Skip to main content

The long, solder-heavy way to get root access to a Starlink terminal

posted onNovember 14, 2022
by l33tdawg
Arstechnica
Credit: Arstechnica

Getting root access inside one of Starlink's dishes requires a few things that are hard to come by: a deep understanding of board circuitry, eMMC dumping hardware and skills, bootloader software understanding, and a custom PCB board. But researchers have proven it can be done.

In their talk "Glitched on Earth by Humans: A Black-Box Security Evaluation of the SpaceX Starlink User Terminal," researchers at KU Leuven in Belgium detailed at Black Hat 2022 earlier this year how they were able to execute arbitrary code on a Starlink User Terminal (i.e., a dish board) using a custom-built modchip through a voltage fault injection. The talk took place in August, but the researchers' slides and repository have recently made the rounds.

There's no immediate threat, and the vulnerability is both disclosed and limited. While bypassing signature verification allowed the researchers to "further explore the Starlink User Terminal and networking side of the system," slides from the Black Hat talk note that Starlink is "a well-designed product (from a security standpoint)." Getting a root shell was challenging, and doing so didn't open up obvious lateral movement or escalation. But updating firmware and repurposing Starlink dishes for other purposes? Perhaps.

Source

Tags

Industry News

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th