Professional software hacker demonstrates how to hack Starlink terminals
A professional software hacker not only recently succeeded in hacking the terminals SpaceX sells customers to use its Starlink satellite internet service, he first got a bounty from SpaceX for doing so, then made his technique freely available on the web for everyone else.
[Lennert] Wouters is now making his hacking tool open source on GitHub, including some of the details needed to launch the attack. “As an attacker, let’s say you wanted to attack the satellite itself,” Wouters explains, “You could try to build your own system that allows you to talk to the satellite, but that’s quite difficult. So if you want to attack the satellites, you would like to go through the user terminal as that likely makes your life easier.”
The researcher notified Starlink of the flaws last year and the company paid Wouters through its bug bounty scheme for identifying the vulnerabilities. Wouters says that while SpaceX has issued an update to make the attack harder (he changed the modchip in response), the underlying issue can’t be fixed unless the company creates a new version of the main chip. All existing user terminals are vulnerable, Wouters says.
Starlink says it plans to release a “public update” following Wouters’ presentation at Black Hat this afternoon, but declined to share any details about that update with WIRED prior to publication.
Wouters is a researcher at the Belgian university KU Leuven.
While it can certainly help SpaceX to figure this out, by publishing the hack to the world Wouters looks like a blackmailer unsatisfied with his payoff who is now following through with his blackmail threat. One also wonders why SpaceX, as part of its bounty payment, did not require Wouters to sign a non-disclosure agreement.
On Christmas Eve 1968 three Americans became the first humans to visit another world. What they did to celebrate was unexpected and profound, and will be remembered throughout all human history. Genesis: the Story of Apollo 8, Robert Zimmerman's classic history of humanity's first journey to another world, tells that story, and it is now available as both an ebook and an audiobook, both with a foreword by Valerie Anders and a new introduction by Robert Zimmerman.
The ebook is available everywhere for $5.99 (before discount) at amazon, or direct from my ebook publisher, ebookit. If you buy it from ebookit you don't support the big tech companies and the author gets a bigger cut much sooner.
The audiobook is also available at all these vendors, and is also free with a 30-day trial membership to Audible.
"Not simply about one mission, [Genesis] is also the history of America's quest for the moon... Zimmerman has done a masterful job of tying disparate events together into a solid account of one of America's greatest human triumphs."--San Antonio Express-News
A professional software hacker not only recently succeeded in hacking the terminals SpaceX sells customers to use its Starlink satellite internet service, he first got a bounty from SpaceX for doing so, then made his technique freely available on the web for everyone else.
[Lennert] Wouters is now making his hacking tool open source on GitHub, including some of the details needed to launch the attack. “As an attacker, let’s say you wanted to attack the satellite itself,” Wouters explains, “You could try to build your own system that allows you to talk to the satellite, but that’s quite difficult. So if you want to attack the satellites, you would like to go through the user terminal as that likely makes your life easier.”
The researcher notified Starlink of the flaws last year and the company paid Wouters through its bug bounty scheme for identifying the vulnerabilities. Wouters says that while SpaceX has issued an update to make the attack harder (he changed the modchip in response), the underlying issue can’t be fixed unless the company creates a new version of the main chip. All existing user terminals are vulnerable, Wouters says.
Starlink says it plans to release a “public update” following Wouters’ presentation at Black Hat this afternoon, but declined to share any details about that update with WIRED prior to publication.
Wouters is a researcher at the Belgian university KU Leuven.
While it can certainly help SpaceX to figure this out, by publishing the hack to the world Wouters looks like a blackmailer unsatisfied with his payoff who is now following through with his blackmail threat. One also wonders why SpaceX, as part of its bounty payment, did not require Wouters to sign a non-disclosure agreement.
On Christmas Eve 1968 three Americans became the first humans to visit another world. What they did to celebrate was unexpected and profound, and will be remembered throughout all human history. Genesis: the Story of Apollo 8, Robert Zimmerman's classic history of humanity's first journey to another world, tells that story, and it is now available as both an ebook and an audiobook, both with a foreword by Valerie Anders and a new introduction by Robert Zimmerman.
The ebook is available everywhere for $5.99 (before discount) at amazon, or direct from my ebook publisher, ebookit. If you buy it from ebookit you don't support the big tech companies and the author gets a bigger cut much sooner.
The audiobook is also available at all these vendors, and is also free with a 30-day trial membership to Audible.
"Not simply about one mission, [Genesis] is also the history of America's quest for the moon... Zimmerman has done a masterful job of tying disparate events together into a solid account of one of America's greatest human triumphs."--San Antonio Express-News
It basically gives him free access to the internet at this point. And it destroys the dish for normal use doing so.
Bob, I think you misunderstand how these ethical bug bounties work.
Wouters contacted SpaceX privately last year, and gave them the details of his hack. SpaceX had time to come up with a partial fix (firmware update) and only then did Wouters make his information public. And even now, Wouters is withholding critical details of exactly how to hack the Starlink dish.
Everybody benefits: SpaceX improves their dish, Wouters gets a reward for his hard work, and other engineers (like me) learn about new types of vulnerabilities and how to avoid them in our own products.
Steve Golson: I understand this process. However, unless I missed it, the article gave me the impression that Wouters held no details back on his hack. It instead made it seem pretty clear, as per the quote in my post, that he had released it all.
Bob: nope, Wouters is not being totally forthcoming. On his FAQ he says:
• We are not selling finished modchips
• We are not providing (patched) Starlink User Terminal firmware
• We are not providing exact glitch parameters. The presentation slides contain various hints and the parameters will vary depending on how you patch the firmware.
Also his design only works on the old original circular dish, not the newer and much more common rectangular dish.
This is not a script kiddie method. It requires considerable sophistication by the attacker.
Steve Golson: This then is good news, and an example of a news article that left out some important information.
Being ever reluctant to underestimate Elon, perhaps the code “freely released” on this incorporates some subtle segments that would be difficult to recognize, but will tip them off if someone actually tries to use it on their system so they could then detect, monitor, snd ultimately deal with the hacker. Remember, Starlink KNOWS WHERE YOU ARE with a high degree of GPS precision, so they are well positioned to apply legal remedies if you are in a reasonably stable zone of law enforcement,. And if not the USAF could apply a somewhat more debilitating solution were the use plausibly linked to terrorism or something like that : )
And here is Starlink’s response. Fascinating reading! Bring On The Bugs…
https://api.starlink.com/public-files/StarlinkWelcomesSecurityResearchersBringOnTheBugs.pdf
Steve Golson: That Starlink url requires a password.
“That Starlink url requires a password.”
Really? It works for me on multiple browsers and platforms. It’s a public file. 6-page PDF.
Wow that Starlink policy paper is refreshing.
Hard to think of another company that would be so open and forthcoming – they even thank Wouters.
Really increases my confidence in them.
Now Chinese/Russian agents will pay him a visit.
Democrats, Liberals, Trial Lawyers, Lizards, Rats, Snakes and other lower lifeforms