Professional software hacker demonstrates how to hack Starlink terminals
A professional software hacker not only recently succeeded in hacking the terminals SpaceX sells customers to use its Starlink satellite internet service, he first got a bounty from SpaceX for doing so, then made his technique freely available on the web for everyone else.
[Lennert] Wouters is now making his hacking tool open source on GitHub, including some of the details needed to launch the attack. “As an attacker, let’s say you wanted to attack the satellite itself,” Wouters explains, “You could try to build your own system that allows you to talk to the satellite, but that’s quite difficult. So if you want to attack the satellites, you would like to go through the user terminal as that likely makes your life easier.”
The researcher notified Starlink of the flaws last year and the company paid Wouters through its bug bounty scheme for identifying the vulnerabilities. Wouters says that while SpaceX has issued an update to make the attack harder (he changed the modchip in response), the underlying issue can’t be fixed unless the company creates a new version of the main chip. All existing user terminals are vulnerable, Wouters says.
Starlink says it plans to release a “public update” following Wouters’ presentation at Black Hat this afternoon, but declined to share any details about that update with WIRED prior to publication.
Wouters is a researcher at the Belgian university KU Leuven.
While it can certainly help SpaceX to figure this out, by publishing the hack to the world Wouters looks like a blackmailer unsatisfied with his payoff who is now following through with his blackmail threat. One also wonders why SpaceX, as part of its bounty payment, did not require Wouters to sign a non-disclosure agreement.
Readers!
Please consider supporting my work here at Behind the Black. Your support allows me the freedom and ability to analyze objectively the ongoing renaissance in space, as well as the cultural changes -- for good or ill -- that are happening across America. Fourteen years ago I wrote that SLS and Orion were a bad ideas, a waste of money, would be years behind schedule, and better replaced by commercial private enterprise. Only now does it appear that Washington might finally recognize this reality.
In 2020 when the world panicked over COVID I wrote that the panic was unnecessary, that the virus was apparently simply a variation of the flu, that masks were not simply pointless but if worn incorrectly were a health threat, that the lockdowns were a disaster and did nothing to stop the spread of COVID. Only in the past year have some of our so-called experts in the health field have begun to recognize these facts.
Your help allows me to do this kind of intelligent analysis. I take no advertising or sponsors, so my reporting isn't influenced by donations by established space or drug companies. Instead, I rely entirely on donations and subscriptions from my readers, which gives me the freedom to write what I think, unencumbered by outside influences.
You can support me either by giving a one-time contribution or a regular subscription. There are four ways of doing so:
1. Zelle: This is the only internet method that charges no fees. All you have to do is use the Zelle link at your internet bank and give my name and email address (zimmerman at nasw dot org). What you donate is what I get.
2. Patreon: Go to my website there and pick one of five monthly subscription amounts, or by making a one-time donation.
3. A Paypal Donation or subscription:
4. Donate by check, payable to Robert Zimmerman and mailed to
Behind The Black
c/o Robert Zimmerman
P.O.Box 1262
Cortaro, AZ 85652
You can also support me by buying one of my books, as noted in the boxes interspersed throughout the webpage or shown in the menu above.
A professional software hacker not only recently succeeded in hacking the terminals SpaceX sells customers to use its Starlink satellite internet service, he first got a bounty from SpaceX for doing so, then made his technique freely available on the web for everyone else.
[Lennert] Wouters is now making his hacking tool open source on GitHub, including some of the details needed to launch the attack. “As an attacker, let’s say you wanted to attack the satellite itself,” Wouters explains, “You could try to build your own system that allows you to talk to the satellite, but that’s quite difficult. So if you want to attack the satellites, you would like to go through the user terminal as that likely makes your life easier.”
The researcher notified Starlink of the flaws last year and the company paid Wouters through its bug bounty scheme for identifying the vulnerabilities. Wouters says that while SpaceX has issued an update to make the attack harder (he changed the modchip in response), the underlying issue can’t be fixed unless the company creates a new version of the main chip. All existing user terminals are vulnerable, Wouters says.
Starlink says it plans to release a “public update” following Wouters’ presentation at Black Hat this afternoon, but declined to share any details about that update with WIRED prior to publication.
Wouters is a researcher at the Belgian university KU Leuven.
While it can certainly help SpaceX to figure this out, by publishing the hack to the world Wouters looks like a blackmailer unsatisfied with his payoff who is now following through with his blackmail threat. One also wonders why SpaceX, as part of its bounty payment, did not require Wouters to sign a non-disclosure agreement.
Readers!
Please consider supporting my work here at Behind the Black. Your support allows me the freedom and ability to analyze objectively the ongoing renaissance in space, as well as the cultural changes -- for good or ill -- that are happening across America. Fourteen years ago I wrote that SLS and Orion were a bad ideas, a waste of money, would be years behind schedule, and better replaced by commercial private enterprise. Only now does it appear that Washington might finally recognize this reality.
In 2020 when the world panicked over COVID I wrote that the panic was unnecessary, that the virus was apparently simply a variation of the flu, that masks were not simply pointless but if worn incorrectly were a health threat, that the lockdowns were a disaster and did nothing to stop the spread of COVID. Only in the past year have some of our so-called experts in the health field have begun to recognize these facts.
Your help allows me to do this kind of intelligent analysis. I take no advertising or sponsors, so my reporting isn't influenced by donations by established space or drug companies. Instead, I rely entirely on donations and subscriptions from my readers, which gives me the freedom to write what I think, unencumbered by outside influences.
You can support me either by giving a one-time contribution or a regular subscription. There are four ways of doing so:
1. Zelle: This is the only internet method that charges no fees. All you have to do is use the Zelle link at your internet bank and give my name and email address (zimmerman at nasw dot org). What you donate is what I get.
2. Patreon: Go to my website there and pick one of five monthly subscription amounts, or by making a one-time donation.
3. A Paypal Donation or subscription:
4. Donate by check, payable to Robert Zimmerman and mailed to
Behind The Black
c/o Robert Zimmerman
P.O.Box 1262
Cortaro, AZ 85652
You can also support me by buying one of my books, as noted in the boxes interspersed throughout the webpage or shown in the menu above.
It basically gives him free access to the internet at this point. And it destroys the dish for normal use doing so.
Bob, I think you misunderstand how these ethical bug bounties work.
Wouters contacted SpaceX privately last year, and gave them the details of his hack. SpaceX had time to come up with a partial fix (firmware update) and only then did Wouters make his information public. And even now, Wouters is withholding critical details of exactly how to hack the Starlink dish.
Everybody benefits: SpaceX improves their dish, Wouters gets a reward for his hard work, and other engineers (like me) learn about new types of vulnerabilities and how to avoid them in our own products.
Steve Golson: I understand this process. However, unless I missed it, the article gave me the impression that Wouters held no details back on his hack. It instead made it seem pretty clear, as per the quote in my post, that he had released it all.
Bob: nope, Wouters is not being totally forthcoming. On his FAQ he says:
• We are not selling finished modchips
• We are not providing (patched) Starlink User Terminal firmware
• We are not providing exact glitch parameters. The presentation slides contain various hints and the parameters will vary depending on how you patch the firmware.
Also his design only works on the old original circular dish, not the newer and much more common rectangular dish.
This is not a script kiddie method. It requires considerable sophistication by the attacker.
Steve Golson: This then is good news, and an example of a news article that left out some important information.
Being ever reluctant to underestimate Elon, perhaps the code “freely released” on this incorporates some subtle segments that would be difficult to recognize, but will tip them off if someone actually tries to use it on their system so they could then detect, monitor, snd ultimately deal with the hacker. Remember, Starlink KNOWS WHERE YOU ARE with a high degree of GPS precision, so they are well positioned to apply legal remedies if you are in a reasonably stable zone of law enforcement,. And if not the USAF could apply a somewhat more debilitating solution were the use plausibly linked to terrorism or something like that : )
And here is Starlink’s response. Fascinating reading! Bring On The Bugs…
https://api.starlink.com/public-files/StarlinkWelcomesSecurityResearchersBringOnTheBugs.pdf
Steve Golson: That Starlink url requires a password.
“That Starlink url requires a password.”
Really? It works for me on multiple browsers and platforms. It’s a public file. 6-page PDF.
Wow that Starlink policy paper is refreshing.
Hard to think of another company that would be so open and forthcoming – they even thank Wouters.
Really increases my confidence in them.
Now Chinese/Russian agents will pay him a visit.
Democrats, Liberals, Trial Lawyers, Lizards, Rats, Snakes and other lower lifeforms