The hacking of Starlink terminals has begun

399 点作者 jerryjerryjerry将近 3 年前

30 条评论

Eriks将近 3 年前

Relevant presentation on DEFCON Media server:<a href="https://media.defcon.org/DEF%20CON%2030/DEF%20CON%2030%20presentations/Lennert%20Wouters%20-%20Glitched%20on%20Earth%20by%20humans%20A%20Black-Box%20Security%20Evaluation%20of%20the%20SpaceX%20Starlink%20User%20Terminal.pdf" rel="nofollow">https://media.defcon.org/DEF%20CON%2030/DEF%20CON%2030%20pre...</a><a href="https://media.defcon.org/DEF%20CON%2030/DEF%20CON%2030%20presentations/Lennert%20Wouters%20-%20Glitched%20on%20Earth%20by%20humans%20A%20Black-Box%20Security%20Evaluation%20of%20the%20SpaceX%20Starlink%20User%20Terminal.mkv" rel="nofollow">https://media.defcon.org/DEF%20CON%2030/DEF%20CON%2030%20pre...</a>

评论 #32444404 未加载

评论 #32441359 未加载

gtvwill将近 3 年前

Eh low threat hack. Requires physical access to dish and installs piece of easily identifiable hardware. Tbh give unfettered access to most hardware and you can hack it.

评论 #32444798 未加载

评论 #32444777 未加载

评论 #32446388 未加载

roastedpeacock将近 3 年前

This WIRED article[1] references a release of tools and information about the research on GitHub[2] however it 404s. Hope that is not being censored.[1] <a href="https://www.wired.com/story/starlink-internet-dish-hack/" rel="nofollow">https://www.wired.com/story/starlink-internet-dish-hack/</a>[2] <a href="https://github.com/KULeuven-COSIC/Starlink-FI" rel="nofollow">https://github.com/KULeuven-COSIC/Starlink-FI</a>

评论 #32444288 未加载

评论 #32440971 未加载

评论 #32442946 未加载

评论 #32449148 未加载

评论 #32441687 未加载

评论 #32441468 未加载

colinsane将近 3 年前

don’t miss the link to the original article, especially if you prefer understanding the technical details: <a href="https://www.esat.kuleuven.be/cosic/blog/dumping-and-extracting-the-spacex-starlink-user-terminal-firmware/" rel="nofollow">https://www.esat.kuleuven.be/cosic/blog/dumping-and-extracti...</a>

vajenetehais将近 3 年前

This is quite impressive and congratulation are well deserved. Now the fun part can start. This work opens a door to the user segment, i can't wait to see what's behind and hope for starlink that their C2 and user segments are well isolated. Let the fuzzing begin.

tg180将近 3 年前

The article compares the Russian jamming of Viasat with the compromise of a Starlink UT. No, no, no... This is really wrong!> As is typically the case with any technology, the increase in use and deployment of Starlink and other satellite constellations also means that threat actors have a greater interest in finding their security holes to attack them.> Indeed, Russia saw an advantage in taking out a satellite providing internet communications across Europe by attacking its technology on the ground as Russian troops entered Ukraine on Feb. 24.Viasat orbits at 22,000 miles, Starlink is in LEO. Precisely for this reason Starlink is naturally more resistant to jamming, and is used in Ukraine because of this.Locally compromising a UT is a hack of an endpoint connection device, which has nothing to do with ELINT and electronic warfare activities (which is an entirely different kind of attacks for satellite networks).

评论 #32441224 未加载

评论 #32440742 未加载

评论 #32441848 未加载

评论 #32506703 未加载

评论 #32441108 未加载

ThrowawayTestr将近 3 年前

Is there any mitigation against these kinds of power/timing attacks? I think the Switch was originally hacked this way.

评论 #32440346 未加载

评论 #32465738 未加载

评论 #32440123 未加载

评论 #32447505 未加载

评论 #32440064 未加载

评论 #32466195 未加载

评论 #32447210 未加载

roy9240356将近 3 年前

I read the article as well as the DEFCON presentation. I still don't know how they used voltage fault injection to bypass the secure boot. Anyone care to explain?

评论 #32445937 未加载

greggman3将近 3 年前

I wonder when the first hacker will hack a satelite, fire it's retro-rockets to make it crash and cause the Kessler Syndrome, intentionally or not<a href="https://en.wikipedia.org/wiki/Kessler_syndrome" rel="nofollow">https://en.wikipedia.org/wiki/Kessler_syndrome</a>Of course that could also happen with random bugs and no hacking I guess?

评论 #32444855 未加载

评论 #32446366 未加载

评论 #32444093 未加载

game-of-throws将近 3 年前

This attack sounds very similar to how the Super Game Boy boot ROM was dumped. <a href="https://gbdev.gg8.se/wiki/articles/Gameboy_Bootstrap_ROM" rel="nofollow">https://gbdev.gg8.se/wiki/articles/Gameboy_Bootstrap_ROM</a>Some things never change.

jcims将近 3 年前

I'm sure it will never happen but it would be awesome if they would release an 'open' terminal under the same auspices of commercial SDR transceivers. I'm curious if these could be used for very localized doppler radar.

评论 #32441592 未加载

2OEH8eoCRo0将近 3 年前

How narrow of a beam is attainable with this? What shape is the beam? How good is that clock chip? I wish I knew more about this stuff at the theory level. A cheap and hackable phased array sounds very cool to experiment with.

rkagerer将近 3 年前

I'd love to see what can be done with this access. Mobile Starlink?

评论 #32442298 未加载

bluedino将近 3 年前

Remember 20+ years ago when people did this with cable modems?

评论 #32444354 未加载

评论 #32443256 未加载

keepquestioning将近 3 年前

Planet Labs really missed the boat here. Could've easily beat SpaceX

评论 #32443201 未加载

评论 #32506730 未加载

29athrowaway将近 3 年前

Certainly it did not cost $25 to develop the modchip. If you put in the labor and software related cost it's not $25.

评论 #32444560 未加载

评论 #32441391 未加载

评论 #32442331 未加载

politelemon将近 3 年前

I would like to point out the mildly appropriate and endearing name in this context, 'Wouters' (routers)

评论 #32442179 未加载

addisonl将近 3 年前

Anyone have a link to read without hitting the paywall?

评论 #32442678 未加载

elteto将近 3 年前

Great response by SpaceX:<a href="https://api.starlink.com/public-files/StarlinkWelcomesSecurityResearchersBringOnTheBugs.pdf" rel="nofollow">https://api.starlink.com/public-files/StarlinkWelcomesSecuri...</a>“Bring on the bugs”.This is how you properly engage the security community. In times where journalists are taken to court for looking at a webpage’s HTML source it’s really great seeing a company that “gets it”. Kudos.

评论 #32446137 未加载

评论 #32441093 未加载

bee_rider将近 3 年前

Hacking in the older "using a device in an unexpected/unsupported way," not "black-hat hacking" I guess. Typical over-dramatic Wired. Hats off to this guy, hardware hacks always impress.

评论 #32442542 未加载

评论 #32442263 未加载

评论 #32442238 未加载

评论 #32442248 未加载

评论 #32443003 未加载

评论 #32443141 未加载

drewg123将近 3 年前

The response from Starlink[0] was pretty amazing. I love this quote: "we want to congratulate Lennert Wouters on his security research into the Starlink user terminal – his findings are likely why you're reading this, and help us create the best product possible."A lot better than companies that would try to prosecute him..[0]: <a href="https://api.starlink.com/public-files/StarlinkWelcomesSecurityResearchersBringOnTheBugs.pdf" rel="nofollow">https://api.starlink.com/public-files/StarlinkWelcomesSecuri...</a>

评论 #32440377 未加载

评论 #32440689 未加载

评论 #32440599 未加载

评论 #32441083 未加载

GormHouj将近 3 年前

I see a lot of articles that quote the cost for hacking a product or service. I feel like these type of titles undermine the effort that took place. Surely the lab Wouters used had tools and processes that aren't cheap, nor would you consider his expertise inexpensive.I'm not impressed by a PCB board being cheap. Does anyone else feel this way about similar headlines?

评论 #32440017 未加载

评论 #32440023 未加载

评论 #32441556 未加载

评论 #32440133 未加载

评论 #32440155 未加载

评论 #32440010 未加载

评论 #32440098 未加载

WD-42将近 3 年前

I never understand why the dollar amount is always included in these headlines.Like affording the $25 worth of hardware is really the most difficult obstacle to overcome here.

评论 #32441448 未加载

评论 #32441495 未加载

评论 #32441853 未加载

评论 #32441421 未加载

评论 #32441531 未加载

josephcsible将近 3 年前

It shouldn't count as a vulnerability that you can get root of a device that you have physical possession of. If there's any real vulnerability here, it's that having root of your terminal gives you any extra privileges to the rest of the network.

评论 #32440524 未加载

评论 #32440518 未加载

评论 #32440628 未加载

评论 #32442772 未加载

评论 #32441356 未加载

评论 #32442234 未加载

评论 #32442201 未加载

评论 #32441664 未加载

评论 #32443181 未加载

AYBABTME将近 3 年前

This reads to me like the (more complicated but ultimately) equivalent of "a user reverse engineers the website's javascript!". As in, this allows the user to mod their client but it doesn't change anything for anyone else, and wasn't meant as a real secure element. I'd assume that getting root access to the user terminal gives them no additional privileges to access the actual Starlink data & control planes.

评论 #32440243 未加载

评论 #32440749 未加载

评论 #32441533 未加载

Uptrenda将近 3 年前

This is like saying if someone can get close to your house with a hammer they can mount a hammer attack on your windows and bypass your homes security. lmao, what a load of bullshit.

评论 #32443187 未加载

notpushkin将近 3 年前

Previously, previously, previously, previously: <a href="https://hn.algolia.com/?query=The%20hacking%20of%20Starlink%20terminals%20has%20begun&type=story&dateRange=all&sort=byDate&storyText=false&prefix&page=0" rel="nofollow">https://hn.algolia.com/?query=The%20hacking%20of%20Starlink%...</a>

评论 #32441401 未加载

评论 #32434826 未加载

评论 #32434847 未加载

评论 #32441543 未加载

shadowtamperer将近 3 年前

Any1savr the repo b4 it got taken down and have a copy ro share? orionkanat@pm.me

bitcoinmoney将近 3 年前

Can you triangulate satellite locations with this attack? If yes one could shoot down starlink satellites one by one.

评论 #32445127 未加载

ck2将近 3 年前

Pretty sure Russia has physical satellite killer missiles just like US does?Would a nuke in space even work to take out a group of them, maybe even via an EMP surge or are they hardened?Sometimes I wonder if the world would be more peaceful if cellphone networks couldn't work anymore but there would be so much other chaos so guess not.

评论 #32442161 未加载

评论 #32441715 未加载