With over 3,000 small satellites in orbit, Elon Musk‘s Starlink has created an excellent fleet orbiting Earth at the moment providing satellite internet access coverage in 36 countries. However, all it took was one Belgian cyber security researcher, a $25 homemade device, and a dream to reveal the first major security flaw in Starlink’s user terminals.
This past Thursday at the Black Hat security conference in Las Vegas, Belgian security researcher Lennert Wouters showcased how he hacked into the Starlink internet system using a homemade circuit board or modchip that cost around $25 to develop, WIRED reports.
To do this, WIRED explains, Wouters had to strip down the satellite dish, allowing him to attach a custom modchip using cheap, off-the-shelf parts. Once attached, the homemade printed circuit board launches a fault injection attack that bypasses Starlink’s security system, and allows access to control functions Starlink had intended to keep locked down.
“As an attacker, let’s say you wanted to attack the satellite itself,” Wouters explained to WIRED, “You could try to build your own system that allows you to talk to the satellite, but that’s quite difficult. So if you want to attack the satellites, you would like to go through the user terminal as that likely makes your life easier.”
Starlink’s system is divided into three major parts: The satellites, the gateways sending internet connections, and the user terminals referred to as “Dishy McFlatface” by Musk’s employees — the dishes people can buy, in other words. According to WIRED, Wouters’ research focused on the Dishy McFlatfaces.
Wouters revealed the vulnerability to SpaceX last year and the company paid him through its bug bounty program. Starlink, in response to Wouters’ showcase, published a six-page PDF explaining how it secures its systems along with a firmware update that “makes the attack harder, but not impossible, to execute.”
Since 2018, Starlink has slowly established itself in the industry and has become a vital tool in keeping Ukrainians connected during the Russian invasion. According to Musk in May, Starlink has so far thwarted all cyberattacks coming from Russia.
