Tweet
Lennert Wouters - Glitched on Earth by humans: A Black-Box Security Evaluation of the SpaceX Starlink User Terminal
Lennert Wouters, researcher at imec-COSIC, KU Leuven, He/Him
Presentation Title:
Glitched on Earth by humans: A Black-Box Security Evaluation of the SpaceX Starlink User Terminal
Length of presentation:
45 minutes
Demo, Exploit
This presentation covers the first black-box hardware security evaluation of the SpaceX Starlink User Terminal (UT). The UT uses a custom quad-core Cortex-A53 System-on-Chip that implements verified boot based on the ARM trusted firmware (TF-A) project. The early stage TF-A bootloaders, and in particular the immutable ROM bootloader include custom fault injection countermeasures. Despite the black-box nature of our evaluation we were able to bypass signature verification during execution of the ROM bootloader using voltage fault injection.
Using a modified second stage bootloader we could extract the ROM bootloader and eFuse memory. Our analysis demonstrates that the fault model used during countermeasure development does not hold in practice. Our voltage fault injection attack was first performed in a laboratory setting and later implemented as a custom printed circuit board or 'modchip'. The presented attack results in an unfixable compromise of the Starlink UT and allows us to execute arbitrary code.
Obtaining root access on the Starlink UT is a prerequisite to freely explore the Starlink network and the underlying communication interfaces.
This presentation will cover an initial exploration of the Starlink network. Other researchers should be able to build on our work to further explore the Starlink ecosystem.
SPEAKER BIO
Lennert is a PhD researcher as the Computer Security and Industrial Cryptography (COSIC) research group, an imec research group at the KU Leuven University in Belgium. His research interests include hardware security of connected embedded devices, reverse engineering and physical attacks.
Twitter: @LennertWo
REFERENCES:
Starlink User Terminal teardowns
[1] Ken Keiter – Starlink Teardown: DISHY DESTROYED! – https://youtu.be/iOmdQnIlnRo
[2] MikeOnSpace – Starlink Dish TEARDOWN! (Part 1) – https://youtu.be/QudtSo5tpLk
[3] MikeOnSpace – Starlink Dish TEARDOWN! (Part 2) – https://youtu.be/38_KTq8j0Nw
[4] The Signal Path – Starlink Dish Phased Array Design, Architecture & RF In-depth Analysis – https://youtu.be/h6MfM8EFkGg
[5] Lennert Wouters – Dumping and extracting the SpaceX Starlink User Terminal firmware – https://www.esat.kuleuven.be/cosic/b...inal-firmware/
[6] Colin O’Flynn – Starlink Dishy (Rev2 HW) Teardown Part 1 – UART, Reset, Boot Glitches – https://youtu.be/omScudUro3s
[7] Dan Murray – Dishy V3 Teardown – https://danmurray.net/2022/03/19/dishy-v3-teardown/
[]
Lennert Wouters, researcher at imec-COSIC, KU Leuven, He/Him
Presentation Title:
Glitched on Earth by humans: A Black-Box Security Evaluation of the SpaceX Starlink User Terminal
Length of presentation:
45 minutes
Demo, Exploit
This presentation covers the first black-box hardware security evaluation of the SpaceX Starlink User Terminal (UT). The UT uses a custom quad-core Cortex-A53 System-on-Chip that implements verified boot based on the ARM trusted firmware (TF-A) project. The early stage TF-A bootloaders, and in particular the immutable ROM bootloader include custom fault injection countermeasures. Despite the black-box nature of our evaluation we were able to bypass signature verification during execution of the ROM bootloader using voltage fault injection.
Using a modified second stage bootloader we could extract the ROM bootloader and eFuse memory. Our analysis demonstrates that the fault model used during countermeasure development does not hold in practice. Our voltage fault injection attack was first performed in a laboratory setting and later implemented as a custom printed circuit board or 'modchip'. The presented attack results in an unfixable compromise of the Starlink UT and allows us to execute arbitrary code.
Obtaining root access on the Starlink UT is a prerequisite to freely explore the Starlink network and the underlying communication interfaces.
This presentation will cover an initial exploration of the Starlink network. Other researchers should be able to build on our work to further explore the Starlink ecosystem.
SPEAKER BIO
Lennert is a PhD researcher as the Computer Security and Industrial Cryptography (COSIC) research group, an imec research group at the KU Leuven University in Belgium. His research interests include hardware security of connected embedded devices, reverse engineering and physical attacks.
Twitter: @LennertWo
REFERENCES:
Starlink User Terminal teardowns
[1] Ken Keiter – Starlink Teardown: DISHY DESTROYED! – https://youtu.be/iOmdQnIlnRo
[2] MikeOnSpace – Starlink Dish TEARDOWN! (Part 1) – https://youtu.be/QudtSo5tpLk
[3] MikeOnSpace – Starlink Dish TEARDOWN! (Part 2) – https://youtu.be/38_KTq8j0Nw
[4] The Signal Path – Starlink Dish Phased Array Design, Architecture & RF In-depth Analysis – https://youtu.be/h6MfM8EFkGg
[5] Lennert Wouters – Dumping and extracting the SpaceX Starlink User Terminal firmware – https://www.esat.kuleuven.be/cosic/b...inal-firmware/
[6] Colin O’Flynn – Starlink Dishy (Rev2 HW) Teardown Part 1 – UART, Reset, Boot Glitches – https://youtu.be/omScudUro3s
[7] Dan Murray – Dishy V3 Teardown – https://danmurray.net/2022/03/19/dishy-v3-teardown/
[]
Comment