The war in Ukraine has shown how critical satellite internet can become in times of cyber warfare. For better, when Elon Musk’s launch of his Starlink service in the country helped thousands of Ukrainians stay connected. For worse, when the hack of Viasat denied internet access to customers way beyond Ukraine’s borders.
It may sound worrying, then, that a single researcher successively hacked a Starlink dish… with a custom toolkit that cost him only around $25.
Lennert Wouters, a security researcher at the Belgian university KU Leuven, revealed on August 12, 2022, at the Black Hat conference in Las Vegas, that he used a fault injection attack to break into locked parts of the Starlink system.
To do so, Wouters stripped down a Starlink dish and created a hacking tool – a custom circuit board known as a modchip, made of a Raspberry Pi microcontroller, flash storage, electronic switches and a voltage regulator – that he attached to the Starlink dish.
The fault injection attack runs the glitch against the first bootloader, which is burned onto the system-on-chip and can’t be updated. The attack then deploys patched firmware on later bootloaders, which allows him to take control of the dish.
As Starlink engineers printed “Made on Earth by humans” on their board, Wouters’ modchip reads: “Glitched on Earth by humans.”
Before going public, the researcher notified Starlink of the flaws through its bug bounty scheme and open-sourced the modchip details on GitHub.
The presentation prompted SpaceX’s satellite internet service to publish a six-page response, in which they called the attack “technically impressive.”
The company did not deny the researcher’s claim that the vulnerabilities are “unfixable” and insisted that they “rely on the design principle of ‘least privilege’ to constrain the effects in the broader system.”