Stephan Havermans (IMDEA Software Institute), Lars Baumgaertner, Jussi Roberts, Marcus Wallum (European Space Agency), Juan Caballero (IMDEA Software Institute)

Space systems are critical assets and protecting them against cyberattacks is a paramount challenge that has received limited attention. In particular, it is fundamental to secure spacecraft communications by identifying and removing potential vulnerabilities in the implementations of space (communication) protocols, which could be remotely exploited by attackers. This work reports our preliminary experiences when fuzzing five open-source implementations of four space protocols using two approaches: grammar-based fuzzing and coverageguided fuzzing. To enable the fuzzing, we created grammars for the protocols and custom harnesses for the targets. Our fuzzing identified 11 vulnerabilities across four targets caused by typical memory-related bugs such as double-frees, out-of-bounds reads, and the use of uninitialized variables. We responsibly disclosed the vulnerabilities. To date, 5 vulnerabilities have been patched and 4 have been awarded CVE identifiers. Additionally, we discovered a discrepancy in how one target interprets a protocol standard, which we reported and has since been fixed.

View More Papers

Can a Cybersecurity Question Answering Assistant Help Change User...

Lea Duesterwald (Carnegie Mellon University), Ian Yang (Carnegie Mellon University), Norman Sadeh (Carnegie Mellon University)

Read More

The (Un)usual Suspects – Studying Reasons for Lacking Updates...

Maria Hellenthal (CISPA Helmholtz Center for Information Security), Lena Gotsche (CISPA Helmholtz Center for Information Security), Rafael Mrowczynski (CISPA Helmholtz Center for Information Security), Sarah Kugel (Saarland University), Michael Schilling (CISPA Helmholtz Center for Information Security), Ben Stock (CISPA Helmholtz Center for Information Security)

Read More

You Can Rand but You Can't Hide: A Holistic...

Inon Kaplan (Independent researcher), Ron even (Independent researcher), Amit Klein (The Hebrew University of Jerusalem, Israel)

Read More

Towards Understanding Unsafe Video Generation

Yan Pang (University of Virginia), Aiping Xiong (Penn State University), Yang Zhang (CISPA Helmholtz Center for Information Security), Tianhao Wang (University of Virginia)

Read More