Search This Blog

Researcher Uses $25 Custom ModChip to Hack Starlink

The news was revealed at the Black Hat event. Lennert Wouters successfully breached the Starlink (SpaceX operated) satellite-based internet system.


Researcher hacks SpaceX

A Belgian Cybersecurity Expert successfully deployed a false injection on a user terminal for a satellite-based internet system, SpaceX. 

The news was revealed at the Black Hat event. Lennert Wouters successfully breached the Starlink (SpaceX-operated) satellite-based internet system using a homemade circuit that costs only $25. 

"The ability to obtain root access on the Starlink UT is a prerequisite to freely explore the Starlink network. This presentation will cover an initial exploration of the Starlink network and provides some details on the communication links" said Black Hat.

How did the Attack Happen?

•To launch the hack, a voltage fault injection attack was done on a Starlink User Terminal (UT) or a satellite dish that users use for accessing the system. 

•Lennert physically brought down a satellite dish he bought and made a custom board that was attached to the Starlink dish. 

•It let Lennert access the dish and explore the Starlink network from there, he revealed in a presentation, "Glitched on Earth by Humans" during the annual ethical hacker conference. 

The researcher used low-cost techniques 

The expert made a tool using economic, off-the-shelf parts and used it to get root access via glitching the Starlink UT security operations center bottom. 

•To make the modchip, Lennert scanned the Starlink dish and made the chip fit over the Starlink board (existing). 

•After soldering the modchip, which includes flash storage, voltage regulator, electronic switches, and Raspberry Pi microcontroller, with the existing Starlink PCB and connected it with a few wires. 

How does the attack work?

After it's attached to the Starlink dish, the tool performs a fault injection attack to fuse the system temporarily for evading security protections and breaking into locked parts of the system. 

•The attack runs the glitch against the first bootloader, the ROM bootloader crashes onto the system and can't be updated. After that, he installed fixed firmware on later bootloaders to handle the dish. 

•The attack left an unfixable exploit of the Starlink UT and lets deployment of arbitrary code. The chance to get root access on the Starlink UT is needed to find the Starlink network openly. 


Our attack results in an unfixable compromise of the Starlink UT and allows us to execute arbitrary code.”  According to him, Starlink will remain vulnerable to attacks unless SpaceX develops a new model of the terminal’s main chip, said Wouters. 

SpaceX has already replied to Lennert's presentation with a six-page paper posted online. Besides this, the rise in the use and installation of Starlink and other satellite constellations has brought the attention of hackers and also experts in finding security loopholes that compromise such systems. 







Share it:

Satellite Bug

SpaceX

Starlink

Vulnerabilities and Exploits