Flemish researcher hacks into Starlink satellite system and gets reward from Elon Musk
Lennert Wouters, a cybersecurity expert from Flemish university KU Leuven, managed to hack a Starlink dish by adding a homemade circuit board to his antenna dish. In doing so, he gained an insight into the operation of Elon Musk's satellite system, which is intended to make the internet available all over the world.
The international company called the feat "technically impressive". In May 2019, the first sixty satellites of the Starlink system were launched and there are now some 3000 Starlink satellites orbiting earth at a height of 547 kilometres. They form a network developed by billionaire and Tesla CEO Elon Musk's SpaceX program which is supposed to bring the internet to far-flung areas.
In Belgium, you currently pay €99 monthly in subscription costs for access to Starlink, and a one-off €639 euros for the antenna dish that you can install at home. This is relatively expensive for a country where internet coverage is usually good.
Not the average subscriber
One of those dishes ended up at KU Leuven. More specifically, on the desk of computer scientist Lennert Wouters, an expert in cyber security. He managed to hack the system with a homemade device that cost him barely €25 euros.
Armed with a hot air gun, cleaning alcohol and "a lot of patience", he managed to open the dish. Then he connected a homemade circuit board with a number of computer chips. With that, he managed to control the boot system, allowing him to bypass the security protocol that the system automatically goes through when it is started up, and with which the antenna that users have at home connects to the Starlink system.
Wouters did this by inserting a controlled glitch (a short circuit, so to speak) into the start-up process. As a result, Wouters was able to study the Starlink system. According to his research, shutting down a satellite, or even influencing the entire Starlink system, is not possible.
Nevertheless, Wouters thinks it is important that this kind of research is done to prevent hackers with worse intentions from breaking into the system and succeeding in shutting it down.
Together with his team, Wouters conducts research at KU Leuven into the security of cyber hardware. To do this, they carry out attacks on existing technology.
"We also have projects where we are just trying to prevent such an attack,” he explains. “I myself work on the offensive side, but other researchers within our team are trying to make implementations that can withstand such an attack."
Wouters made his way of working public on the internet platform GitHub, so that other researchers and hackers can also get started with their own Starlink dish. He also talked about his research at the recent Black Hat cybersecurity conference in Las Vegas.
"Best of intentions"
But isn't it illegal to hack into such a satellite system?
"I'm not a lawyer," Wouters says, "but normally there's nothing illegal about it. It's all research done with the best of intentions. SpaceX has a bug detection program through which it asks people to report security problems."
Starlink itself reacted positively to Wouters' ingenuity. It also paid him 12,000 euros for uncovering and reporting the problem.
"We would like to congratulate Lennert Wouters for his security investigation into the Starlink user terminal," Starlink said in a statement. "We think it's a technically impressive attack, and we know the first of its kind on our system."
Starlink assures its antenna owners that hackers cannot gain access to other antennas or to the satellite network. It also says it has carried out software updates that should close the gap in security – although according to Wouters that is not possible without adjustments to the hardware, the dishes themselves.
© BELGA PHOTO (Mariana SUAREZ / AFP) This long-exposure image shows a trail of a group of SpaceX's Starlink satellites passing over Uruguay on February 7, 2021.