A security researcher demonstrated at a Black Hat conference in Las Vegas last week that a homemade chip could take complete control of a Starlink satellite dish. Lennert Wouters, a researcher at the University of KU Leuven in Belgium, explained his methodology during a talk at the conference.
Wouters said it will publish code and details of the components used via GitHub so other people can create their own custom chips that can unlock broadband satellite equipment when plugged into SpaceX hardware.
Wouters says he spent about a year developing his own chip. First, the SoC bypassed the black box system’s security by exploiting the voltage fault vulnerability during the execution of the ROM bootloader, allowing it to bypass the firmware signature verification and run its own custom code in the terminal. All of this was done in a lab setting, so there is no information on whether it can actually be done in real life.
After successfully performing his attack in the university lab, Wouters reported to the SpaceX product security team that he gained root-level access to the terminal.
After gaining access in this way, a malicious programmer can do whatever he wants. He can change the settings, install his own special software and cut off the access between the satellite and the dish if he wants.