Biography
Johannes Willbold is Co-Founder of Variant Security spearheading the development of a new generation of compiler-native proactive vulnerability remediation and exploit mitigation technology. His work builds on years of hands-on research into real-world security failures in space and satellite software.
Johannes conducted his doctoral research at Ruhr University Bochum (Germany), focusing on the security of space and satellite systems. His work on onboard satellite software has been published twice at the highest-ranking cybersecurity venue IEEE S&P, including a Distinguished Paper Award for his research on flight software security. In 2022, he was a visiting researcher at the Cyber-Defence Campus at Swiss Federal Office of Defence Procurement, investigating the security of VSAT systems. He founded and organized the annual SpaceSec Workshop, the first academic venue dedicated to space and satellite systems security, co-located with top-tier cybersecurity conference NDSS.
He was a finalist in the Hack-A-Sat 2 and 4 competitions and regularly spoke on space and satellite software security, including at Black Hat USA, DEF CON, REcon, TyphoonCon, CySat, and TTI/Vanguard. He has also presented his work at the European Space Agency (ESA) and NASA’s Jet Propulsion Laboratory (JPL). Johannes also served as subgroup chair for the Integration Layer in the IEEE P3349 Space System Cybersecurity Working Group, where he led the efforts incorporate cybersecurity requirements across space mission segments.
Selected Publications
Refer to my Google Scholar for a full list of publications.
2025
Space RadSim: Binary-Agnostic Fault Injection to Evaluate Cosmic Radiation Impact on Exploit Mitigation Techniques in Space
Johannes Willbold, Tobias Cloosters, Simon Wörner, Felix Buchmann, Moritz Schloegel, Lucas Davi, and Thorsten Holz
46th IEEE Symposium on Security and Privacy (S&P) \
2024
VSAsTer: Uncovering Inherent Security Issues in Current VSAT System Practices
Johannes Willbold, Moritz Schloegel, Robin Bisping, Martin Strohmeier, Thorsten Holz, Vincent Lenders
17th ACM Conference on Security and Privacy in Wireless and Mobile Networks
Wireless Signal Injection Attacks on VSAT Satellite Modems
Robin Bisping, Johannes Willbold, Martin Strohmeier, Vincent Lenders
33rd USENIX Security Symposium (USENIX Security 24)
Satellite Cybersecurity Reconnaissance: Strategies and their Real-world Evaluation
Johannes Willbold, Franklyn Sciberras, Martin Strohmeier, Vincent Lenders
45th IEEE Aerospace Conference
Scaling Software Security Analysis to Satellites: Automated Fuzz Testing and Its Unique Challenges
Johannes Willbold, Moritz Schloegel, Florian Göhler, Tobias Scharnowski, Nils Bars, Simon Wörner, Nico Schiller, Thorsten Holz
45th IEEE Aerospace Conference
2023
Space Odyssey: An Experimental Software Security Analysis of Satellites
Johannes Willbold, Moritz Schloegel, Manuel Vögele, Maximilian Gerhardt, Thorsten Holz, and Ali Abbasi
44th IEEE Symposium on Security and Privacy (S&P)
Distinguished Paper Award
2022
SGXFuzz: Efficiently Synthesizing Nested Structures for SGX Enclave Fuzzing
Tobias Cloosters, Johannes Willbold, Thorsten Holz, and Lucas Davi
31st USENIX Security Symposium (USENIX Security 22)
Talks
2025
Space RadSim: Binary-Agnostic Fault Injection to Evaluate Cosmic Radiation Impact on Exploit Mitigation Techniques in Space
46th IEEE Security & Privacy, May 12th, Johannes Willbold, San Francisco, CA, USA
- Slides: PDF
2024
Breaking the Beam: Exploiting VSAT Modems from Earth
DEF CON 32, 2024, August 10th, Vincent Lenders, Johannes Willbold, Robin Bisping
- Presentation: YouTube
Beyond the horizon: a security analysis of two VSAT systems
CYSAT 2024, 2024, April 24th, Johannes Willbold, Paris, France \
- Presentation: YouTube
Orbital Security: Results of an Academic Work on New Space Satellite Security
Vytah Space Business Conference, 2024, April 11th, Johannes Willbold, Bratislava, Slovakia
Scaling Software Security Analysis to Satellites: Automated Fuzz Testing and Its Unique Challenges
IEEE Aerospace Conference, 2024, February 5th, Big Sky, Montana, USA
Satellite Cybersecurity Reconnaissance: Strategies and their Real-world Evaluation
IEEE Aerospace Conference, 2024, February 4th, Big Sky, Montana, USA
2023
Cosmic Conquest: Analyzing the Security of Low Earth Orbit Satellites
Software Defined Space Conference, November 1st, Johannes Willbold, Tallinn, Estonia
Interstellar Intruders: Hijacking Satellites through Firmware Vulnerabilities
TTI/Vanguard: Networks and Communications, September 15th, Johannes Willbold, Westminster, CO, USA
Houston, We Have a Problem: Analyzing the Security of Low Earth Orbit Satellites
BlackHat USA, August 10th, Johannes Willbold, Las Vegas, USA
Zero Gravity Exploits: Reverse Engineering and Fuzzing Low-Earth Orbit Satellites
TyphoonCon June 15th, Johannes Willbold & Tobias Scharnowski, Seoul, South Korea
Cracking the Final Frontier: Reverse Engineering and Exploiting Low-Earth Orbit Satellites
REcon, June 9th, Johannes Willbold, Montreal, Canada
IEEE S&P’23: Space Odyssey: An Experimental Security Analysis of Satellites
44th IEEE S&P, May 22nd, Johannes Willbold, San Francisco, CA, USA
- Distinguished Paper Award
- Teaser Video: MP4, Subtitles (SRT)
- Teaser Slides: PDF, HTML
- Slides: PDF, HTML
CYSAT’23: Space Invaders: An Experimental Security Analysis of LEO Satellites
CySat 2023, 26th April 2023, Johannes Willbold, Paris, France
SpaceSec’23: Highlights of the NDSS Co-located Events
Network and Distributed System Security (NDSS) Symposium, 2023, San Diego, California, US
2022
ESA Workshop: Small Satellite SW Image Vulnerability Analysis
ESA - ESTEC, 2022, Johannes Willbold & Ali Abbasi, Noordwijk, Netherlands
CYSAT ‘22 : Keynote “Academic projects related to on board security for smallsats”
CySat 2022, April 2022, Johannes Willbold, Paris, France
Before 2022
Analysis and Deobuscation of Google’s BotGuard
Google, 2018, Zurich, Switzerland
Professional Activities
- IEEE SA - P3349 - Space System Cybersecurity Working Group, Integration Layer, Subgroup Chair
- 2nd Workshop on the Security of Space and Satellite Systems (spacesec.info), General Chair
- CfP: https://spacesec.info/
- 1st Workshop on the Security of Space and Satellite Systems (SpaceSec) @ NDSS 2023, Co-Chair
Media Coverage
- WIRED: Satellites Are Rife With Basic Security Flaws (EN)
- IEEE Spectrum: Satellite Signal Jamming Reaches New Lows (EN)
- CyberScoop: Hackers prepare to take on a satellite at DEF CON (EN)
- Dark Reading: How Hackers Can Hijack a Satellite (EN)
- Deutschlandfunk Nova: Satelliten-Security (DE)
- c’t - magazin für computertechnik: Scheunentore im Orbit (DE)
- Newszs.de: “Jeder Paradigmenwechsel bringt Sicherheitsprobleme mit sich”: Studie zur Sicherheit von Satelliten (DE)
- Homeland Security News Wire: Satellite Security Lags Decades Behind the State of the Art (EN)
- Intelligent CIO: Researchers find satellite security lags decades behind the state of the art (EN)
- VERVE Times: ScienceDaily: State-of-the-Art Satellite Security Outpaces Decades-old Standards (EN)
- HELP NET SECURITY: Satellites lack standard security mechanisms found in mobile phones and laptops (EN)
- The U.S. Sun: RED ALERT Urgent warning issued over ‘satellite hackers’ who could cause devastating ‘space crashes’ after flaws discovered (EN)
- Internewscast Journal: Flaws Discovered: Urgent Warning of ‘Satellite Hackers’ Capable of Catastrophic ‘Space Crashes’ (EN)
- Raumfahrer.net: RUB: Satelliten-Sicherheit hinkt Stand der Technik Jahrzehnte hinterher (DE)
- Softonic: Vulnerable in Space: How Satellites Are Attracting Cyber Attacks (EN)
Podcasts
- Cybercrime Magazine: Security Of Space & Satellite Systems
- ITSPmagazine Podcast Network: Houston, We Have a Problem: Analyzing the Security of Low Earth Orbit Satellites w/Johannes Willbold (EN)
- Malicious Life: How to Hack Into Satellites
Theses
Master Thesis
Efficient Fuzzing of VM-Obfuscated Code
21 Oct 2020
Supervisors: Prof. Dr. Thorsten Holz, M.Sc. Moritz Contag
Bachelor Thesis
Analysis and Deobuscation of Google’s BotGuard
24 Sep 2018
Supervisor: Prof. Dr. Thorsten Holz, Dr. Tim Blazytko
