Scroll down to read this post.

 

Please consider supporting my work here at Behind The Black by giving either a one-time contribution or a regular subscription, in any one of the following ways:

 

1. Zelle: This is the only internet method that charges no fees. All you have to do is use the Zelle link at your internet bank and give my name and email address (zimmerman at nasw dot org). What you donate is what I get.

 

2. Patreon: Go to my website there and pick one of five monthly subscription amounts, or by making a one-time donation.
 

3. A Paypal Donation:

4. A Paypal subscription:


5. Donate by check, payable to Robert Zimmerman and mailed to
 
Behind The Black
c/o Robert Zimmerman
P.O.Box 1262
Cortaro, AZ 85652


Professional software hacker demonstrates how to hack Starlink terminals

A professional software hacker not only recently succeeded in hacking the terminals SpaceX sells customers to use its Starlink satellite internet service, he first got a bounty from SpaceX for doing so, then made his technique freely available on the web for everyone else.

[Lennert] Wouters is now making his hacking tool open source on GitHub, including some of the details needed to launch the attack. “As an attacker, let’s say you wanted to attack the satellite itself,” Wouters explains, “You could try to build your own system that allows you to talk to the satellite, but that’s quite difficult. So if you want to attack the satellites, you would like to go through the user terminal as that likely makes your life easier.”

The researcher notified Starlink of the flaws last year and the company paid Wouters through its bug bounty scheme for identifying the vulnerabilities. Wouters says that while SpaceX has issued an update to make the attack harder (he changed the modchip in response), the underlying issue can’t be fixed unless the company creates a new version of the main chip. All existing user terminals are vulnerable, Wouters says.

Starlink says it plans to release a “public update” following Wouters’ presentation at Black Hat this afternoon, but declined to share any details about that update with WIRED prior to publication.

Wouters is a researcher at the Belgian university KU Leuven.

While it can certainly help SpaceX to figure this out, by publishing the hack to the world Wouters looks like a blackmailer unsatisfied with his payoff who is now following through with his blackmail threat. One also wonders why SpaceX, as part of its bounty payment, did not require Wouters to sign a non-disclosure agreement.

Share

Conscious Choice cover

Now available in hardback and paperback as well as ebook!

 

From the press release: In this ground-breaking new history of early America, historian Robert Zimmerman not only exposes the lie behind The New York Times 1619 Project that falsely claims slavery is central to the history of the United States, he also provides profound lessons about the nature of human societies, lessons important for Americans today as well as for all future settlers on Mars and elsewhere in space.

 
Conscious Choice: The origins of slavery in America and why it matters today and for our future in outer space, is a riveting page-turning story that documents how slavery slowly became pervasive in the southern British colonies of North America, colonies founded by a people and culture that not only did not allow slavery but in every way were hostile to the practice.  
Conscious Choice does more however. In telling the tragic history of the Virginia colony and the rise of slavery there, Zimmerman lays out the proper path for creating healthy societies in places like the Moon and Mars.

 

“Zimmerman’s ground-breaking history provides every future generation the basic framework for establishing new societies on other worlds. We would be wise to heed what he says.” —Robert Zubrin, founder of founder of the Mars Society.

 

All editions are available at Amazon, Barnes & Noble, and all book vendors, with the ebook priced at $5.99 before discount. The ebook can also be purchased direct from my ebook publisher, ebookit, in which case you don't support the big tech companies and I get a bigger cut much sooner.

 

Autographed printed copies are also available at discount directly from me (hardback $24.95; paperback $14.95; Shipping cost for either: $5.00). Just email me at zimmerman @ nasw dot org.

12 comments

  • pzatchok

    It basically gives him free access to the internet at this point. And it destroys the dish for normal use doing so.

  • Bob, I think you misunderstand how these ethical bug bounties work.

    Wouters contacted SpaceX privately last year, and gave them the details of his hack. SpaceX had time to come up with a partial fix (firmware update) and only then did Wouters make his information public. And even now, Wouters is withholding critical details of exactly how to hack the Starlink dish.

    Everybody benefits: SpaceX improves their dish, Wouters gets a reward for his hard work, and other engineers (like me) learn about new types of vulnerabilities and how to avoid them in our own products.

  • Steve Golson: I understand this process. However, unless I missed it, the article gave me the impression that Wouters held no details back on his hack. It instead made it seem pretty clear, as per the quote in my post, that he had released it all.

  • Bob: nope, Wouters is not being totally forthcoming. On his FAQ he says:

    • We are not selling finished modchips
    • We are not providing (patched) Starlink User Terminal firmware
    • We are not providing exact glitch parameters. The presentation slides contain various hints and the parameters will vary depending on how you patch the firmware.

    Also his design only works on the old original circular dish, not the newer and much more common rectangular dish.

    This is not a script kiddie method. It requires considerable sophistication by the attacker.

  • Steve Golson: This then is good news, and an example of a news article that left out some important information.

  • MDN

    Being ever reluctant to underestimate Elon, perhaps the code “freely released” on this incorporates some subtle segments that would be difficult to recognize, but will tip them off if someone actually tries to use it on their system so they could then detect, monitor, snd ultimately deal with the hacker. Remember, Starlink KNOWS WHERE YOU ARE with a high degree of GPS precision, so they are well positioned to apply legal remedies if you are in a reasonably stable zone of law enforcement,. And if not the USAF could apply a somewhat more debilitating solution were the use plausibly linked to terrorism or something like that : )

  • Steve Golson: That Starlink url requires a password.

  • “That Starlink url requires a password.”

    Really? It works for me on multiple browsers and platforms. It’s a public file. 6-page PDF.

  • Mitch S.

    Wow that Starlink policy paper is refreshing.
    Hard to think of another company that would be so open and forthcoming – they even thank Wouters.
    Really increases my confidence in them.

  • Jeff Wright

    Now Chinese/Russian agents will pay him a visit.

  • Star Bird

    Democrats, Liberals, Trial Lawyers, Lizards, Rats, Snakes and other lower lifeforms

Readers: the rules for commenting!

 

No registration is required. I welcome all opinions, even those that strongly criticize my commentary.

 

However, name-calling and obscenities will not be tolerated. First time offenders who are new to the site will be warned. Second time offenders or first time offenders who have been here awhile will be suspended for a week. After that, I will ban you. Period.

 

Note also that first time commenters as well as any comment with more than one link will be placed in moderation for my approval. Be patient, I will get to it.

Leave a Reply

Your email address will not be published.