Security researcher was able to hack the Starlink terminal: what the company says

Lennert Vowers, a security researcher at the Belgian research university KU Leuven, was able to hack into a custom Starlink terminal. To do this, he needed a chip, which he collected for 2 25, writes Wired. DOU explains exactly what vulnerabilities Wouters found and what Starlink says about it.

The Starlink system consists of three main parts: low-orbit satellites, ground stations, and custom terminals similar to home satellite dishes. Wouters ' research focuses specifically on the latter component.

Since the company started selling custom terminals, they have been repeatedly researched from the inside: they demonstrated components, operating principles, and discussed technical characteristics.

Wouters, who previously created hardware that can unlock Tesla in 90 Seconds, focused on the security of terminals and chips.

To gain access to the Starlink software, Wouters physically disassembled the purchased terminal. He removed the lid and studied what was inside. This allowed him to understand how the system starts and download the firmware.

The researcher also created a special hacking tool — a chip-that can be attached to a satellite installation. Details for this development cost Wouters 2 25. the modchip consists of a Raspberry Pi microcontroller, a flash storage, electronic switches and a voltage regulator.

"As an attacker, let's say you want to attack the satellite itself. You can try to create your own system that will allow you to "communicate" with it, but this is quite difficult. So if you want to attack satellites, it's best to do it through the user's terminal, because it's easier," says Wouters.

The researcher soldered the developed chip to an existing Starlink PCB and connected it using several cables.

When Starlink is enabled, it is loaded in several steps. The researcher's attack causes a glitch in the first bootloader ROM, and then Wouters releases a modified firmware that allows him to gain control of the Starlink terminal. Basically, the attack disables the disconnecting capacitors, causes a failure to bypass the defenses, and then turns on these capacitors.

On the original board, Starlink engineers wrote "Made on Earth by humans". And Wouters on his modchip indicated: "Glitched on Earth by humans."

However, the researcher noted that the terminals were created by capable people. To achieve his goal, he conducted more than one stage of testing and inspections.

A security researcher's development cannot disable satellite systems or connections. However, Wouters says it can be used to learn more about how the Starlink network works, including exploring internal servers.

Despite the fact that Vowers wants to post details of the development of the modchip on Github, he does not plan to sell ready-made modchips, nor does he provide people with modified terminal software or exact details of the attack.

As more satellites are launched, more attention will be paid to their safety. In addition to providing homes with internet connectivity, systems can also play an important role in critical infrastructure.

Attackers have already shown that satellite internet systems are often the target. When Russian troops invaded Ukraine, military hackers probably attacked Via-Sat, deploying malware that blocked routers and disabled them. About 30 thousand internet connections in Europe were interrupted, there were failures in the operation of more than 5 thousand wind turbines.

The researcher informed Starlink about the flaws last year, and the company released an update to fix the vulnerabilities (at the same time, Wouters received a reward for the discovered flaws). However, the researcher updated the modchip. He says that to ensure that existing user terminals are not vulnerable, the company should create a new version of its main chip.

On August 10, the company released a six-page PDF explaining how it protects its systems. Starlink representatives repeat that the attack requires physical access to the user's terminal, and that the Wouters hacker attack allows you to affect only one specific device.

"We find the attack technically impressive, and this is the first attack of its kind that we know of. We expect attackers with invasive physical access to be able to perform malicious actions on behalf of a single Starlink suite using its identification data. Therefore, we rely on the principle of "least privilege" to limit the consequences in the broader system," the document says.

Also noted: regular users don't need to worry about this attack affecting them.