Who would have guessed that a $25 modchip would be all it took to hack Starlink, SpaceX’s global internet service? Lennert Wouters, a Belgian security researcher, was able to hack into Starlink’s network as well as its communication links and freely explore the entire system. While that sounds terrifying, he did not do it maliciously. Before he ever spoke publicly about the hack, he made sure to fully report it to Starlink, and SpaceX’s response to the hack was nothing short of incredible.
Most of us, and rightfully so, associate hackers with all manner of evil activities. After all, we’ve all heard (or experienced) the horror of a friend or family member being hacked in some way. Furthermore, organizations are frequently subjected to cybersecurity hacks and attacks. For instance, not long ago, Samsung was the victim of a cyberattack in which sensitive internal data was stolen. Given the increasing frequency of these attacks (as evidenced by this Kaspersky report), security researchers like Wouters have their hands full, and companies can benefit from these hacks.
Wouters used a Starlink satellite dish that he owned to gain access to Starlink. He then modified it by constructing a custom circuit board out of a Raspberry Pi microcontroller, electronic switches, flash storage, and a voltage regulator. He connected the contraption to the existing Starlink power circuit board (PCB). Once connected, the tool was able to temporarily short the system, allowing Wouters access. Wouters detailed the hack in detail on Black Hat, noting that once he gained access to the network, he was able to freely explore it.
Bring on the bugs
Wouters responsibly reported all of his findings to SpaceX via its dedicated bug bounty program. In fact, he was inducted into the SpaceX bug hunting hall of fame, where he now ranks second. SpaceX presumably compensated the hacker for discovering the bug, as that is the entire purpose of the program, though the amount has not been disclosed. Many large organizations hire third-party researchers to help them find bugs and vulnerabilities that may have slipped through the cracks during testing. Apple, for example, recently paid a PhD student $100,000 for successfully hacking into a Mac.
After Wouters published his side of the story, SpaceX responded with a six-page paper (PDF), and it’s difficult not to admire their enthusiasm. “Starlink welcomes security researchers (bring on the bugs),” SpaceX says in the headline, inviting people to do what Wouters just did. The giant goes on to describe Starlink and its impact on the world, particularly during the conflict in Ukraine, where Starlink has become one of the few sources of connectivity for some of the country’s remaining Ukrainian citizens.
Read more; APPLE MACBOOK AIR M2 (2022) REVIEW
Wouters was congratulated by SpaceX, but the company made it clear that this type of hack has little impact on the network and its users. “We aim to give each part of the system the minimal set of privileges required to get its job done,” SpaceX said, emphasizing that a single compromised piece of equipment should not affect the entire network. However, SpaceX notes that it is difficult to protect a device to which a hacker has constant unmonitored physical access — so bug hunting continues.