Starlink Got Hacked And SpaceX's Response Was Incredible
Who would have thought that all it would take to hack Starlink, SpaceX's worldwide internet service, would be a $25 modchip? Lennert Wouters, a security researcher from Belgium, was able to hack into Starlink's network as well as its communication links and explore the entire system freely. While that sounds pretty scary, he didn't do it maliciously. Before he ever talked about the hack in public, he made sure to report it to Starlink in full, and SpaceX's response to the hack was nothing short of incredible.
Most of us associate hackers with all kinds of evil endeavors, and rightfully so. After all, we've all heard the tale (or have been there ourselves) of a friend or a family member getting hacked in one way or another. Moreover, organizations suffer from cybersecurity hacks and attacks very frequently. As an example, not too long ago, Samsung was hit by a cyberattack in which some sensitive internal data was stolen. Seeing as these attacks happen with an increasing frequency (as can be seen in this report from Kaspersky), security researchers like Wouters have their hands full, and companies can benefit from these hacks.
In order to break into Starlink, Wouters stripped down a Starlink satellite dish he owned himself. He then modded it with a custom circuit board, made up out of a Raspberry Pi microcontroller, electronic switches, flash storage, and a voltage regulator. He soldered the contraption onto the existing Starlink power circuit board (PCB) and connected it. Once connected, the tool was able to temporarily short the system, which gave Wouters a way into the system. Wouters described the hack in full over on Black Hat, noting that he was able to explore the network freely once he gained access to it.
Bring on the bugs
Wouters submitted all of his findings to SpaceX in a responsible way: through its dedicated bug bounty program. In fact, this got him inducted into the SpaceX bug hunting hall of fame, in which he now holds the second place. SpaceX presumably paid the hacker for finding the bug, as that's the whole point of the program, although the amount hasn't been disclosed. Many large organizations rely on third-party researchers to help them track down bugs and vulnerabilities that may slip through the cracks during testing. For instance, Apple recently paid a PhD student $100,000 for successfully hacking a Mac.
Once Wouters published his side of the story, SpaceX responded with a six-page paper (PDF), and it's hard not to admire the enthusiasm shown in that response. Right from the very headline, SpaceX is inviting people to do what Wouters just did by saying, "Starlink welcomes security researchers (bring on the bugs)." The giant goes on to describe Starlink and its impact on the world, especially visible now during the war in Ukraine, where Starlink has become one of the sources of connectivity for some of the Ukrainian citizens who remain in the country.
SpaceX congratulated Wouters on this achievement, but also made sure to point out that this kind of hack is low-impact for the network and its users. "We aim to give each part of the system the minimal set of privileges required to get its job done," said SpaceX, affirming that one piece of compromised equipment should not affect the entire network. With that said, SpaceX also notes that it's hard to protect a device to which a hacker has constant unmonitored physical access — so the bug hunting continues.
Not every hack is created equal
It's a good reminder that, though hacks may seem increasingly widespread these days, not every exploit is created equal — or equally dangerous. While it's complex, you can think of hacks as generally falling into one of two categories, physical or remote. For physical hacks, someone wanting to exploit a loophole needs to have actual contact with the device in order to manipulate it.
That's the category this Starlink dish hack falls into: Wouters needed to physically open up the dish, access the electronics, and wire in his components in order to subvert the system. He needed to be in the same location as the Starlink dish, and have an uninterrupted opportunity to work with what's inside. While it's serious — and SpaceX is obviously taking it seriously — it's not a remote hack. That's when a loophole can be exploited without physical access to the device at all.
Should Starlink users be worried by this new hack?
As you might expect, remote hacks are far more concerning. A Starlink dish might be mounted on a roof or up a pole, to ensure uninterrupted satellite visibility: you're probably going to notice someone climbing a ladder in order to access it with nefarious intent. With a remote hack, though, you might not realize it has been enacted until something goes wrong.
This time around, SpaceX insists, "normal Starlink users do not need to be worried about this attack affecting them, or take any action in response" (emphasis theirs). There's no way to use this particular exploit to remotely affect a Starlink connection, or indeed the satellites that SpaceX has been launching over the past few years, or to extract user data or monitor what traffic may be passing over the satellite connection. For those on Starlink connections — or, in fact, any customer of any internet service providers — it's much wiser to stay cautious about phishing attempts, either in your email inbox or on the phone, where people claiming to represent your ISP attempt to extract account information, passwords, or payment details.