YoVDO

A Black-Box Security Evaluation of the SpaceX Starlink User Terminal

Offered By: BruCON Security Conference via YouTube

Tags

BruCON Courses Firmware Analysis Courses Hardware Vulnerabilities Courses

Course Description

Overview

Explore a comprehensive security evaluation of the SpaceX Starlink User Terminal in this BruCON conference talk. Delve into the black-box hardware analysis, uncovering vulnerabilities in the custom quad-core Cortex-A53 System-on-Chip. Learn about the successful bypass of firmware signature verification using voltage fault injection, leading to an unfixable compromise of the terminal. Discover the process of extracting the ROM bootloader and eFuse memory, and understand how the fault model used in countermeasure development falls short in practice. Follow the journey from laboratory experiments to the creation of a custom 'modchip' for executing arbitrary code. Gain insights into the initial exploration of the Starlink network and communication links. The presentation covers various aspects, including hardware revisions, PCB overview, RF components, eMMC extraction, fault injection techniques, and network exploration. Understand the implications of these findings for satellite communication security and the potential for further research in the Starlink ecosystem.

Syllabus

Starlink 101
Hardware revisions
UART - Login Prompt
PCB overview
RF Components
Identifying eMMC test points
Reading eMMC in-circuit
Extracting the eMMC dump
Unpacking the FIT
Temperature and RF channels
Webpages
Development geofences
Obtaining root
Fault injection
Crowbar VFI: Challenges
Example output
STM/SpaceX ARM TFA-A
Tricks of the trade
BL1 Glitch setup
ROM Bootloader (BL1)
BL1 glitch detection example
Enabling decoupling capacitors
Creating a mobile setup
PCB design
Installed modchip
SpaceX strikes back
Adapt
Network exploration
What's next?
Conclusion


Taught by

BruCON Security Conference

Related Courses

Being a Cyberdefender - Behind the Curtains
BruCON Security Conference via YouTube
Bypassing Microsoft Defender for Identity
BruCON Security Conference via YouTube
Android Malware Targeting Belgian Financial Apps
BruCON Security Conference via YouTube
Chasing the White Whale of Malware
BruCON Security Conference via YouTube
ECOS Offensive Security Research Logbook
BruCON Security Conference via YouTube