SpyChain: Multi-Vector Supply Chain Attacks on Small Satellite Systems

Small satellites rely heavily on commercial off-the-shelf components, expanding the attack surface beyond flight software into auxiliary hardware and software supply chains. SpyChain studies independent and colluding supply-chain threats against small satellite systems using NASA’s NOS3 simulation framework, showing how malicious components can evade testing, exfiltrate telemetry, disrupt operations, and coordinate through covert channels. The work also introduces lightweight onboard defenses, including runtime monitoring, to mitigate these threats.