#Starlink Got Hacked And SpaceX's Response Was Incredible

-


 Who would have thought that all it would take to hack Starlink, SpaceX's worldwide internet service, would be a $25 modchip? Lennert Wouters, a security researcher from Belgium, was able to hack into Starlink's network as well as its communication links and explore the entire system freely. While that sounds pretty scary, he didn't do it maliciously. Before he ever talked about the hack in public, he made sure to report it to Starlink in full, and SpaceX's response to the hack was nothing short of incredible.

Most of us associate hackers with all kinds of evil endeavors, and rightfully so. After all, we've all heard the tale (or have been there ourselves) of a friend or a family member getting hacked in one way or another. Moreover, organizations suffer from cybersecurity hacks and attacks very frequently. As an example, not too long ago, Samsung was hit by a cyberattack in which some sensitive internal data was stolen. Seeing as these attacks happen with an increasing frequency (as can be seen in this report from Kaspersky), security researchers like Wouters have their hands full, and companies can benefit from these hacks.

In order to break into Starlink, Wouters stripped down a Starlink satellite dish he owned himself. He then modded it with a custom circuit board, made up out of a Raspberry Pi microcontroller, electronic switches, flash storage, and a voltage regulator. He soldered the contraption onto the existing Starlink power circuit board (PCB) and connected it. Once connected, the tool was able to temporarily short the system, which gave Wouters a way into the system. Wouters described the hack in full over on Black Hat, noting that he was able to explore the network freely once he gained access to it.

Wouters submitted all of his findings to SpaceX in a responsible way: through its dedicated bug bounty program. In fact, this got him inducted into the SpaceX bug hunting hall of fame, in which he now holds the second place. SpaceX presumably paid the hacker for finding the bug, as that's the whole point of the program, although the amount hasn't been disclosed. Many large organizations rely on third-party researchers to help them track down bugs and vulnerabilities that may slip through the cracks during testing. For instance, Apple recently paid a PhD student $100,000 for successfully hacking a Mac.

Once Wouters published his side of the story, SpaceX responded with a six-page paper (PDF), and it's hard not to admire the enthusiasm shown in that response. Right from the very headline, SpaceX is inviting people to do what Wouters just did by saying, "Starlink welcomes security researchers (bring on the bugs)." The giant goes on to describe Starlink and its impact on the world, especially visible now during the war in Ukraine, where Starlink has become one of the sources of connectivity for some of the Ukrainian citizens who remain in the country. 

SpaceX congratulated Wouters on this achievement, but also made sure to point out that this kind of hack is low-impact for the network and its users. "We aim to give each part of the system the minimal set of privileges required to get its job done," said SpaceX, affirming that one piece of compromised equipment should not affect the entire network. With that said, SpaceX also notes that it's hard to protect a device to which a hacker has constant unmonitored physical access — so the bug hunting continues.

Comments

Post a Comment

Popular posts from this blog

#$1.5M phishing scam

-
Image
  The US Department of Justice has convicted a Nigerian national of participating in a business email compromise (BEC) scam worth $1.5 million. The Feds say Ebuka Raphael Umeti, 35, perpetuated the scam with two alleged partners in crime, using a combination of social engineering and malicious software to pull off the million-dollar BEC scheme. A BEC fraud involves phishing emails and deception to get businesses and organizations to send money or valuable data to attackers, usually over email. According to the DoJ, Umeti got involved in BEC scams as early as February 2016, when one of his alleged co-conspirators, fellow Nigerian national Franklin Ifeanyichukwu Okwonna, is said to have sent Umeti a phishing email template. The collaborators started to see success in 2018, siphoning $571,000 from a New York wholesaler and $400,000 from a Texan metal supplier. In the following years, the scammers started domain spoofing, signed up for VoIP numbers, and communicated over the gaming-focused
Read more

#Microsoft's AI boss thinks it’s perfectly OK to steal content if it's on the open web

-
Image
  Microsoft AI boss Mustafa Suleyman incorrectly believes that the moment you publish anything on the open web, it becomes “freeware” that anyone can freely copy and use. When CNBC’s Andrew Ross Sorkin asked him whether “AI companies have effectively stolen the world’s IP,” he said: I think that with respect to content that’s already on the open web, the social contract of that content since the ‘90s has been that it is fair use. Anyone can copy it, recreate with it, reproduce with it. That has been “freeware,” if you like, that’s been the understanding. Microsoft is currently the target of multiple lawsuits alleging that it — and OpenAI — are stealing copyrighted online stories to train generative AI models, so it may not surprise you to hear a Microsoft exec defend it as perfectly legal. I just didn’t expect him to be so very publicly and obviously wrong! I am not a lawyer, but even I can tell you that the
Read more

#This man used Fake Wi-Fi Scam on Domestic Flights

-
Image
  An Australian man has been charged with running a fake Wi-Fi access point during a domestic flight with an aim to steal user credentials and data. The unnamed 42-year-old "allegedly established fake free Wi-Fi access points, which mimicked legitimate networks, to capture personal data from unsuspecting victims who mistakenly connected to them," the Australian Federal Police (AFP) said in a press release last week. The agency said the suspect was charged in May 2024 after it launched an investigation a month earlier following a report from an airline about a suspicious Wi-Fi network identified by its employees during a domestic flight. A subsequent search of his baggage on April 19 led to the seizure of a portable wireless access device, a laptop, and a mobile phone. He was arrested on May 8 after a search warrant was executed at his home. The individual is said to have staged what's called an evil twin
Read more