A $25 hacking tool that can apparently breach Internet terminals from star link has been revealed by a security researcher.
For reference, Starlink was started by Elon Musk with the goal of providing internet connections all over the world. By launching 3,000 satellites into orbit, the company has attracted more than 500,000 subscribers.
However, Wouters has now found a way to hack the decks due to various hardware vulnerabilities. If left exposed, this would give threat actors free rein to access Starlink’s system and then execute custom code on devices on the network.
To find any exploits within the satellite dish’s software, Wouters bought a dish and attached his hacking device to it. The tool itself was formed via a custom circuit board (modchip), with the price for the total parts required for the device costing just $25.
The homemade printed circuit board (PCB) is capable of short-circuiting the system, albeit temporarily, through a fault injection attack: this method, or fault, was used to bypass the security measures that Starlink has put in place.
After revealing the hack in his presentation, Wouters released the tool on GitHub, which provides a breakdown of how to perform the attack itself.
Starlink was made aware of the security flaws last year by Wouters himself, and even paid the researcher for his efforts through its bug bounty scheme.
Even though parent company SpaceX patched the vulnerabilities at the time, prompting Wouters to modify the modchip, it seems that the core issue cannot be resolved without a new model of the main chip being produced. As such, he stated that all user terminals associated with Starlink are currently exposed.
Starlink confirmed that a public update was in the works, but Wouters stressed that the nature of the company’s operations exposes them either way. “The wide availability of Starlink user terminals (UTs) exposes them to hardware hackers and opens the door for an attacker to freely explore the network,” he said.
«Our attack results in an irreparable compromise of the Starlink. [terminal de usuario] and allows us to execute arbitrary code,” he continued. “The ability to gain root access on the Starlink [terminal de usuario] it is a prerequisite for freely exploring the Starlink network.”
Wouters also has experience hacking another product from an Elon Musk company: He has created hardware that can unlock a Tesla electric vehicle in just 90 seconds.