Hacking satellites to expose vulnerabilities. - T-Minus: Space-Cyber Briefing

Summary6 min read

T-Minus Space Daily: Episode Summary - "Hacking Satellites to Expose Vulnerabilities"

Release Date: August 8, 2025
Host: Maria Varmazis
Publisher: N2K Networks

Introduction

In this episode of T-Minus Space Daily, host Maria Varmazis delves into pressing issues within the space industry, highlighting significant advancements, financial updates, and critical vulnerabilities exposed in satellite technologies. The episode provides a comprehensive overview of the latest developments, ensuring listeners are well-informed about the dynamic landscape of space operations and cybersecurity.

Top Story: Vision Space Technologies Exposes Critical Satellite Vulnerabilities

The centerpiece of today's briefing focuses on a groundbreaking revelation from Vision Space Technologies, presented at this year's Black Hat conference in Las Vegas—an event synonymous with cybersecurity advancements.

Key Findings:
Vision Space Technologies identified several critical vulnerabilities in widely-used space industry software, including Cryptolib, Yams, OpenC3, Cosmos, and NASA's Core Flight System Aquila. These vulnerabilities pose significant risks, such as unauthorized commands that can alter a satellite's trajectory or even cause a complete system crash.
Notable Demonstrations:
During their presentation, researchers simulated unauthorized thruster firings, demonstrating how easily a satellite's course could be manipulated (04:30). Additionally, they showcased how unauthenticated telephone exploits could crash onboard software, forcing satellites to reboot or reset entirely.
Responsible Disclosure:
Maria emphasizes that Vision Space Technologies responsibly disclosed these vulnerabilities to the respective software owners, leading to timely remediations. As Maria states, “It is crucial to note here that the researchers responsibly disclosed these vulnerabilities with the software owners, and the vulnerabilities have subsequently been remediated prior to the Black Hat presentation” (05:20). Detailed research posts and specific CVEs are available in the show notes for those interested in the technical aspects.

China's First Lunar Lander Test: A Leap Towards Manned Moon Missions

China has made a significant stride in its space exploration ambitions with the successful test of its first lunar lander, Lanyue (meaning "Embrace the Moon").

Test Details:
The lander underwent rigorous testing under multiple operational conditions at a site in Hebei Province, designed to mimic the moon's surface. This test validated the ascent and descent systems, marking a pivotal milestone in China's plan to transport humans to the lunar surface.
Future Capabilities:
Beyond transportation, Lanyue is engineered to serve as a living space, power source, and data center once on the moon, paving the way for sustained human presence.

Rocket Lab's Progress on the US Space Force's Victus Hayes Mission

Rocket Lab has achieved a critical milestone by completing the systems integration review for the US Space Force's Victus Hayes mission.

Mission Overview:
Victus Hayes is part of the Space Systems Command's Tactically Responsive Space program, led by Space Safari in collaboration with the Defense Innovation Unit.
Progress and Financials:
The systems integration review, finalized in May, confirmed that all spacecraft components, systems, and software are ready for the next phases of integration and testing. This follows the successful critical design review earlier in the year, which validated the mission's design and paved the way for production.

Rocket Lab reported impressive financial results for the second quarter, with revenues of $144 million, marking a 36% year-over-year growth. The company successfully completed five launches in the quarter, including two consecutive launches from the same site in New Zealand.

Financial Updates: Globalstar and Carmen Space & Defense

In addition to Rocket Lab, other industry players have reported their second-quarter financial outcomes:

Globalstar:
Generated revenue of $67.1 million, reflecting an 11% increase over the previous year. The growth was driven by higher wholesale capacity services and commercial IoT revenue.
Carmen Space & Defense:
Achieved a record quarterly revenue of $115.1 million, a 35.3% year-over-year increase.

Detailed financial reports are accessible via the show notes for listeners seeking in-depth information.

Voyager Technologies Acquires Electromagnetic Systems (EMSI)

Voyager Technologies has strategically acquired Electromagnetic Systems, Inc. (EMSI), a software developer specializing in AI and machine learning-based automated target recognition and intelligence analytics for space-based radar systems.

Strategic Alignment:
This acquisition aligns with Voyager's objective to scale AI-native mission-resilient systems that support US Defense and intelligence priorities.
Future Implications:
Together, the combined entities aim to enhance their offerings with advanced imaging, automated target recognition, and feature exploitation, strengthening their position in the defense and intelligence sectors.

Additional Headlines with Alice Carruth

Senior producer Alice Carruth shares three additional stories:

Interstellar Comet Enters Our Solar System:
The Hubble Space Telescope has provided a size estimate for the newly detected interstellar comet, offering valuable insights into its composition and trajectory.
Air Environment and SNC Partnership:
Air Environment is collaborating with SNC on Golden Dome submissions, focusing on innovative aerospace solutions.
Muon Space's New Satellite Platform:
Muon Space unveiled a new satellite platform, announcing the Hubble Network as its first customer. It's clarified that this Hubble refers to a different entity than the famous space telescope.

All additional stories and detailed information are available in the show notes on space.n2k.com.

Space Traffic Report: Recent and Upcoming Launches

Partnering with nasaspaceflight.com, the Space Traffic Report segment covers recent launches and upcoming missions:

Recent Launches:
- Blue Origin's New Shepard (August 3, 12:42 UTC):
  Carried six passengers to the edge of space. Notably, Justin Sun, an initial bidder for a seat back in 2021, finally participated after a delay.
- SpaceX's Falcon 9 (August 4, 7:57 UTC):
  Launched 28 Starlink V2 mini satellites, contributing to SpaceX's total of 9,342 Starlink satellites in orbit.
- China's Changzhong 12 Rocket (August 4, 10:21 UTC):
  Deployed nine Guo Wang satellites, marking the seventh operational batch.
- Rocket Lab's Electron Rocket (August 5, 4:10 UTC):
  Successfully launched the QPS SAR 12 satellite for Japanese company IQPS.
- Geelong 3 Launch:
  Sent the fourth batch of GEELY satellites into low Earth orbit, enhancing Geely's navigation augmentation systems.
Upcoming Launches:
- SpaceX's Crew 10 Return:
  Scheduled to undock from the International Space Station on August 8th at 22:05 UTC, pending weather conditions.
- ULA's Vulcan Rocket (August 12th, 23:49 UTC):
  Set to launch the USSF 106 mission, potentially the first national security mission on Vulcan after overcoming previous delays.
- Ariane 6 Rocket Launch:
  Carrying the Metop SGA1 weather satellite for Europe, originally slated for a Soyuz rocket but moved to Ariane 6 due to geopolitical factors.

National Space Society's Goddard 100 Student Contest

In celebration of the 100th anniversary of Robert Goddard's first rocket launch, the National Space Society has launched the Goddard 100 Student Contest.

Contest Details:
- Eligibility: Open to K-12 and college students.
- Categories: Include essays, art, video, and 3D models of rockets and habitats.
Prizes and Opportunities:
Winning entries will be published in AD Astra, the magazine of the National Space Society, showcased at the International Space Development Conference, and awarded cash prizes.
Submission Deadline: March 15, 2026.

Maria Varmazis encourages educational institutions and students to participate, highlighting the contest as a tribute to Goddard's legacy and a platform for the next generation of space innovators.

Conclusion

This episode of T-Minus Space Daily provides a thorough analysis of critical cybersecurity vulnerabilities in space systems, significant advancements in lunar exploration by China, substantial financial growth among key space companies, and strategic acquisitions shaping the industry's future. Additionally, the report encompasses recent and forthcoming space launches, ensuring listeners are abreast of the latest developments. The introduction of the Goddard 100 Student Contest further emphasizes the podcast's commitment to fostering the next wave of space enthusiasts and professionals.

For more detailed information, including links to research, financial reports, and additional stories, refer to the show notes available on the podcast platform and the N2K Networks website.

This summary captures the essential discussions and insights from the "Hacking Satellites to Expose Vulnerabilities" episode of T-Minus Space Daily, providing a comprehensive overview for listeners and enthusiasts alike.

Loading summary

Transcript25 lines

[00:00]
Maria Varmazis
Foreign you're listening to the N2K space network.
[00:09]
Cyberark Representative
CISOs and CIOs know machine identities now outnumber humans by more than 80 to 1 and without securing them trust, uptime, outages and compliance are at risk. Cyberark is leading the way with the only unified platform purpose built to secure every machine identity, certificates, secrets and workloads across all environments, all clouds and all AI agents. Designed for scale automation and quantum readiness, Cyberark helps modern enterprises secure their machine future. Visit cyberark.com machines to see how.
[00:57]
Maria Varmazis
Today is August 8, 2025. I'm Maria Varmazis and this is T min T minus 20 seconds. Voyager Technologies has acquired software developer Electromagnetic Systems 4 Rocket Lab, Globalstar and Carmen Space and Defense have reported second quarter financial results. Rocket Lab has completed the systems integration review for the US Space Force's Victus Hayes mission. China has conducted conducted its first test of a lunar lander that they plan to use to take humans to the moon. Vision Space Technologies has demonstrated software vulnerability exploits on satellites as well as on the ground stations that control them. And it is Friday. Hooray. And our partners@nasaspaceflight.com will be bringing us the Space Traffic Report after today's headlines. They'll be wrapping up the launch news from the last seven days and taking a look at what's to come in the week ahead. Don't miss it. You made it to Friday, everybody. Congratulations. In the meantime, let's get into our daily briefing. Our top story comes from the world of space cybersecurity because right now it is a very special time in Las Vegas for cybersecurity professionals. Its effectiveness, affectionately known as Hacker Summer Camp, a mega week of professional conferences in Las Vegas, including major events like Black Hat and defcon, where researchers often share key findings from their work. This year's Black Hat conference included a major finding in the realm of space cybersecurity from researchers at Vision Space Technologies. According to a new piece from the Register, the researchers found a number of vulnerabilities, some rated critical, in a number of software that is heavily used in the space industry onboard satellites as well as in ground stat. And those include cryptolib, yams, openc3, cosmos, and NASA's core flight system Aquila. During their Black Hat presentation, the Vision Space researchers simulated being able to send an unauthorized command to fire a satellite's thrusters and immediately change its course. Another vulnerability that they found when exploited using an unauthenticated telephone could completely crash a satellite's onboard software, forcing it to reboot and in some cases fully reset. VisionSpace showed that other flaws that they discovered in spaceflight system software allowed for remote code executions, denial of service attacks, credential leakage, cross site scripting attacks, or even granted full code execution permissions. It is crucial to note here that the researchers responsibly disclosed these vulnerabilities with the software owners, and the vulnerabilities have subsequently been remediated prior to the Black Hat presentation. In plain language, there are fixes for all of these problems and we will have links to the full research posts from VisionSpace in the show Notes for you, which includes more detail on their research along with the specific CVEs for these vulnerabilities. If that is information that you need Moving on now and China has conducted its first test of a lunar lander that they plan to use to take humans to the moon. China's manned space agency says the test involved multiple operational conditions, a lengthy testing period and high technical complexity. The making it a critical milestone in the development of China's manned lunar exploration program. The lander's ascent and descent systems were tested at a site in Hebei Province that was designed to simulate the moon's surface. The lunar lander, known as Lanyue, which translates to embrace the moon, will be used to transport astronauts between the lunar orbit and the moon's surface. The agency says it'll also serve as a living space power source and data center after they land on the moon. Rocket Lab has completed the systems integration review for the US Space Force's Victus Hayes mission. Victus Hayes is part of the Space Systems Command's Tactically Response Space program led by Space Safari in partnership with the Defense Innovation Unit. The review, although only announced yesterday, was actually completed in May and marked a critical program milestone, confirming that all spacecraft components, systems and software were ready for final integration and testing. It followed Rocket Lab's successful critical design review earlier in the year, which validated the mission design and cleared the way for production. Following the systems integration review, Rocket Lab completed spacecraft integration and the vehicle is now entering final testing just 15 months after contract award and staying with Rocket Lab. By the way, they, along with two other space companies, filed second quarter financial updates yesterday. It's been a big year for Rocket Lab, with quarterly revenue of $144 million, which represents a 36% year on year growth. The company's launch cadence is steadily increasing as they completed five launches in the quarter, including two launches two days apart from the same launch site in New Zealand. Impressive stuff. Globalstar and Carbon Space and Defense also reported their quarterly updates. Global Star says it generated second quarter revenue of $67.1 million, which is an 11% increase over the prior year period and it was driven by higher wholesale capacity services and commercial IoT revenue. And for its part, Harman Space and Defense produced record quarterly revenue of $115.1 million up 35.3% year over year. And you can read all of those full results by following the links in our show notes and there you will also find updates on Firefly Aerospace's NASDAQ debut and last up Voyager Technologies has acquired software developer Electromagnetic Systems, also known as emsi. EMSI develops AI and machine learning based automated target recognition software and intelligence analytics for space based radar systems and the acquisition is part of Voyager's plan to scale AI native mission resilient systems that align directly with US Defense and intelligence priorities. The companies say that together they can expand their offerings with cutting edge machine learning and AI to deliver advanced imaging, automated target recognition and feature exploitation foreign and that concludes today's Friday Intel Briefing for you. We will have more space stories coming up with the NSF Space Traffic Report. But before we get into that, N2K senior producer Alice Carruth joins us now with the other headlines from across the space industry that didn't quite make today's Top five.
[07:51]
Alice Carruth
Thanks, Maria. We have three additional stories linked in today's Selected Reading section of the Show Notes. The first is an update on the interstellar comet that's apparently joined our solar system.
[07:59]
Maria Varmazis
Okay, seriously, I love this story. So what's the latest?
[08:02]
Alice Carruth
Our favorite space telescope, Hubble has made a size estimate of it. Pretty neat. Air Environment and SNC are partnering to collaborate on Golden Dome submissions. And Muon Space has unveiled a new satellite platform and announced that its first customer for it is the Hubble Network.
[08:18]
Maria Varmazis
The other Hubble that is not the space Telescope, just to be clear.
[08:22]
Alice Carruth
Right? So as I mentioned, the links for all these stories are in the Show Notes, which are included on the podcast platform that you're listening to us on right now and they can also be found on our website space.n2k.com just click on today's episode title.
[08:34]
Maria Varmazis
Hey T Minus Crew, Tune in tomorrow for T Minus Deep Space. It's our show for extended interviews, special editions and deep dives with some of the most influential professionals in the space industry. Tomorrow we have Audrey Shafer, who is the Vice President of Strategy and Policy at Slingshot Aerospace, talking with me about supporting the Traffic Coordination System for Space. Yeah, tracks lots of news about that Lately, right? Check it out while you are at the gym, heading to Salt Lake City for a small sack or simply taking some me time this weekend to unwind. You deserve it. Definitely don't miss it.
[09:28]
David Moulton
New adversary tactics and emerging tech to meet these threats is developing all the time on Threat Vector we keep you a step ahead. We dig deep into the threats that matter and the strategies that work.
[09:40]
Maria Varmazis
How do they help that customer know.
[09:42]
David Moulton
That what they just created is safe?
[09:44]
Alice Carruth
The future is now and our expectations are wrong.
[09:48]
David Moulton
Join me David Moulton, Senior Director of thought leadership for Unit 42 at Palo Alto Networks and our guest who live this work every day.
[09:56]
Maria Varmazis
We're not just talking about some encryption and paying multimillion dollar ransom. We're talking about fundamentally being unable to operate automated eradication and containment. So being able to very rapidly ID.
[10:11]
Alicia Siegel
What'S going on in an environment and contain that immediately. They're hiding in plain sight.
[10:19]
David Moulton
So if you're looking to sharpen your strategy and stay ahead of what's next, tune in and listen to threatvector, your front line for security insights.
[10:35]
Cyberark Representative
And now a word from our sponsor, ThreatLocker, the powerful zero trust enterprise solution that stops ransomware in its tracks. Allowlisting is a deny by default software that makes application control simple and fast. Ring Fencing is an application containment strategy ensuring apps can only access the files, registry keys, network resources and other applications they truly need to function. Shut out cybercriminals with world class endpoint protection from threat locker.
[11:09]
Alicia Siegel
Foreign.
[11:13]
Maria Varmazis
You over now to our partners@nasaspaceflight.com.
[11:19]
Alicia Siegel
I'm Alicia Segal for NSF and this is your weekly Space Traffic report for T minus Space. Starting off the week we had the 34th launch of Blue Origin's New Shepard rocket. Liftoff took place on August 3rd at 12:42 UTC from Blue's launch site 1 in West Texas. The flight carried six passengers on board to the edge of space and back. By the way, Blue Origin keeps calling them astronau. There's this whole debate about whether you should say astronauts or just passengers. For the time being we are just going to keep using passengers since it's a more general term, but feel free to discuss that in the comments. The six passengers were Arvi Bahal, Gokan Erdem, Deborah Martorell, Lionel Pitchford, JD Russell and he Justin Sun. Justin sun was the passenger who in 2021 had bid $28 million to be New Shepard's first paying passenger. But he wasn't able to commit to the eventual launch which was planned for just about a month later. It seems like he might have had a rather busy schedule if it wasn't until now in 2025 that he had enough time to be able to go to space. For this mission, Blue origin flew Tail 4 as the booster which performed its 15th launch and landing on this flight. The New Shepard capsule on this flight was Also the RSS First Step capsule completing its 14th launch and landing. And by the way, that's the same one that was used for the first passenger flight on New Shepard back in 2021. So I guess Justin's son still ended up flying on that capsule. Anyways, now we go from suborbital launches to orbital launches and we've had a few this week starting From Florida with SpaceX's Falcon 9 liftoff took place on August 4th at 7:57 UTC from Space Launch Complex 40 at the Cape Canaveral Space Force Station. The mission was carrying 28 Starlink V2 mini satellites into low Earth orbit. With this mission, SpaceX has now launched a total of 9,342 Starlink satellites into orbit, of which 1,221 have re entered and 7,042 have moved into their operational orbit. The booster used on this mission, B80, was flying for a 21st time and it successfully landed on SpaceX's drone ship. Just read the instructions from China we had yet another launch of Internet satellites on board a Changjong 12 rocket. Liftoff happened on August 4th at 10:21 UTC from Launch Complex 2 at the Commercial Wencheng Space Launch Site located on the island of Hainan in China. The rocket was carrying a batch of nine Guo Wang satellites into low Earth orbit, the seventh operational batch of these satellites to be deployed in orbit. With this launch, China has now launched a total of 57 of these operational satel into orbit, as well as about a couple dozen test satellites. This was also the second flight of the Changjong 12 rocket, having had its debut flight back in November of last year. From China we go to New Zealand and Rocket Lab's Electron rocket on the mission called the Harvest Goddess Thrives. Electron took off on August 5th at 4:10 UTC from Launch Complex 1B carrying the QPS SAR 12 satellite for Japanese company IQPS. The QPS SAR satellites are small Earth observation satellites that use a small deployable antenna to perform Synth radar imaging of earth. This was Electron's 11th launch of the year and 69th overall. Right at the end of the week we had the launch of a Geelong 3 taking off from the Dongfang Hong Tiangong launch platform off the coast of China. The rocket was carrying the fourth batch of GEELY satellites into low Earth orbit. The GEELY satellites are part of the GEELY constellation of satellites developed by GSpace, a subsidiary of the Chinese automotive company Geely. These satellites are used by GEELY as navigation augmentation satellites that connect to their own vehicles on accurate positioning than with just the traditional Global Navigation Positioning System satellites. Going into next week, or maybe it's already happened, is the return of SpaceX's Crew 10 from the International Space Station. The return was supposed to have happened earlier in the week, but bad weather kept pushing the departure by a few days. As of recording, the undocking of Crew 10 was supposed to happen on August 8th at 22:05 UTC, so it may have already undocked by the time you're watching this, unless the weather has delayed it again. We'll definitely cover it in more detail next week once it happens. Now, that's of course, a crew return, but we've got lots of other launches next week. As usual, there's a handful of Starlink launches scheduled, which are also split almost half and half between Florida and California in terms of where they're launching from. But also next week we've got the third launch of ULA's Vulcan rocket with the USSF 106 mission. That mission should hopefully be the first national security mission on Vulcan after a long delay in getting its certification. Somewhat expected given the oopsies that they had with the SRB nozzle on Vulcan's second flight. If all goes well and there aren't any more delays, that launch should occur no earlier than August 12th at 23:49 UTC. Less than an hour later, we'll also have the third launch of another rocket, this time of Ariane 6 in its two SRB configuration from French Guiana. That launch will be carrying the Metop SGA1 weather satellite for Europe. The satellite's part of the second generation meteorological operational Satellite developed by the European Space Agency. It was originally supposed to launch on a Soyuz rocket, but after the 2022 Russian invasion of Ukraine, ESA decided to move it to the Ariane 6. I'm Alicia Siegel for NSF, and that's your weekly space traffic report. Now back to T minus space.
[16:44]
Maria Varmazis
We will be right back.
[16:49]
State Farm Representative
This episode is brought to you by State Farm. Checking off the boxes on your to do list is a great feeling. And when it comes to checking off coverage, a State Farm agent can help you choose an option that's right for you, whether you prefer talking in person on the phone or using the award winning app. It's nice knowing you have help finding coverage that best fits your needs. Like a good neighbor, State Farm is there.
[17:16]
Maria Varmazis
Welcome back. The National Space Society has rolled out a new competition to mark 100 years since Robert Goddard's first rocket launch. Yeah, it's coming up next year. Would you believe it? The Goddard 100 student contest is officially open, everybody, and it's a call to the next generation of thinkers, makers and space dreamers. And the contest invites students to envision space futures through writing, art, video or models. And not that school projects are not cool on their own, but this is actually more than just that. Winning entries will be published in AD Astra, which is the magazine of the National Space Society and showcased at the International Space Development Conference and honored with cash prizes. Not bad. The contest is open to K12 and college students, with categories ranging from essays to 3D models of rockets and habitats. It is a fitting tribute to Goddard's legacy after all, because here we are a century later after his revolutionary launch just down the road from me in Auburn, Massachusetts. And now students are helping imagine where we get to go next. So you've got time to get your students involved. Submissions close on March 15, 2026. You've got some time. That is one day before the 100th anniversary officially, by the way. So we will be watching closely to see what bold ideas take shape. Because if history tells us anything, it only takes one spark to launch the and that is T minus. Brought to you by N2K CyberWire we'd love to know what you think of our podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing space industry. If you like the show, please share a rating and review on your podcast app. Please also fill out the survey in the show notes or send an email to space2k.com we're proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector. From the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies, N2K helps space and cybersecurity professionals grow, learn and stay informed. As the nexus for discovery and connection, we bring you the people, the technology and the ideas shaping the future of secure innovation. Learn how@n2k.com N2K's senior producer is Alice Carruth. Our producer is Liz Stokes. We're mixed by Elliot Peltzman and Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kielpe is our publisher and I am your host, Maria Varmazis. Thanks for listening. Have a great weekend.
[20:05]
Alicia Siegel
T minus.