A Belgian security researcher has successfully hacked the SpaceX operated Starlink satellite-based internet system using a homemade circuit board that cost around $25 to develop, he revealed at Black Hat.<\/p>\n
Lennert Wouters revealed a voltage fault injection attack on a Starlink User Terminal (UT)\u2014or satellite dish people use to access the system \u2013 that allowed him to break into the dish and explore the Starlink network from there, he revealed in a presentation called \u201cGlitched on Earth by Humans\u201d at the annual ethical hacker conference this week.<\/p>\n
Wouters physically stripped down a satellite dish he purchased and created the custom board, or modchip, that can be attached to the Starlink dish, according to\u00a0a report on Wired<\/a>\u00a0about his presentation on Wednesday.<\/p>\n He developed the tool using low-cost, off-the-shelf parts and was able to use it to obtain root access by glitching the Starlink UT security operations center bootrom, according\u00a0to a tweet<\/a>\u00a0previewing the presentation that he said was sent through a rooted Starlink UT.<\/p>\n To design the modchip, Wouters scanned the Starlink dish and created the design to fit over the existing Starlink board. He soldered the modchip\u2014comprised of a\u00a0Raspberry Pi microcontroller<\/a>, flash storage, electronic switches and a voltage regulator\u2013to the existing Starlink PCB and connected it using a few wires, according to the report.<\/p>\n \u2018Unfixable Compromise\u2019<\/strong><\/p>\n Once attached to the Starlink dish, the tool launched a fault injection attack to temporarily short the system, which allowed for bypass of Starlink\u2019s security protections so Wouters could break into locked parts of the system.<\/p>\n Wouters\u2019 attack runs the glitch against the first bootloader\u2013the ROM bootloader that\u2019s burned onto the system-on-chip and can\u2019t be updated. He then deployed patched firmware on later bootloaders, which gave him control of the dish, according to the report.<\/p>\n Wouters first performed the attack in a lab before implementing the modchip on the dish itself, he revealed in a\u00a0write-up about his presentation<\/a>\u00a0published on the conference\u2019s website.<\/p>\n \u201cOur attack results in an unfixable compromise of the Starlink UT and allows us to execute arbitrary code,\u201d Wouters wrote. \u201cThe ability to obtain root access on the Starlink UT is a prerequisite to freely explore the Starlink network.\u201d<\/p>\n Wouters was able to explore the Starlink network and its communication links once he gained access to the system, adding that other researchers can potentially build on the work to further explore the Starlink ecosystem.<\/p>\n Wouters\u00a0revealed the vulnerability<\/a>\u00a0to SpaceX in a responsible way through its bug bounty program before publicly presenting on the issue.<\/p>\n Implications for Starlink<\/strong><\/p>\n Starlink is SpaceX\u2019s low Earth orbit satellite constellation, an ambitious project that aims to provide satellite internet coverage to the whole world. Some 3,000 small satellites launched since 2018 already are providing internet to places that can\u2019t be reached by terrestrial networks. Other companies\u2014including Boeing, Amazon and Telesat\u2014also have launched their own satellite constellations to provide internet from space.<\/p>\n Starlink\u2019s UT is one of three core components of the Starlink system; the other two are the satellites that move about 340 miles above the Earth\u2019s surface to beam down internet connections, and gateways that transmit connections up to the satellites. The UTs also communicate with satellites to provide internet on Earth.<\/p>\n As is typically the case with any technology, the increase in use and deployment of Starlink and other satellite constellations also means that threat actors have a greater interest in finding their security holes to attack them.<\/p>\n Indeed, Russia saw an advantage\u00a0in taking out a satellite<\/a>\u00a0providing internet communications across Europe by attacking its technology on the ground as Russian troops entered Ukraine on Feb. 24. The move successfully disrupted communications on the ground in Ukraine at a crucial time in the invasion, while also affecting other parts of Europe. It even had a ripple effect and\u00a0jammed airplane navigation systems<\/a>\u00a0and other critical infrastructure.<\/p>\n Knowing the critical nature of its security, SpaceX already has responded to Wouters\u2019 presentation with\u00a0a six-page paper<\/a>\u00a0published online inviting security researchers to \u201cbring on the bugs\u201d to help the company better protect the Starlink system as well as offering a detailed explanation of how it protects Starlink.<\/p>\n The paper also congratulates Wouters\u2019 research, calling it \u201ctechnically impressive\u201d before poking a series of holes in it and assuring that Starlink\u2019s \u201cdefense-in-depth approach to security limits the overall impact of this issue to our network and users.\u201d<\/p>\n<\/div>\n