Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Communications Security The Internet

The Hacking of Starlink Terminals Has Begun (wired.com) 48

AmiMoJo shares a report from Wired: Since 2018, ELON Musk's Starlink has launched more than 3,000 small satellites into orbit. This satellite network beams internet connections to hard-to-reach locations on Earth and has been a vital source of connectivity during Russia's war in Ukraine. Thousands more satellites are planned for launch as the industry booms. Now, like any emerging technology, those satellite components are being hacked. Today, Lennert Wouters, a security researcher at the Belgian university KU Leuven, will reveal one of the first security breakdowns of Starlink's user terminals, the satellite dishes (dubbed Dishy McFlatface) that are positioned on people's homes and buildings. At the Black Hat security conference in Las Vegas, Wouters will detail how a series of hardware vulnerabilities allow attackers to access the Starlink system and run custom code on the devices.

To access the satellite dish's software, Wouters physically stripped down a dish he purchased and created a custom hacking tool that can be attached to the Starlink dish. The hacking tool, a custom circuit board known as a modchip, uses off-the-shelf parts that cost around $25. Once attached to the Starlink dish, the homemade printed circuit board (PCB) is able to launch a fault injection attack -- temporarily shorting the system -- to help bypass Starlink's security protections. This 'glitch' allows Wouters to get into previously locked parts of the Starlink system. The researcher notified Starlink of the flaws last year and the company paid Wouters through its bug bounty scheme for identifying the vulnerabilities. Wouters says that while SpaceX has issued an update to make the attack harder (he changed the modchip in response), the underlying issue can't be fixed unless the company creates a new version of the main chip. All existing user terminals are vulnerable, Wouters says.
Wouters is making his hacking tool open source on GitHub. Following his presentation, Starlink says it plans to release a "public update" to address the issue but additional details were not shared.
This discussion has been archived. No new comments can be posted.

The Hacking of Starlink Terminals Has Begun

Comments Filter:
  • Back in ye olde days when DirecTV hacking was a thing, that company went completely scorched Earth and sued every customer who bought hardware which could be used for stealing service. Musk taking a page out of DirecTV's book totally wouldn't surprise me. Don't poke the Elongated Muskrat, kids; he bites.

    • He's not selling hardware.

      He was likely offering SpaceX the opportunity to recompense him for the inability to academically publish his research to the extent he desired and needed for his career. The current situation is likely what 25K$ bought SpaceX in that regard.

      • He's not selling hardware.

        But since he did release everything on his Github, it'd be trivial for someone else who is so inclined, to produce the hardware.

    • by ArmoredDragon ( 3450605 ) on Saturday August 13, 2022 @11:56AM (#62786134)

      I kind of doubt the usefulness of this hack includes getting free service, so I don't think the DirecTV situation is applicable.

      • by NFN_NLN ( 633283 )

        Agreed. The only thing those stories have in common is... a dish?

        The issue with Dish Network and other satellite providers is they were effectively one way. The media was streamed out for anyone to decrypt AND use stealthily.

        With Satellite internet it's pretty useless if it's unidirectional and anyone trying to send data would have their stream ignored. The other malicious option of DDOSing satellites would get expensive because unlike zombie bots that hijack other peoples unsecured PCs this is a hardwar

  • Essentially this article is stating that if someone can physically access your dish then they could take it apart and install new hardware inside of it in order to use your internet access as if it was theirs. That’s definitely “hacking” but not the simplest to do and not a big deal when there’s a million easier ways to hack someone’s internet from their computer, cable modem or router. The iPhone has been trying to be unhackable with physical access forever, and it’s sti
    • Requirement for physical access makes this a hack that is unlikely to be exploited at scale.
    • by AmiMoJo ( 196126 ) on Saturday August 13, 2022 @10:48AM (#62786044) Homepage Journal

      That's not what TFA is saying.

      Like many embedded systems, the disk uses an SoC with protection to stop the firmware being read out or replaced with something else. Like most of those systems, it is vulnerable to having the protection disabled by glitching the power supply. Through trial and error it is possible to determine exactly when to make the power supply glitch to cause the embedded security system to skip over disabling debug capability or firmware signature checks.

      So now the firmware can be read out, and new code injected. By doing that, flaws in the boot process firmware, stored internally in the SoC in a ROM that cannot be updated, have been found and exploited. It can't be fixed, the only solution is to replace every single dish out there and then block access to all V1 models. Even then, Starlink can't stop them transmitting stuff to the satellite...

      Which brings us to the next and much bigger problem. Now that the firmware can be examined and hacked to send arbitrary signals to the satellite, the satellites themselves are vulnerable. If there is some kind of flaw in the satellite's firmware, say a buffer overflow or crash due to receiving bad data, the satellites could experience anything from a DOS attack to being hacked to run arbitrary code themselves.

      Presumably Starlink prepared for this as it was somewhat inevitable, but if someone finds a way to brick satellites it could take out a lot of them before Starlink can react and get protections in place. Remember that from Starlink's point of view they will just see satellites going dark, they won't have any idea who did it or how, or what the vulnerability is, and unless they can revive the bricked satellites there may be no way to get that data.

      • Is the hack detectable by Starlink? Since it requires physical access,, I suspect that it will be used to unlock previously inaccessible system capabilities. Once Starlink sees this, it can place that dish ID on a blacklist.

        So kiss your own Starlink service goodbye.

        • > Once Starlink sees this, it can place that dish ID on a blacklist.

          It's doubtful that any attacker would be transmitting a legitimate ID. The whole premise is dubious and unlikely anyway, outside of a DoS. Still, Nation States like to DoS comms of their enemies (usually civilians who get too uppity for their tastes) so somebody might try reducing service availability. Reportedly the Azov Battalion is using Starlink to coordinate attacks on civilian centers in Western Russia, so the possibility exists

        • by AmiMoJo ( 196126 )

          Sure, but even if they blacklist the terminal, the satellite still has to receive the packet before it can decide to ignore it.

          Also once you control the hardware you can change the identifiers, cloning other people's.

          You could also just DOS the satellite by constantly sending random garbage to it, making it impossible for other terminals to talk to it.

      • Now that the firmware can be examined and hacked to send arbitrary signals to the satellite, the satellites themselves are vulnerable.

        Maybe the hacker can pay SpaceX for a trip up to space to capture a StarLink satellite...

        Theoretically yes, the satellites could maybe be attacked through an uplink... but how realistically would you go about doing that without some hardware you could experiment on easily? There's no real way to no if you are affecting a satellite in any way with what you send.

        You could argu

      • You write as if what you say is the only possible situation.
        People who do that are often wrong.
        They are often blinkered woke cunts like yourself.

        Starlink satellites may have separate control and datacomms systems. So bricking the datacomms system would not affect the control system, and Spacex would easily be able to detect the hacking.

      • Shouldn't a DOS attack on a satellite be quite simple?
        Just transmit enough power to desensitize the receiver and you're done.

        Or if you want to brick it, increase the transmitted power even further until the LNA onboard just breaks?

        But maybe I'm wrong because otherwise hostile countries would have already done it by now...

        • goodevening hbo

          from captain midnight

          $12.95/month ?

          no way !

          [showtime/movie channel beware!]

        • They use steerable phase-array antennas, which gives /some/ resistance to such an attack. But yes, that would work - at the very least you could cause a localised degradation of service.

          If someone is going to do that though, my money would be on a state actor. Maybe Russia, trying to shut down Starlink connectivity in occupied Ukraine. They have the technology, the motivation, and the ability to thumb their nose an international authority. "Us, jamming satellites? No, we would never do that. That array of h

        • by AmiMoJo ( 196126 )

          I think one dish would struggle to produce enough power to damage the LNA. Just pumping out noise will be an effective DOS while it is overhead, but well short of bricking it.

      • The dish may be shoddily engineered, but no-one sends sub-par hardware into space. I am quite sure that the satellite's own critical power, communications and positioning systems are entirely physically separate from the Starlink communications equipment. They will just as surely include the capability to remotely shut down power to that equipment, wipe the memory, boot it into a safe mode and overwrite the firmware with an update, all while ensuring not a byte of potentially dangerous data flows in the oth

        • by AmiMoJo ( 196126 )

          And nobody would be mad enough to test an alpha version of their self driving vehicle on public roads with amateurs behind the wheel.

    • He's hacking in the old-school sense. He's granted himself access to the hardware he owns so he can look around and learn.

      It's a long-standing tradition in the hacker ethos, whether it's a printer, a DVR, a crypto wallet, or a satellite receiver.

      There's not a remote exploit here or anything that would cause a consumer-device compromise. If you can get into someone's computer and take it apart all bets are off anyway.

  • If not, why is it in all caps when nothing else is?
  • this sounds like FUD.

    just need physical access and to pull apart the dish and to attach hacking hardware to the device. oh Nooooooooooooooos!

    • it's an attack on a transceiver so the antenna mod concept can be used on any working antenna, i believe. with some more modifications at least.

    • this sounds like FUD.

      That's because you don't understand the discussion.

      just need physical access and to pull apart the dish and to attach hacking hardware to the device. oh Nooooooooooooooos!

      It is "oh nos" for Starlink, not so much for you. The "oh nos" for you is not even knowing what this discussion is about, but "contributing" anyway.

  • Putin appreciates your hard work.

  • As in, the laziest possible way to get from point A to point B. If you replace someone's carelessly-unattended phone with one you already control, congratulations, you have "hacked" their phone.

    Replacing a chip in a single user terminal ain't no Stuxnet, is it?
  • Golly, I took a wrench and a hammer to the engine in my car. I discovered that if I removed part of the intake manifold and replaced it with a home-built gadget and made a bunch of other mods, it runs differently - or even stops running all-together.

    Clearly, the car maker made a vulnerable engine that needs security upgrades. How dare they make and sell a product that can be pried open, chopped hacked folded mangled manipulated and [my fave] "spindled". Those idiots thought they were designing, making, and

  • This reference is getting so goddamned old.
  • If you have physical access to the device it was proven by some top hackers that a hammer ðY" can disrupt the device connectivity, sometimes bricking it. StarLink was already informed about this bug, but no fix was deployed yet.

Another megabytes the dust.

Working...