Theo Wargo/Getty Images
Who would have thought that all it takes to hack SpaceX’s global internet service Starlink is a $25 modded chip? Lennert Wouters, a security researcher from Belgium, was able to hack into Starlink’s network and its communication links, and freely explore the entire system. As scary as it may sound, he has no ill will. Before he spoke publicly about the hack, which he made sure to report to Starlink in its entirety, SpaceX’s response to the hack was unbelievable.
Most of us associate hacking with various nefarious activities, and rightfully so. After all, we’ve all heard (or experienced ourselves) stories of friends or family being hacked in one way or another. Additionally, organizations are often subject to cybersecurity hacks and attacks. For example, not long ago, Samsung suffered a cyber attack in which some sensitive internal data was stolen. Given the increasing frequency of these attacks (as seen in this Kaspersky report), with security researchers like Wouters busy, companies can benefit from these hacks.
In order to break into Starlink, Waters dismantled the Starlink satellite antenna he owned. He then modified it with a custom circuit board consisting of a Raspberry Pi microcontroller, electronic switches, flash memory and voltage regulators. He soldered the unit to an existing Starlink power circuit board (PCB) and wired it up. Once connected, the tool is able to temporarily short-circuit the system, giving Wouters a way into the system. Wouters described the hack in full on Black Hat, noting that once he gained access, he was able to freely explore the network. Wouters submitted all of his findings to SpaceX in a responsible manner: through its dedicated bug bounty program. In fact, it made him into the SpaceX Bug Catcher Hall of Fame, where he is now No. 2. SpaceX may pay the hackers to find the bug, as that is the whole point of the program, although the amount has not been disclosed. Many large organizations rely on third-party researchers to help them track down bugs and vulnerabilities that may have missed during testing. For example, Apple recently paid a PhD student $100,000 to successfully hack a Mac. In this story, SpaceX responded with a six-page paper (PDF), and it’s hard not to admire the enthusiasm in the response. Right from the headlines, SpaceX invited people to do what Wouters just did, saying, “Starlink welcomes security researchers (bringing vulnerabilities).” The giant went on to describe Starlink and its impact on the world, especially now in As seen during the Ukrainian war, Starlink has become one of the sources of connectivity for some Ukrainian citizens who remain in the country. Globe Pictures Ukraine/Getty Images
SpaceX congratulates Wouters on this achievement, but be sure to point out that this hack is very Low – Impact on the network and its users. “Our goal is to provide every part of the system with the minimum privileges needed to get the job done,” SpaceX said, confirming that a single piece of damaged equipment should not affect the entire network. That being said, SpaceX also points out that it’s difficult to protect devices that hackers have been physically accessing unmonitored — so the bug hunt continues.
This is a good reminder that while hacking seems to be more common these days, not every vulnerability is created equal – or equally dangerous. While it’s complicated, you can think of hackers as generally falling into one of two categories, physical or remote. For physical hackers, someone who wants to exploit a vulnerability needs to have physical contact with the device in order to manipulate it.
This is the category the Starlink disc hack falls into: Wouters need to physically open the disc, access electronic devices , and wire in his components to subvert the system. He needs to be in the same location as the Starlink antenna and have an uninterrupted opportunity to process what’s inside. While it’s serious — and SpaceX is clearly taking it seriously — it’s not
