This Finder Hacked a Starlink Station (And It Wasn’t Easy)

A security researcher managed to obtain a “root wrapper” on a Starlink terminal. But this attack required several hours of work and the creation of a custom circuit board to connect to the components of the device.

When a new tech service becomes available, the first thing hackers obviously do is try to hack it. And that’s exactly what happened with Starlink, the low-orbit satellite internet connection service created by SpaceX. At the Black Hat 2022 conference, which will be held in Las Vegas through August 11, security researcher Lennert Waters, of KU Leuven, explained how to get a “root shell” on a Starlink station. Details of this attack will soon be available on GitHub.

A small “glitch” opens the door

Let’s be clear: this hack is technically very complex and therefore difficult to reproduce for someone who knows nothing about physical attacks. If you are lucky enough to own a Starlink terminal, don’t bother trying to do the same. To get the “root casing”, you must first remove the metal casing of the satellite dish, so you can access the device’s electronic components. Then you have to connect via a driver circuit designed by Lennert Wouters.

Black Hat 2022 / Starlink PCB Terminal Circuit
starlink hack
Black Hat 2022 / The Special Circle created by Lennert Wouters

When the device is turned on, this circuit will inject small electrical disturbances (“glitch”) in time, which will have the effect of modifying the progress of the boot process (safe boot) and the download of a modified version of the firmware. Finally, one gets full access to the system with administrator privileges. The researcher made use of his presentation to provide an explanation. It only took a few minutes to get the famous “root peel”.

starlink hack
Black Hat 2022 / Demonstration Attack

In his attack arena, Lennert Waters took care to print the sentence ‘Humans’ imbalance on Earth’. It’s a reference to SpaceX engineers who printed the Starlink terminal circuit with the phrase ‘Man made on Earth’. A logo that can also be found on the Tesla car that Elon Musk sent into space…

The Starlink service analysis is not yet complete. Thanks to this access to the system, Lennert Wouters will now attempt to explore the Starlink network and – why not – gain access to satellites or base stations. It is a goal that is far from useless. The beginning of the war in Ukraine showed that satellite communication is a priority objective in case of conflict. And since Starlink stations were used on the ground in this war, it’s possible that Russian hackers are already working on fixing potential network failures.

It is good quality equipment

But pirates risk breaking their teeth. Although, after many hours of work, he managed to find a way to access the terminal system, Lennert Wouters considers the security level of this product to be good. “There was nothing obvious to exploit. Rooting was difficult, unlike other tools [de ce type]. This access does not allow, in the near future, a large-scale attack.”explained a security researcher in Las Vegas.

For their part, SpaceX leaders say they are happy. In a statement, they congratulated Lynnert Waters on his outstanding work and Technically impressive. This is the first time they have faced such an attack and they are encouraging all researchers to do the same, as part of their “bug bounty programme”. They also take the opportunity to reassure users. All elements of the Starlink architecture are designed according to the principle of “least privilege” to reduce the effects of a potential attack. Also, it will not be possible in advance to attack other stations from a compromised one. we will see.

source :

Black Hat 2022

Leave a Comment