Belgian student-researcher Lennert Wouters has successfully hacked a satellite dish from Starlink, SpaceX’s satellite network. Elon Musk’s company thanks him with a check for $12,000.
“First of all, we would like to commend Lennert Wouters for his research on Starlink user terminal security.” This is the praise sent a few days ago by the company Starlink, the satellite network of SpaceX, the space company of Elon Musk, abouta doctoral student from KU Leuven.
By placing thousands of satellites in space, the billionaire’s company wants to make fast Internet possible worldwide. But recently, Lennert Woutersa 30-year-old industrial engineer, has revealed for the first time a major security flaw in the system hardware. “We find the attack technically impressive. We believe it is the first of its kind on our system,” Starlink wrote in its statement.
“You can’t build a defense without knowing how an offense works.”
Lennert Wouters is preparing his PhD on material security at COSIC, the digital security and cryptography research group of KU Leuven. “I deal with the offensive side: finding leaks in the electronics,” he explains. “Other colleagues are on the defensive side and protect the systems. But you can’t build a defense without knowing how an attack works.”
A year ago, the seeker began his offensive against Starlink. He asked his promoter if he could order a user terminal, a kind of satellite dish. He stripped it and hung a printed circuit on it (support for electrically connecting a set of components, editor’s note) $25. “It was originally a side project,” he says. I didn’t know if anything would come of it.” And then finally, last week, Lennert Wouters was allowed to present his successful attack to the Black Hat, a major cybersecurity conference in Las Vegas. He explains.
“This is a first step towards access to satellite.”
How did you manage to hack a satellite dish?
If someone attacks a satellite, it can have significant consequences. As a normal user, you cannot access a satellite directly, but must go through the user terminal. That’s why I first attacked the user’s terminal by injecting an error. I was able to create a short across the circuit board for a very short time, 100 nanoseconds. This messed up the CPU for a while. It skipped one or more instructions and all security checks were not performed. This allowed me to run my own code on the terminal, with the system believing the code was created by SpaceX, not me. I was able to analyze the terminal more deeply.
Is this leak dangerous?
Not immediately. The satellites themselves have no security issues. To change the passcode, you must have physical access to the device. But this is a first step towards access to satellite. I presented my findings at the conference and now other people can see if there are other issues.
Were you surprised your attack worked?
Not really. But I was surprised that the system was so secure. Most products don’t make it very difficult for hackers. Last year, we carried out a survey on household appliances for Test Achats. Once we had the code, it was very easy to find the issues. For example, we could turn off baby monitors remotely. Starlink’s system, on the other hand, is very well done.
Has Starlink already plugged the leak?
Not yet. It can only fix the problem by making a new version of the chip. So it will take time.
“Am I an Elon Musk fan? To some extent. I find a lot of his products very impressive. But he has some blind spots.”
Starlink congratulated you and offered you a reward of 12,000 dollars. What are you going to do with this money?
Such a reward is normal. SpaceX even has a program of “bug bounties”. We reported two issues, for which we received $8,000 and $4,000. If the research took place during working hours, the money is for the university. We haven’t talked about that yet.
Two years ago, you had already hacked the key of a Tesla, allowing to open the car. Are you targeting Elon Musk?
Nope! I even find it annoying that his name is always mentioned. It doesn’t have much to do with it. If I’m an Elon Musk fan? In a certain way. I find many of his products very impressive. But it has some blind spots.