top | item 32439430

(no title)

Eriks | 3 years ago

Relevant presentation on DEFCON Media server:

https://media.defcon.org/DEF%20CON%2030/DEF%20CON%2030%20pre...

discuss

Other relevant links from the presentation are https://exploitee.rs/index.php/Exploitee.rs_Low_Voltage_e-MM... (recommended firmware extraction hardware) https://www.esat.kuleuven.be/cosic/blog/dumping-and-extracti... (firmware extraction writeup) https://rtfm.newae.com/ (glitching and side channel analysis hardware) and https://github.com/newaetech/chipwhisperer (associated open source toolchain)

upupandup|3 years ago

[deleted]

debatem1|3 years ago

In the same way that me turning off secure boot on my desktop means free Netflix for everyone and we should shut down Comcast until there's a fix.

This is a cool attack, but (so far) no more than that. I'd expect that the SpaceX security team is over there putting in some glitch resistant compares at the moment, assuming they haven't already.

deepdriver|3 years ago

> meaning everyone of those floating satellites needs to be brought back down and modified

Don’t they have a fairly short operational lifetime, thanks to increased drag from being in LEO? IIRC it’s around 5 years. I believe that’s part of the reason for the high launch cadence. Worst case they just limp along with what they’ve got until they’re all replaced with new satellites.

rockemsockem|3 years ago

Uh, why though?

This demonstrates that a determined attacker can get access to the software running on their own personal terminal. That's like a determined attacker being able to get access to their own personal router. It sounds like strictly a good thing and with how many satellite internet companies are coming online we will hopefully see some common hardware devices that users have full access to along with some custom firmware that folks can run on them.

This has almost nothing to do with the security of the satellite constellation itself.

pelorat|3 years ago

What are you on about. This has nothing to do with the satellites, not can this hardware mod ever be used to affects the hardware in orbit.

ajross|3 years ago

Do you write a comment like that every time someone roots a cable modem too? That seems a little over the top.

This is an exploit of the base station device. It seems that it might be used to grant access for which the owner hadn't paid, but that's also something that can be trivially patched around at the routing level ("sure, it's a valid base station, but if it's not on the list of paying customers it doesn't get packets"). It doesn't seem like there's a broader exploit against the network at all, beyond allowing the thing to attempt a DoS attack (something that is also always possible with jamming hardware, but very difficult in practice given the number of satellits).

jchw|3 years ago

Realistically, I think it's funded in large parts by U.S. government grants to provide affordable internet to rural areas.

https://www.cnbc.com/2020/12/07/spacex-starlink-wins-nearly-...

Of course though, I'm not sure what the status on that is today. Looks like they may not be able to ride that train anymore:

https://www.reuters.com/world/us/us-rejects-broadband-subsid...

Nextgrid|3 years ago

> On the bright side, this means free internet outdoors in many remote parts of the world will be possible and funded by loyal Elon Musk fans ;)

I don’t believe they are that stupid as to delegate access control to the client.