Space X’s Starlink Dish Hacked

Contents

Summary Of The Research

  • Starlink is a satellite Internet company owned and overseen by SpaceX. It currently provides access to 39 countries and plans to cover the entire globe, particularly rural areas, with around 42,000 satellites in a few years.
  • The equipment is perfectly made so there are not many parts, but just what you need to take it out of the box, plug it in and get online.
  • At this year’s BlackHat USA, held Aug. 6-11 in Las Vegas, a Belgian security researcher stunned the crowd by hacking Starlink Dish with a $25 device, gaining major notoriety worldwide.
  • The researcher in question disassembled his terminal, or as SpaceX calls it, “Dishy McFlatface,” and managed to perform a “Voltage Fault Injection Attack,” also known as “glitching,” to load modified firmware, after which he gained full access to the antenna.
  • After Lennert W. reported this problem and received money from Starlink for it, Starlink could not fix this problem with a software update but would have had to release new hardware.
.

What is Starlink?

Starlink is a satellite internet provider owned and overseen by SpaceX.

It currently provides access to 39 countries and plans to cover the entire globe with around 42,000 satellites in a few years.

This amazing project was launched in 2019, with the first satellites launched over the surface of the Earth to cover some of the remote parts of the country where there is little electricity and water, and now they have already started to cover them massively.

Starlink coverage map

On the map above you can see the current area covered and the one where it is planned, and on the page where you can check if you can order the equipment.

The equipment is pretty much plug and play.

A satellite dish, as well as a pre-configured router from Starlink and a high-quality cable that connects the router and the antenna, is also included.

From there you’ll be able to expand your network, configure the subnet and your devices, as well as set up additional protections, whether you are a business or for your home.

Anatomy Of The Attack

  • The attacker sent out a mass phishing email impersonating CircleCI, a major CI/CD software utilized by Dropbox internally.
  • The phishing email sent the victim to a bogus CircleCI login page, where they submitted their GitHub credentials. CircleCi enabled users to log in using their GitHub credentials.
  • Users were also asked to provide a One-Time Password (OTP) generated by their hardware authentication key,
  • The attacker would get access to the victim’s GitHub account using the OTP and credentials given by the user
  • The attacker copied 130 internal repositories, which contained both public and confidential code.
  • The attacker’s future moves are unclear at this time, however, in prior assaults, the attacker looked for sensitive information such as secrets in order to migrate laterally into more sensitive systems.

Free Security Policy Templates

Get a step ahead of your cybersecurity goals with our comprehensive templates.

IT Security Policy Templates