A Belgian security researcher successfully hacked Elon Musk’s Starlink satellite dishes with the help of a homemade circuit board that cost about $25 to create, according to various media reports.
Lennert Wouters gave a presentation titled “Glitched on Earth by humans” at the annual Black Hat Security Conference on August 10, where he described the vulnerabilities that enabled him to break into Starlink satellite terminals and write his custom code.
“The widespread availability of Starlink User Terminals (UT) exposes them to hardware hackers and opens the door for an attacker to freely explore the network,” Wouters said in a press release.
During the Conference, he demonstrated a modchip, also known as a homemade circuit board, to attendees, according to Wired. The modchip would directly connect to a Starlink dish and was built using components that could easily be purchased off-the-shelf for about $25.
Wouters first analyzed the Starlink dish to develop a layout for the modchip that would fit over the existing Starlink board. He connected the modchip, which included a Raspberry Pi microcontroller, flash storage, electronic switches, and a voltage regulator, to the existing Starlink printed circuit board (PCB) and wired it together.
According to Wouters, the tool would give hackers control over the entire network and previously inaccessible system areas by enabling them to run code on Starlink devices. The researcher has made his modchip’s design publicly accessible on GitHub.
“Our attack results in an unfixable compromise of the Starlink [user terminal] and allows us to execute arbitrary code. “The ability to obtain root access on the Starlink [user terminal] is a prerequisite to freely explore the Starlink network,” he said.
Wouters carried out the hack as a part of a program run by SpaceX that rewards researchers for spotting flaws in the Starlink service. On August 10, SpaceX praised Wouters for the discovery and announced that it had released a software update.
We are hiring! If you are a badass engineer and love space, please checkouthttps://t.co/Z6ha1EtgYE
— Christopher Stanley (@cstanley) August 11, 2022
However, Wouters told Wired that until SpaceX develops a new model of the terminal’s main chip, Starlink will continue to be vulnerable to hacking.
Wouters explained that he didn’t divulge his knowledge to aid in hacking Starlink satellite dishes. Instead, he anticipates that it will assist the private space company in enhancing cybersecurity for its clients.
Consequences For Starlink
The ambitious project Starlink, a constellation of low Earth orbit satellites, aims to bring satellite internet access to every country in the world. Since 2018, more than 3,000 small satellites have already been placed to bring internet access to remote locations.
Customers who wish to use the satellite internet service must spend over $100 per month and more than $500 for the hardware necessary to install the 19-inch wide “Dishy” satellite dish.
The company currently has over 400,000 subscribers all over the world. The Federal Communications Commission also permitted the company to beam its service to moving cars, boats, and airplanes.
It is important to note that Starlink and other similar satellite constellations are being used more frequently, so threat actors are more highly motivated to find security flaws and launch attacks on them.
As Russian troops entered Ukraine on February 24, Russia decided it would be advantageous to disrupt a satellite that provided internet communications throughout Europe by attacking its technology on the ground.
At a critical juncture in the invasion, the action successfully interfered with communications in Ukraine while also impacting other parts of Europe. It even caused a ripple effect, jamming critical infrastructure such as airplane navigation systems.
A Starlink hack could quickly turn into a global security issue. After Russia allegedly breached Ukraine’s previous satellite provider, Kyiv’s military started utilizing Starlink terminals earlier this year. The US Air Force also announced on August 4 that Starlink would be used to support its operations in Europe and Africa.
Paul Szymanski, a space warfare expert who has worked closely with multiple services (Air Force, Army, Navy, Marines) and civilian organizations (NASA, DARPA, FEMA), was contacted by EurAsian Times to learn whether US adversaries could compromise Starlink satellites.
“As far as I know, this Starlink hack required physical attachment to a Starlink receiver antenna. Most security systems can be hacked if the adversary has physical access to actual equipment. So he [Lennert Wouters] hacked one terminal, not thousands – so what? If it were considered easy, Russia would have already hacked all Starlink terminals used by Ukrainians,” Szymanski said.
He added, “Many say that the tens of thousands of Starlink satellites make it relatively immune. Due to human ingenuity, there is always a way.
It seems that if Starlink satellites can maneuver away from each other automatically, then a hacker can change the algorithm in all satellites to insert a negative sign, so when a Starlink satellite attempts to maneuver away, it will move closer and crash the entire network.“
Meanwhile, SpaceX has released a six-page online paper inviting security researchers to “bring on the bugs” and thoroughly explaining how it protects the Starlink system.