A security researcher has discovered a method for hacking into Starlink's user terminals, the satellite dishes that sit on top of buildings and homes.
If you're not familiar, Starlink is a satellite internet constellation operated by Elon Musk's SpaceX that provides internet access to remote locations anywhere on Earth. There are currently more than 3,000 small satellites in orbit, and the company has plans to add thousands more as the industry continues to grow. Starlink has recently proved to be extremely useful for those in Ukraine who are fighting off Russian warfare.
Lennert Wouters, a security researcher at the Belgian university KU Leuven, has revealed one of the first security breakdowns in the satellite dishes, according to a report from WIRED. Wouters demonstrated his proof of concept research this week at the Black Hat information security conference in Las Vegas.
Wouters learned that he could access the satellite dish's software after physically stripping the dish down and attaching a custom hacking tool. The tool is a circuit board known as a modchip and it uses parts that one can easily purchase for a total cost of around $25.
Once attached, the circuit board can launch a fault injection attack, which shuts down the system for a short period and allows the user to bypass Starlink's security protections and access previously locked parts of the system.
Wouters explains some of his thought process:
"As an attacker, let's say you wanted to attack the satellite itself. You could try to build your own system that allows you to talk to the satellite, but that's quite difficult. So if you want to attack the satellites, you would like to go through the user terminal as that likely makes your life easier."
WIRED reports that Wouters notified Starlink of the vulnerability last year and that he was paid through the company's bug bounty program. SpaceX issued an update following his disclosure that made the attack more difficult, but all Wouters had to do was change the modchip and the attack was still effective.
Unfortunately for Starlink, the underlying problem can't be fixed unless the company puts out a new version of the main chip. Wouters says all existing terminals are vulnerable.
Wouters also said he would make the hacking tool open source on GitHub. Starlink has said it will be releasing a "public update" after the security researcher's Black Hat presentation.
See the original story from WIRED for more detailed information on how Wouters was able to successfully hack into Starlink satellites.