aerospace experts specifically for in-orbit cybersecurity training and exercises. This makes the cyber experiment reproducible, realistic and safe, while maintaining the health and safety of the satellite.
The five teams that make it to the DEF CON finals will be eligible to try their hand at this area. The top three teams will receive cash prizes: $50,000 for first place, $30,000 for second place, and $20,000 for third. The Register quoted Istari’s lead cybersecurity software engineer, James Pavur, who has competed in three previous Hack-A-Sat competitions. Pavur describes himself as a “passionate information security researcher” when it comes to finding holes in satellites.
The Moonlighter satellite is an exciting project that has the potential to revolutionize the way we think about cybersecurity in space. The DEF CON 2023 hacking competition will be the first time a real satellite in orbit will be targeted, and the team that discovers a way to capture the satellite will receive the main prize of $50,000. It will be an exciting event and one that will be sure to draw the attention of the world.