HQ/EMEAFind out how we can help your business
A cybersecurity researcher has recently completed an experimented fault injection attack on a user terminal for the SpaceX Starlink internet system revealed at the Black Hat event.
Based on reports, the researcher has successfully infected the SpaceX Starlink satellite-based internet system by utilising a homemade circuit board that only cost 25 dollars.
To start the hack, the researcher said a voltage fault injection operation should run on a Starlink User Terminal or a satellite dish people use to get inside the system. Additionally, the researcher took down a satellite dish he bought and developed the custom board that he appended to the Starlink dish.
The creation of the custom board enabled the researcher to infiltrate the dish and explore the Starlink network.
A cheap modchip compromised the SpaceX Starlink internet service.
A low-cost tool with off-the-shelf parts completed the SpaceX Starlink internet service infection. It used it to acquire root access by glitching the Starlink UT security operations centre bottom.
The researchers scanned the Starlink dish and customised the chip to fit into the existing Starlink board. Then, he soldered the modchip, including flash storage, voltage regulator, electronic switches, and Raspberry PI microcontroller, to the present Starlink PCB and linked it using several wires.
After it was attached to the dish, the tool ran a fault injection attack to shorten the system temporarily to avoid security detections and infiltration into locked parts of the system. Subsequently, the attack executes the glitch against the first bootloader, burns onto the system, and cannot be updated.
The researcher then launched patched firmware on a later bootloader to control the dish.
The attack then leaves an irreparable compromise of the Starlink UT and enables the operation of arbitrary code. The capability to obtain root access on the Starlink UT is required to explore the Starlink network undisturbed.
Fortunately, SpaceX has responded immediately to the researcher’s online disclosure of the existing compromise. Furthermore, the surge of usage of the Starlink program has attracted numerous malicious threat actors and cybersecurity researchers to find loopholes to compromise such a system.
