Professional software hacker demonstrates how to hack Starlink terminals
A professional software hacker not only recently succeeded in hacking the terminals SpaceX sells customers to use its Starlink satellite internet service, he first got a bounty from SpaceX for doing so, then made his technique freely available on the web for everyone else.
[Lennert] Wouters is now making his hacking tool open source on GitHub, including some of the details needed to launch the attack. “As an attacker, let’s say you wanted to attack the satellite itself,” Wouters explains, “You could try to build your own system that allows you to talk to the satellite, but that’s quite difficult. So if you want to attack the satellites, you would like to go through the user terminal as that likely makes your life easier.”
The researcher notified Starlink of the flaws last year and the company paid Wouters through its bug bounty scheme for identifying the vulnerabilities. Wouters says that while SpaceX has issued an update to make the attack harder (he changed the modchip in response), the underlying issue can’t be fixed unless the company creates a new version of the main chip. All existing user terminals are vulnerable, Wouters says.
Starlink says it plans to release a “public update” following Wouters’ presentation at Black Hat this afternoon, but declined to share any details about that update with WIRED prior to publication.
Wouters is a researcher at the Belgian university KU Leuven.
While it can certainly help SpaceX to figure this out, by publishing the hack to the world Wouters looks like a blackmailer unsatisfied with his payoff who is now following through with his blackmail threat. One also wonders why SpaceX, as part of its bounty payment, did not require Wouters to sign a non-disclosure agreement.
A professional software hacker not only recently succeeded in hacking the terminals SpaceX sells customers to use its Starlink satellite internet service, he first got a bounty from SpaceX for doing so, then made his technique freely available on the web for everyone else.
[Lennert] Wouters is now making his hacking tool open source on GitHub, including some of the details needed to launch the attack. “As an attacker, let’s say you wanted to attack the satellite itself,” Wouters explains, “You could try to build your own system that allows you to talk to the satellite, but that’s quite difficult. So if you want to attack the satellites, you would like to go through the user terminal as that likely makes your life easier.”
The researcher notified Starlink of the flaws last year and the company paid Wouters through its bug bounty scheme for identifying the vulnerabilities. Wouters says that while SpaceX has issued an update to make the attack harder (he changed the modchip in response), the underlying issue can’t be fixed unless the company creates a new version of the main chip. All existing user terminals are vulnerable, Wouters says.
Starlink says it plans to release a “public update” following Wouters’ presentation at Black Hat this afternoon, but declined to share any details about that update with WIRED prior to publication.
Wouters is a researcher at the Belgian university KU Leuven.
While it can certainly help SpaceX to figure this out, by publishing the hack to the world Wouters looks like a blackmailer unsatisfied with his payoff who is now following through with his blackmail threat. One also wonders why SpaceX, as part of its bounty payment, did not require Wouters to sign a non-disclosure agreement.