“ Glitched on Earth by Humans: A Black-Box Security Evaluation of the SpaceX Starlink User Terminal ,” published by Belgian researcher Lenert Wouters , successfully hacked the satellite Internet service “Starlink” and exposed its vulnerabilities. that was pointed out. The attack is carried out by attaching a custom circuit board made by yourself to the base inside the dedicated antenna used by Starlink users to transmit and receive satellites.
Starlink is a communication service developed by SpaceX, which is run by Elon Musk, and is a system that provides the Internet from artificial satellites. In the Russian invasion of Ukraine that began in February, Mr. Elon Musk received a request from Mr. Mykhailo Fedorov, Ukraine’s digital minister, and immediately sent Starlink’s ground terminals to Ukraine to deploy the system. We used the advantage of satellite internet, which can be used anywhere in the world as long as there is electricity, to support it.
Starlink has launched thousands of small satellites into orbit since 2018. Instead of the broad-range communication service using geostationary satellites, which has been the mainstream until now, we are developing a narrow-range communication service launched into an orbit close to the earth at an altitude of 550 km. The closer the satellite is to the earth, the narrower the area it can cover, but it has the advantage of providing a high-speed, low-latency internet environment. This is a powerful technique unique to Starlink, which launches a large number of small satellites.
To actually use Starlink, you’ll need a dedicated ground-mounted antenna provided by the company. The latest attack involved hacking into this antenna. It attacks by attaching a handmade custom circuit board “Modchip” to a special antenna.
The Modchip is a modified chip, such as a Raspberry Pi (RP2040), that can be built from off-the-shelf parts that cost about $25 USD in total. It is mounted by soldering the completed Modchip directly to the Starlink board and connecting it with a few wires. Because it matches the Starlink base, it has a special shape like a key as shown in the image below.
The weak point of this attack is that it takes time to disassemble and install the dedicated antenna because it is directly embedded in the Starlink base.
The Modchip attached to Starlink’s base can perform a Fault Injection attack (an attack that momentarily tampered with the electrical input of the processor) to the Starlink User Terminal (Starlink UT).
As a result, it is possible to obtain the authority of the system that was originally locked and break into it. Starlink UT will be left in an unrepairable state, allowing attackers to execute arbitrary code. Lenert Wouters posted a preview on his Twitter account that was sent through a rooted Starlink UT.
SpaceX has released six PDFs citing Wouters’ attack method. He praised Wouters for his security research and acknowledged that this attack is possible. But he emphasized that only if he had physical access to dismantle the dedicated antenna and attach the wires and components.
He also pointed out that it is not possible to attack remotely from a remote location, and that it is not possible to attack other user terminals or satellites other than those embedded with chips. For this reason, SpaceX asserted that ordinary Starlink users should not be concerned about the impact of this attack and do not need to take countermeasures.