Skip to main content

Elon Musk’s Starlink satellites hacked by $25 homemade device

A $25 hacking tool that can seemingly breach Starlink’s internet terminals has been revealed by a security researcher.

As reported by Wired and Gizmodo, Lennert Wouters, who works at Belgian university KU Leuven, showcased how to infiltrate the satellite dishes at the Black Hat Security Conference.

A Starlink dish next to an RV.
SpaceX

For reference, Starlink was started by Elon Musk with the aim of providing internet connections around the world. By launching 3,000 satellites into orbit, the company has attracted over 500,000 subscribers.

Recommended Videos

However, Wouters has now found a way to hack into the dishes due to various hardware vulnerabilities. If left exposed, this would give threat actors free rein to access Starlink’s system and then run custom code on the network’s devices.

In order to find any exploits within the satellite dish’s software, Wouters purchased a dish and attached his hacking device onto it. The tool itself was formed via a custom circuit board (modchip), with the price of the overall parts required for the device costing just $25.

The homemade printed circuit board (PCB) is then capable of shorting the system, albeit temporarily, via a fault injection attack — this method, or glitch, was used to circumvent the security measures Starlink has in place.

After revealing the hack at his presentation, Wouters released the tool on GitHub, which gives a breakdown on how to perform the attack itself.

Starlink was made aware of the security defects last year by Wouters himself, and even paid the researcher for his efforts via its bug bounty scheme.

Even though parent company SpaceX patched the vulnerabilities at the time — prompting Wouters to modify the modchip — it seems the core issue cannot be resolved without a new model of the main chip being produced. As such, he stated that every user terminal associated with Starlink is currently exposed.

A public update was confirmed to be in the works by Starlink, but Wouters stressed that the nature of the company’s operations exposes them either way. “The widespread availability of Starlink User Terminals (UT) exposes them to hardware hackers and opens the door for an attacker to freely explore the network,” he said.

“Our attack results in an unfixable compromise of the Starlink [user terminal] and allows us to execute arbitrary code,” he continued. “The ability to obtain root access on the Starlink [user terminal] is a prerequisite to freely explore the Starlink network.”

Wouters also has experience in hacking another product from an Elon Musk company — he’s created hardware that can unlock a Tesla electric vehicle within just 90 seconds.

Zak Islam
Former Digital Trends Contributor
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
Elon Musk’s new AI company aims to ‘understand the universe’
A digital image of Elon Musk in front of a stylized background with the Twitter logo repeating.

Elon Musk has just formed a new company that will seek to “understand the true nature of the universe.” No biggie, then.

Announced on Wednesday, the company, xAI, already has among its ranks artificial intelligence (AI) experts formerly of firms such as DeepMind, OpenAI, Google Research, Microsoft Research, and Tesla.

Read more
Elon Musk’s Neuralink gets FDA nod to test brain implant in humans
Elon Musk stands in front of the Neuralink logo.

Seven years after its launch, Elon Musk’s Neuralink company has finally secured approval from the U.S. Food and Drug Administration (FDA) to implant a computer inside a human brain.

“We are excited to share that we have received the FDA’s approval to launch our first-in-human clinical study,” Neuralink tweeted on Thursday. “This is the result of incredible work by the Neuralink team in close collaboration with the FDA and represents an important first step that will one day allow our technology to help many people.”

Read more
Hackers are using a devious new trick to infect your devices
A person using a laptop with a set of code seen on the display.

Hackers have long used lookalike domain names to trick people into visiting malicious websites, but now the threat posed by this tactic could be about to ramp up significantly. That’s because two new domain name extensions have been approved which could lead to an epidemic of phishing attempts.

The two new top-level domains (TLDs) that are causing such consternation are the .zip and .mov extensions. They’ve just been introduced by Google alongside the .dad, .esq, .prof, .phd, .nexus, .foo names.

Read more