Still, satellite security is far from merely theoretical. Satellite provider Viasat saw thousands of modems knocked offline by AcidRain malware, pushed by what most assess to be Russian state actors. And while the KU Leuven researchers note how unwieldy and tricky it would be to attach their custom modchip to a Starlink terminal in the wild, many Starlink terminals are placed in the most remote locations. That gives you a bit more time to disassemble a unit and make the more than 20 fine-point soldering connections detailed in slide images.
It’s not easy to summarize the numerous techniques and disciplines used in the researchers’ hardware hack, but here is an attempt. After some high-level board analysis, the researchers located test points for reading the board’s eMMC storage. Dumping the firmware for analysis, they found a place where introducing errant voltage into the core system on a chip (SoC) could modify an important variable during bootup: “development login enabled: yes.” It’s slow, it only works occasionally, and the voltage tampering can cause lots of other errors, but it worked.
The modchip used by the researchers is centered around a RaspberryPi RP2040 microcontroller. Unlike most Raspberry Pi hardware, you can still seemingly order and receive the core Pi chip, should you embark on such a journey. You can read more about the firmware dumping process in the researchers’ blog post.