Satellites face a multitude of security risks that set them apart from hardware on Earth. Small satellites may face additional challenges, as they are often developed on a budget and by amateur organizations or universities that do not consider security. We explore the security practices and preferences of small satellite teams, particularly university satellite teams, to understand what barriers exist to building satellites securely. We interviewed 8 university satellite club leaders across 4 clubs in the U.S. and perform a code audit of 3 of these clubs' code repositories. We find that security practices vary widely across teams, but all teams studied had vulnerabilities available to an unprivileged, ground-based attacker. Participants foresee many risks of unsecured small satellites and indicate security shortcomings in industry and government. Lastly, we identify a set of considerations for how to build future small satellites securely, in amateur organizations and beyond.
View on arXiv@article{mcamis2025_2505.09038,
title={ Unencrypted Flying Objects: Security Lessons from University Small Satellite Developers and Their Code },
author={ Rachel McAmis and Gregor Haas and Mattea Sim and David Kohlbrenner and Tadayoshi Kohno },
journal={arXiv preprint arXiv:2505.09038},
year={ 2025 }
}