Small satellites are integral to scientific, commercial, and defense missions, but reliance on commercial off-the-shelf (COTS) hardware broadens their attack surface. Although supply chain threats are well studied in other cyber-physical domains, their feasibility and stealth in space systems remain largely unexplored. Prior work has focused on flight software, which benefits from strict security practices and oversight. In contrast, auxiliary COTS components often lack robust assurance yet enjoy comparable access to critical on-board resources, including telemetry, system calls, and the software bus. Despite this privileged access, the insider threat within COTS hardware supply chains has received little attention. In this work, we present SpyChain, the first end-to-end design and implementation of independent and colluding hardware supply chain threats targeting small satellites. Using NASA's satellite simulation (NOS3), we demonstrate that SpyChain can evade testing, exfiltrate telemetry, disrupt operations, and launch Denial of Service (DoS) attacks through covert channels that bypass ground monitoring. Our study traces an escalation from a simple solo component to dynamic, coordinating malware, introducing a taxonomy of stealth across five scenarios. We showcase how implicit trust in auxiliary components enables covert persistence and reveal novel attack vectors, highlighting a new multi-component execution technique that is now incorporated into the SPARTA matrix. Our findings are reinforced by acknowledgment and affirmation from NASA's NOS3 team. Finally, we implement lightweight onboard defenses, including runtime monitoring, to mitigate threats like SpyChain.

翻译：小型卫星是科学、商业和国防任务不可或缺的组成部分，但对商用现货（COTS）硬件的依赖扩大了其攻击面。尽管供应链威胁在其他网络物理领域已得到充分研究，但其在空间系统中的可行性与隐蔽性在很大程度上仍未得到探索。先前的研究主要集中于飞行软件，这类软件受益于严格的安全实践与监管。相比之下，辅助性COTS组件通常缺乏稳健的保障措施，却享有对关键星载资源（包括遥测数据、系统调用和软件总线）的同等访问权限。尽管拥有这种特权访问权限，COTS硬件供应链内部的内部威胁却很少受到关注。在本研究中，我们提出了SpyChain，这是首个针对小型卫星的独立及共谋硬件供应链威胁的端到端设计与实现。利用美国国家航空航天局（NASA）的卫星仿真环境（NOS3），我们证明了SpyChain能够规避测试、窃取遥测数据、干扰运行，并通过绕过地面监控的隐蔽信道发起拒绝服务（DoS）攻击。我们的研究追踪了从单一独立组件到动态协同恶意软件的威胁升级过程，并针对五种场景提出了隐蔽性分类体系。我们展示了辅助组件中隐含的信任如何实现隐蔽持久化，并揭示了新的攻击向量，重点介绍了一种现已纳入SPARTA矩阵的新型多组件执行技术。我们的发现得到了NASA NOS3团队的认可与证实。最后，我们实现了轻量级星载防御机制，包括运行时监控，以缓解SpyChain等威胁。