Biography
Johannes Willbold is a doctoral student at the chair for systems security at the Ruhr University Bochum in Germany. In this doctoral thesis, he focuses on the security of space and satellite systems, with a particular emphasis on understanding real-world security issues. His first paper on the security of onboard satellite software “Space Odyssey: An Experimental Software Security Analysis of Satellites” was accepted to the IEEE S&P 2023 conference. In 2022, Johannes visited the Cyber-Defence Campus in Switzerland for an extended research stay on satellite security, where he investigated the security of VSAT systems.
He organizes the yearly SpaceSec workshop, the first academic workshop on space and satellite systems security co-located with the top-tier security conference NDSS.
He participated in the Hack-A-Sat 2 and 4 finals.
As a speaker, he presented at numerous conferences about the software security of space and satellite systems, including Black Hat US, REcon, TyphoonCon, CySat, TTI/Vanguard. In addition, he presented his work at the European Space Agency (ESA) and the NASA Jet Propulsion Laboratory (JPL).
As the subgroup chair of the integration layer in the IEEE P3349 Space System Cybersecurity Working Group, he is leading the efforts to include strong cybersecurity aspects for future space system integration layer.
News - Upcoming Talks
CYSAT 2024, 2024, Paris, France
24th April, 2024, Johannes Willbold
Selected Publications
I only started publishing in IT-Security after starting my Ph.D. Before that, I worked as software engineer in an assisting researcher position and co-authored eight papers on Alzheimer diagnostics. Refer to my Google Scholar for a full list of publications.
2024
VSAsTer: Uncovering Inherent Security Issues in Current VSAT System Practices
Johannes Willbold, Moritz Schloegel, Robin Bisping, Martin Strohmeier, Thorsten Holz, Vincent Lenders
17th ACM Conference on Security and Privacy in Wireless and Mobile Networks
Wireless Signal Injection Attacks on VSAT Satellite Modems
Robin Bisping, Johannes Willbold, Martin Strohmeier, Vincent Lenders
33rd USENIX Security Symposium (USENIX Security 24)
Satellite Cybersecurity Reconnaissance: Strategies and their Real-world Evaluation
Johannes Willbold, Franklyn Sciberras, Martin Strohmeier, Vincent Lenders
45th IEEE Aerospace Conference
Scaling Software Security Analysis to Satellites: Automated Fuzz Testing and Its Unique Challenges
Johannes Willbold, Moritz Schloegel, Florian Göhler, Tobias Scharnowski, Nils Bars, Simon Wörner, Nico Schiller, Thorsten Holz
45th IEEE Aerospace Conference
2023
Space Odyssey: An Experimental Software Security Analysis of Satellites
Johannes Willbold, Moritz Schloegel, Manuel Vögele, Maximilian Gerhardt, Thorsten Holz, and Ali Abbasi
44th IEEE Symposium on Security and Privacy (S&P)
Distinguished Paper Award
2022
SGXFuzz: Efficiently Synthesizing Nested Structures for SGX Enclave Fuzzing
Tobias Cloosters, Johannes Willbold, Thorsten Holz, and Lucas Davi
31st USENIX Security Symposium (USENIX Security 22)
Talks
2024
Orbital Security: Results of an Academic Work on New Space Satellite Security
Vytah Space Business Conference, 2024, 11th April, Johannes Willbold, Bratislava, Slovakia
Scaling Software Security Analysis to Satellites: Automated Fuzz Testing and Its Unique Challenges
IEEE Aerospace Conference, 2024, February 5th, Big Sky, Montana, USA
Satellite Cybersecurity Reconnaissance: Strategies and their Real-world Evaluation
IEEE Aerospace Conference, 2024, February 4th, Big Sky, Montana, USA
2023
Cosmic Conquest: Analyzing the Security of Low Earth Orbit Satellites
Software Defined Space Conference, November 1st, Johannes Willbold, Tallinn, Estonia
Interstellar Intruders: Hijacking Satellites through Firmware Vulnerabilities
TTI/Vanguard: Networks and Communications, September 15th, Johannes Willbold, Westminster, CO, USA
Houston, We Have a Problem: Analyzing the Security of Low Earth Orbit Satellites
BlackHat USA, August 10th, Johannes Willbold, Las Vegas, USA
Zero Gravity Exploits: Reverse Engineering and Fuzzing Low-Earth Orbit Satellites
TyphoonCon June 15th, Johannes Willbold & Tobias Scharnowski, Seoul, South Korea
Cracking the Final Frontier: Reverse Engineering and Exploiting Low-Earth Orbit Satellites
REcon, June 9th, Johannes Willbold, Montreal, Canada
IEEE S&P’23: Space Odyssey: An Experimental Security Analysis of Satellites
44th IEEE S&P, May 22nd, Johannes Willbold, San Fransisco, CA, USA
- Distinguished Paper Award
- Teaser Video: MP4, Subtitles (SRT)
- Teaser Slides: PDF, HTML
- Slides: PDF, HTML
CYSAT’23: Space Invaders: An Experimental Security Analysis of LEO Satellites
CySat 2023, 26th April 2023, Johannes Willbold, Paris, France
SpaceSec’23: Highlights of the NDSS Co-located Events
Network and Distributed System Security (NDSS) Symposium, 2023, San Diego, California, US
2022
ESA Workshop: Small Satellite SW Image Vulnerability Analysis
ESA - ESTEC, 2022, Johannes Willbold & Ali Abbasi, Noordwijk, Netherlands
CYSAT ‘22 : Keynote “Academic projects related to on board security for smallsats”
CySat 2022, April 2022, Johannes Willbold, Paris, France
Before 2022
Analysis and Deobuscation of Google’s BotGuard
Google, 2018, Zurich, Switzerland
Professional Activities
- IEEE SA - P3349 - Space System Cybersecurity Working Group, Integration Layer, Subgroup Chair
- 2nd Workshop on the Security of Space and Satellite Systems (spacesec.info), General Chair
- CfP: https://spacesec.info/
- 1st Workshop on the Security of Space and Satellite Systems (SpaceSec) @ NDSS 2023, Co-Chair
Media Coverage
- WIRED: Satellites Are Rife With Basic Security Flaws (EN)
- IEEE Spectrum: Satellite Signal Jamming Reaches New Lows (EN)
- CyberScoop: Hackers prepare to take on a satellite at DEF CON (EN)
- Dark Reading: How Hackers Can Hijack a Satellite (EN)
- Deutschlandfunk Nova: Satelliten-Security (DE)
- c’t - magazin für computertechnik: Scheunentore im Orbit (DE)
- Newszs.de: “Jeder Paradigmenwechsel bringt Sicherheitsprobleme mit sich”: Studie zur Sicherheit von Satelliten (DE)
- Homeland Security News Wire: Satellite Security Lags Decades Behind the State of the Art (EN)
- Intelligent CIO: Researchers find satellite security lags decades behind the state of the art (EN)
- VERVE Times: ScienceDaily: State-of-the-Art Satellite Security Outpaces Decades-old Standards (EN)
- HELP NET SECURITY: Satellites lack standard security mechanisms found in mobile phones and laptops (EN)
- The U.S. Sun: RED ALERT Urgent warning issued over ‘satellite hackers’ who could cause devastating ‘space crashes’ after flaws discovered (EN)
- Internewscast Journal: Flaws Discovered: Urgent Warning of ‘Satellite Hackers’ Capable of Catastrophic ‘Space Crashes’ (EN)
- Raumfahrer.net: RUB: Satelliten-Sicherheit hinkt Stand der Technik Jahrzehnte hinterher (DE)
- Softonic: Vulnerable in Space: How Satellites Are Attracting Cyber Attacks (EN)
Podcasts
- ITSPmagazine Podcast Network: Houston, We Have a Problem: Analyzing the Security of Low Earth Orbit Satellites w/Johannes Willbold (EN)
- Malicious Life: How to Hack Into Satellites
Theses
Master Thesis
Efficient Fuzzing of VM-Obfuscated Code
21 Oct 2020
Supervisors: Prof. Dr. Thorsten Holz, M.Sc. Moritz Contag
Bachelor Thesis
Analysis and Deobuscation of Google’s BotGuard
24 Sep 2018
Supervisor: Prof. Dr. Thorsten Holz, Dr. Tim Blazytko