Starlink hardware has been hacked

Don't worry, the satellites are safe.

By Casey Tonkin on Aug 16 2022 10:06 AM

A security researcher found a way to hack a Starlink satellite dish. Image: Shutterstock

Security researchers have found a novel way of hacking a SpaceX Starlink terminal and gaining full access to the local network, raising concerns about the need to properly maintain and secure distributed infrastructure.

In a presentation at last week’s Black Hat conference in Las Vegas, Lennert Wouters demonstrated a way to bypass the in-built hardware security measures of the user terminals, small satellite dishes people use to connect with Starlink satellites.

The hack, which Wouters responsibly disclosed to SpaceX before going public, shows how a dedicated adversary could find and exploit a highly technical and previously unnoticed security flaw, finding a foothold in the satellite internet network, and causing major disruptions.

“As an attacker, let’s say you wanted to attack the satellite itself,” Wouters said via Wired.

“You could try to build your own system that allows you to talk to the satellite, but that’s quite difficult.

“So, if you want to attack the satellites, you would like to go through the user terminal as that likely makes your life easier.”

Starlink launched in Australia last year, offering high speed broadband connections via a constellation of satellites in low-Earth orbit.

Starlink customers install small satellite dishes on their homes, properties, or vans if they work nomadically, which communicate via satellite to ground stations around the world that provides high-speed, low-latency internet connections.

Wouters, intent on finding a way to bypass Starlink’s user controls, cracked open one of these satellite dishes using a heat gun and screwdriver and began poking around.

What he discovered was a small fault injection vulnerability in the boot cycle on the dish’s system-on-a-chip.

^{The chip Wouters designed to glitch a Starlink user terminal into giving him access controls. Image: COSIC/GitHub}

By sending a specific signal directly to the chip, Wouters was able to glitch the chip’s ROM bootloader – which is hardcoded into the dish and thus can’t be remotely patched – and force the device to install custom firmware giving him full access controls.

Early lab tests were clunky so he custom-made a circuit board that could be installed directly onto any Starlink user terminal to gain unfettered local network access.

He has put the plans for those circuit boards on GitHub for anyone to print their own.

Starlink has released a firmware update making it more difficult to perform the glitch.

Wouters is known for elaborate ways of taking over high-profile consumer tech. Back in 2020, he demonstrated a way to steal a Tesla Model X by hijacking its key fob information.

The Starlink attack isn’t easy to perform. As Starlink noted in its response to the hack, you would need physical access to the dish to install Wouters’s modification chip in the first place.

“We find the attack to be technically impressive, and is the first attack of its kind that we are aware of in our system,” Starlink said.

“We believe that our defence-in-depth approach to security limits the overall impact of this issue to our network and users.”

Starlink added that its user terminals are treated as “inherently untrusted” in its network, and that they are only given the bare minimum capacity on the broader Starlink network – meaning there was little to worry about for everyday customers.

In his presentation last week, Wouters cited the Russian attacks on the Viasat internet service in the early days of the war in Ukraine as reasons for stress-testing consumer grade satellite internet systems – even if this specific attack is difficult to pull off.

“I think it’s important to assess how secure these systems are because they are critical infrastructure,” Wouters said.

“I don’t think it's very far-fetched that certain people would try to do this type of attack because it is quite easy to get access to a dish like this.”

Casey Tonkin

A lifelong technophile and science fiction geek, Casey joined Information Age in 2019. With interests in AI, space travel, and post-humanism, Casey is always on the hunt for the overlap of science-fact and science-fiction.