"... space firmware and software development is a “nightmare” for two reasons. First, legacy software is often used in development and is rarely updated, Flaco says. “The other reason why is because space systems are not built by software developers. They are built by aerospace engineers, for the most part.” https://www.wired.com/story/satellites-basic-security-flaws/ A couple of billion$$$ to build it & to protect from the rigors of space and million$$$ to get it into orbit. No investment in protecting its communications systems or its software/firmware - a business decision!
@Victek. Yes, that one brings back some memories... My understanding is that SolarWinds sent out software updates with hacked code to companies like Microsoft. The malicious updates with the malware spread undetected until it was discovered by FireEye - MS released fixes, the malware was removed and the vulnerabilities closed. The difference with the satellite companies is that they do not apply updates or upgrades once the craft is in orbit. No process in place, can't install corrupted code. I think it is more likely that a hacker will take advantage of the fact that these companies do not encrypt their communications with the satellites. Hackers could get control of the guidance system & make ransomware threats. Nothing like giving the bad guys options!
Very well said, and unfortunately true. It shouldn't be that way but the excuse always comes back to project overruns budgets.
