Security researcher Lennert Wouters hacked the Starlink satellite constellation with $25 in off-the-shelf equipment. He presented his findings at a computer security conference in Las Vegas.
The security vulnerability involves the widespread deployment of Starlink’s terminals, which connect users to the constellation. SpaceX can manufacture 20,000 Starlink terminals a week and deployed terminals passed the 100,000 mark in August 2021.
Wouters operated a homemade circuit board, also commonly known as a modchip. He could attach it to any Starlink terminal to bypass secure boot protections by interfering with the normal electrical power rails during bootup.
The chip could enable an attacker to gain privileged access to a Starlink terminal, though only if the attacker has physical access to the terminal. The attack does not work remotely and will not affect any of the 2,700 Starlink satellites that are already in orbit. He made the modchip plans available on GitHub to supplement the presentation he made at the computer security conference.
The GitHub description of the circuit board indicates that he expects a recording of the talk to be up soon. It also warns to use the circuit board schematics at one’s own risk. It especially warned that use of the circuit board could do damage to the terminal and disassembling a Starlink terminal could void the warranty.
The plans and description did not include full details of the glitch that Wouters’ customized circuit board could exploit. SpaceX may already be working on a firmware update that fixes the glitch based on the information he provided to claim a bug bounty award. It did already issue a firmware update to disable UART output.
SpaceX operates a bug bounty that anyone who can find a flaw in Starlink’s Internet service may qualify for. In a rare official statement, it complimented Wouters on his findings.
Starlink documentation describes security measures that it already takes, including making each Starlink network device’s unique identification difficult to replicate and reserving the option to disable devices that are used for malicious activity. It also makes it…