[HN Gopher] The hacking of Starlink terminals has begun
___________________________________________________________________
The hacking of Starlink terminals has begun
Author : jerryjerryjerry
Score : 272 points
Date : 2022-08-12 04:05 UTC (18 hours ago)
(HTM) web link (www.wired.com)
(TXT) w3m dump (www.wired.com)
| josephcsible wrote:
| It shouldn't count as a vulnerability that you can get root of a
| device that you have physical possession of. If there's any real
| vulnerability here, it's that having root of your terminal gives
| you any extra privileges to the rest of the network.
| xaduha wrote:
| Microsoft and Sony appear to have solved it for their gaming
| consoles. Satellite TV providers definitely solved it by now
| after learning from their mistakes.
|
| All in all there are plenty of devices in the world that are
| protected against physical access, so if Starlink tried doing
| that and failed, then that's definitely through an exploited
| vulnerability.
| armchairhacker wrote:
| > Microsoft and Sony appear to have solved it for their
| gaming consoles
|
| Have they? I know Apple an Nintendo have been trying for
| years and we have jailbreak and Homebrew, I believe there is
| even jailbreak for nintendo switch.
|
| If there isn't yet an exploit to gain root on Xbox and PS5,
| it's only a matter of time.
| extheat wrote:
| There is one for PS5, no hardware hack needed. I don't know
| about Xbox.
| belltaco wrote:
| >If there isn't yet an exploit to gain root on Xbox and
| PS5, it's only a matter of time
|
| Xbox One didn't have a root exploit for its entire lifetime
| and counting. It was released back in 2013. That's nine
| years. So one could say MS "solved it".
| Scoundreller wrote:
| > Satellite TV providers definitely solved it by now after
| learning from their mistakes.
|
| I don't know if they really "solved" it. I think the appetite
| for new hacks dwindled with broadband internet everywhere and
| streaming services.
|
| Cat doesn't care for the mouse so much when there's kibble
| everywhere.
| xaduha wrote:
| Using this table for reference and the fact that proper
| smartcards like banking cards and SIM cards are secure I'm
| pretty confident calling modern CA systems secure too. If
| some providers don't have one of those, then it's probably
| because it's not worth it for them to switch or upgrade.
|
| https://en.wikipedia.org/wiki/Conditional_access#Digital_sy
| s...
|
| EDIT: More than that, some recent ones even solved so
| called 'card sharing' which is basically using a legitimate
| card to transmit control words over network to many users.
|
| https://en.wikipedia.org/wiki/Card_sharing
| Scoundreller wrote:
| I'm not saying the modern CAMs have been compromised,
| just saying the profit incentive has dwindled. For a
| while, entirely non-OEM receivers were being used with
| key distribution over the internet. But at that point,
| just get a black market IPTV subscription. Compromising
| the cards has a fraction of the value it used to, and
| there's more 'locked down' targets in other devices to
| focus one's skills at.
| xaduha wrote:
| Handwave all you want, but the topic at hand is a
| possibility of securing devices against physical access
| attacks. And it's not only possible, it's pretty
| straightforward if you don't suffer from NIH syndrome.
|
| And as an example satellite TV providers did it (or
| acquired a license for it). If you're saying that
| incentives to hack them aren't there anymore, then that's
| just wrong because the foundation on which such security
| is based on affects many things.
|
| Declining popularity of SatTV as a whole in a particular
| country is neither here, nor there. If a hacker mentioned
| in the article could hack a CA system, he would've.
| [deleted]
| [deleted]
| forgotmypw17 wrote:
| I think it should count as a defect that you can't get root of
| a device that you have physical possession of.
| ec109685 wrote:
| Curious why an iPhone been susceptible to this type of hack
| before?
| bee_rider wrote:
| I think you mean:
|
| > Curious why an iPhone _hasn 't_ been susceptible to this
| type of hack before?
|
| The answer is probably, "it's complicated." These sort of
| hardware hacks are quite clever, and typically depend on
| using chips in unintended ways -- I mean most circuits will
| have some undefined behavior if you start shorting parts!
|
| There are lots of reasons an iPhone might not get a widely
| popularized exploit like this. Firstly it might be low-
| priority -- iPhones are general purpose computing devices, so
| there are usually software bugs for people who want to root
| their iPhones. Second, it might legitimately be more
| difficult. Apple has lots of experience in hardware, their
| circuits might be more robust. And iPhones are quite tightly
| integrated, it might be hard to sort out which parts you need
| to short when everything is on a handful of chips.
| croes wrote:
| So if you can get root on a PS5 or iPhone it's not a
| vulnerability?
| dymk wrote:
| The iPhone is built to be resistant to physical attacks, such
| as decapping chips or inserting compromised chips. It's an
| advertised, first class feature that simply having the iPhone
| shouldn't give you access to its contents or let you
| circumvent its security measures.
|
| This is different than a Starlink base station. Base stations
| aren't built to be hardened against a physical attacks, and
| are rather intended to be untrusted links to the satellites.
|
| So it's kind of in a grey area, but I would also not consider
| this a vulnerability of the Starlink base station itself, in
| the same way that rooting an iPhone with physical access
| would be a vulnerability.
| o_1 wrote:
| How many versions of the iPhone were required to become
| resistant to jailbreak. SpaceX should have a leg up on the
| sins of the past, but its an entirely different concept /
| product. The security improvements are on a curve of
| maturity, I imagine software and platform management will
| mitigate this until hardware updates are released. I will
| say Starlink customers shouldn't have to pay exorbant
| upgrade costs due to security vulnerabilities in past
| hardware. That is an ethical boundary SpaceX must not
| cross.
| unixbane wrote:
| Yeah this is a typical article where the author gets all
| excited and explains the technical details of the "hack",
| because it can be called a "hack". But it seems nothing was
| done here other than some reverse engineering and bypassing
| tamper proofing to gain access to his own OS.
| sllabres wrote:
| I think we have left this level a long time ago where one could
| answer: The system is in a physically secured location. As long
| as there is no physical access it should be safe.
|
| See mobiles like iPhones, gaming devices like XBox, Playstation
| etc. authenticators like chipcards or security token and HSM.
| All have to asume that the attacker has physical access to the
| device.
|
| Security Engineering Ch. 16 "Physical Tamper Resistance" is a
| good read for some special classes of devices. But I would
| recommend all topics from this book even unrelated to this
| thread. ;)
| bilekas wrote:
| I have to agree to be fair. Physical access is obviously
| incredibly different than exploiting a vulnerable even a
| particularly egregious design flaw. Wouters has to literally
| short the board.
|
| That said it is a clever approach and it's good it was
| discovered by someone without nefarious intentions.
| bdcravens wrote:
| If a system is designed to not allow that access, and you can
| compromise that design, it is most definitely a vulnerability.
| nine_k wrote:
| If a system is not resilient against rooting a terminal which
| is in user's physical possession, it's a design flaw. Or,
| rather, the more resilient the system as a whole is to
| compromises of individual terminals, the better the design
| is. Assuming such compromise never happens would be outright
| incompetent.
| mlyle wrote:
| You might very well want _both_
|
| E.g.
|
| You may want to protect end users against implants and
| other attacks from physical tampering with their terminals.
|
| You might not want hostile parties to have an easy time
| reverse engineering terminals so they can more easily
| search for remote vulnerabilities in the terminals.
|
| You may not want to hand hostile parties a phased array
| optimized to transmit to Starlink running arbitrary
| software of their choice, along with keys identifying the
| terminal, because even though you think the satellites and
| authentication mechanisms are robust, making it hard to get
| this information adds defense in depth.
| nine_k wrote:
| Certainly. Best defence is layered. It makes every layer
| an impediment for an attacker, but does not fail
| completely if a layer or two is breached. Among other
| things, it buys time to react.
| Denvercoder9 wrote:
| I'm convinced that it's impossible to prevent anyone that can
| physically tamper with a system from having full privileges
| on that system, as a result of physics. The only way to truly
| protect information is to make use of quantum effects, and
| we've only just started doing that in labs. Everything else
| is just making it harder.
|
| So, if you make things harder and someone comes along that
| invests more effort to overcome, can you really call that a
| vulnerability? It'd be a real vulnerability if with this
| access to a user terminal they could elevate permissions on
| the satellites, but that hasn't been shown (yet?).
| bri3d wrote:
| > So, if you make things harder and someone comes along
| that invests more effort to overcome, can you really call
| that a vulnerability?
|
| Yes? This is defense in depth. Anything that bypasses a
| defense is still a vulnerability, even if your backup
| defenses protect you.
|
| Defending physical hardware is indeed a theoretical
| impossibility as on paper, it will always be possible to
| make a perfect electrical clone of the original hardware
| and then modify it to suit. However, reality is different,
| and mitigations against physical access have become much
| more effective in recent years (iPhone anti-jailbreaking
| and the Xbox One come to mind as fairly successful).
|
| So, this is a vulnerability indeed, just not a high
| severity one. One layer of the defenses are bypassed, but
| the remaining defenses remain.
| [deleted]
| TickleSteve wrote:
| Absolutely, defence in depth is how real systems are
| designed, dont know why you're being downvoted.
|
| https://en.wikipedia.org/wiki/Defense_in_depth_(computing
| )
|
| For the same reason, security-by-obscurity is also a
| valid (though not sufficient) tactic for one of those
| layers (which also surprises people).
|
| Its about delay and demotivation to slow down your
| attackers.
| xaduha wrote:
| > Everything else is just making it harder.
|
| If it's hard enough that only state actors can potentially
| do it, then what does it matter in real life that it's
| theoretically vulnerable?
| akira2501 wrote:
| > can you really call that a vulnerability?
|
| Yes. Just because executing the attack doesn't seem to get
| you anything particularly valuable doesn't make it "not a
| vulnerability."
|
| We're not personally insulting it, we're just describing
| reality.
| czx4f4bd wrote:
| Yes. Vulnerabilities exist with respect to a system's
| expected functionality and must be understood and weighed
| against other requirements to determine the system's
| security model. Even if you think the expected
| functionality is stupid or impossible, that doesn't change
| the fact that the system has a particular expectation that
| it doesn't meet and a mechanism by which that expectation
| can be violated, i.e. a vulnerability.
|
| To put it another way, consider physical locks, which must
| inherently be able to resist direct physical tampering by
| an adversary. Under your definition, no flaw in a lock
| could be considered a vulnerability since any lock can
| eventually be cracked. The problem is that this doesn't
| provide us any useful insight, it just makes the word
| "vulnerability" useless. It's already well-known that any
| lock can eventually be cracked, but tradeoffs still have to
| be made in deciding which lock to use for a certain
| situation.
| AYBABTME wrote:
| This reads to me like the (more complicated but ultimately)
| equivalent of "a user reverse engineers the website's
| javascript!". As in, this allows the user to mod their client but
| it doesn't change anything for anyone else, and wasn't meant as a
| real secure element. I'd assume that getting root access to the
| user terminal gives them no additional privileges to access the
| actual Starlink data & control planes.
| thedougd wrote:
| If it gives you direct/raw access to the control plane, you
| then may be able to launch denial of service and other attacks
| that would negatively impact the network and other terminals. I
| don't know anything about the Starlink protocol, but a rough
| Ethernet analog might be an ARP attack/flood.
| extheat wrote:
| That's like saying you can hack 5G because you can root your
| phone.
| thedougd wrote:
| Not rooting your phone, but hacking the baseband. And since
| we're talking about disassembling devices and performing
| low voltage attacks to reveal secrets, I would draw the
| analog to baseband hacking.
|
| https://resources.infosecinstitute.com/topic/how-to-hack-
| mob...
|
| ...found a vulnerability (CVE-2022-20210) that can be
| abused to disrupt the device's radio communication via a
| malformed packet causing a DoS condition. This
| vulnerability allows attackers can neutralize
| communications in a specific location.
| jandrese wrote:
| It might allow them to do things like connect to the Starlink
| network outside of their geofence. Or hacking a stationary
| antenna to work on a moving vehicle.
| Clent wrote:
| Would this negatively affect the network? My understanding is
| that it would make your device less reliable. This is simply
| a warranty voiding event.
| gpm wrote:
| It would in the same sense as illegally attaching a wire to
| the power cables and drawing electricity out of them does.
| You're stealing a limited resource (in this case radio
| bandwidth in an region for which you haven't purchased it,
| in the analogy power), but you're not doing so any more
| than a legitimate user would be assuming it's done
| "properly".
|
| If too many people do this, things stop working, because
| you exhaust the limited resource.
| olalonde wrote:
| > connect to the Starlink network outside of their geofence
|
| I was wondering about that but can't they determine the
| location "server side" by triangulation? Or maybe they could
| in theory but they don't in practice?
| colechristensen wrote:
| Knowing the positions of all the clients and satellites is
| a basic requirement for operating the network.
| jandrese wrote:
| For the satellites this is true, but it's not necessary
| for the clients to be geolocated when the satellite is
| operating as a bent pipe. Starlink will know which
| clients are in which footprint and can locate anybody if
| they want to, but it's not fundamental to the
| functionality of the system.
| colechristensen wrote:
| Both the client and the satellite use beam forming. The
| signal is pointed at you in a relatively narrow beam not
| broadcast spherically. They have to know where you are to
| point at you (phased array antennas so electronic not
| physical pointing)
| Denvercoder9 wrote:
| I'm not too familar with the low-level details of the
| Starlink network, but in the slides of the talk it's
| shown that the dish contains a GPS receiver, so isn't it
| possible that the client tells the satellite its location
| on first contact?
| y04nn wrote:
| The GPS is probably used to get the current time and
| location to orient the dish to the best satellite using
| ephemeris. Also the accurate time is needed in
| telecommunications for Time Division Multiple Access
| (TDMA) and maybe they have an internal GPS disciplined
| oscillator to transmit at precise frequencies.
| colechristensen wrote:
| GPS is the cheap, easy, and more accurate method of
| finding and determining location. Time sync is also an
| important part of satellite communication.
|
| They could effectively reimplement GPS or an equivalent
| location tech with their network but why when a high
| quality positioning solution already exists.
|
| They will be continually syncing time and position data
| for the orbits of satellites and positions of clients.
| (static clients obviously don't need this often outside
| of timekeeping, but you can set up a mobile plan for RVs,
| boats, etc which obviously move a lot)
| toomuchtodo wrote:
| There is a paper out there where someone demonstrates
| that it would take 1.6% of constellation downlink
| capacity for StarLink to serve as its own GNSS. As you
| mention, the GPS network is very high quality, and would
| only make sense in areas where GPS was undeserving or
| active denial was expected (and StarLink had the
| capability to avoid jamming).
|
| Edit: I misrecalled. StarLink can provide 10x more
| precise positioning than GPS.
|
| https://www.telecomstechnews.com/news/2020/sep/28/starlin
| k-s...
|
| https://arxiv.org/abs/2009.12334
| [deleted]
| colechristensen wrote:
| You'd also have to do it, though.
|
| Build it, maintain it, rely on it.
|
| Alternatively you could just embed a cheap GNSS chip and
| let other people build and maintain it.
|
| > I misrecalled. StarLink can provide 10x more precise
| positioning than GPS.
|
| GPS can also provide much more precise positioning than
| it does for consumers. There are encrypted bands used for
| military, etc with significantly better specs.
| adgjlsfhk1 wrote:
| I don't think that's true anymore. iirc, the accurate
| bands were made public in the 80s
| colechristensen wrote:
| You might be thinking of Selective Availability (which
| limited accuracy on purpose) being turned off in 2000.
| jstanley wrote:
| If you trick the satellite into thinking you're somewhere
| you're not, then it won't point the beam at you and you
| won't get any service.
| olalonde wrote:
| How accurate does the location have to be in terms of
| radius? A few centimeters? A few meters?
| jstanley wrote:
| If you trick it into thinking you're a few metres away
| from your true location then you're not evading any
| geofence that you couldn't trivially evade simply by
| moving a few metres.
| [deleted]
| [deleted]
| [deleted]
| roastedpeacock wrote:
| This WIRED article[1] references a release of tools and
| information about the research on GitHub[2] however it 404s. Hope
| that is not being censored.
|
| [1] https://www.wired.com/story/starlink-internet-dish-hack/
|
| [2] https://github.com/KULeuven-COSIC/Starlink-FI
| colinsane wrote:
| archive.org only ever captured 404s for that page. i wonder if
| it was a typo in the article. does Starlink use TI's
| SimpleLink? because there's a very similarly-named repo doing
| similar fault injection here: https://github.com/KULeuven-
| COSIC/SimpleLink-FI
| roastedpeacock wrote:
| Wondered that too but the presentation slides make no mention
| of anything related to SimpleLink. Than again there could be
| more under the hood than just what the slides themselves
| describe. Close but probably not a match.
| jacooper wrote:
| Should've uploaded the repo to IPFS or Radicle.
| upupandup wrote:
| samstave wrote:
| The "STARsand Effect"
| roastedpeacock wrote:
| > looks like Starlinks legal dept got to the github repo
| first :(
|
| If true than it was not through the normal DMCA process of
| GitHub that would result in a public[1] take-down notice
| being filed for transparency.
|
| [1] https://github.com/github/dmca
| no-dr-onboard wrote:
| DEF CON goon here. Sometimes our presenters provide the link to
| a private GitHub repo to the press in advance of their
| presentation. After the presentation they make the repo public.
| roastedpeacock wrote:
| :-)
|
| Might be better to encourage placeholder repository to avoid
| concerns from the public such as this but as long as the
| presenter ultimately controls the namespace it is not really
| at issue.
| gorkish wrote:
| This bothered me yesterday when news broke. I'm surprised that
| more people are not discussing the lack of follow-on
| information here.
| elteto wrote:
| Great response by SpaceX:
|
| https://api.starlink.com/public-files/StarlinkWelcomesSecuri...
|
| "Bring on the bugs".
|
| This is how you properly engage the security community. In times
| where journalists are taken to court for looking at a webpage's
| HTML source it's really great seeing a company that "gets it".
| Kudos.
| [deleted]
| addisonl wrote:
| Anyone have a link to read without hitting the paywall?
| autarch wrote:
| https://archive.ph/o1vnP
| drewg123 wrote:
| The response from Starlink[0] was pretty amazing. I love this
| quote: "we want to congratulate Lennert Wouters on his security
| research into the Starlink user terminal - his findings are
| likely why you're reading this, and help us create the best
| product possible."
|
| A lot better than companies that would try to prosecute him..
|
| [0]: https://api.starlink.com/public-
| files/StarlinkWelcomesSecuri...
| unsupp0rted wrote:
| > Wouters revealed the vulnerability to SpaceX in a responsible
| way through its bug bounty program before publicly presenting
| on the issue.
| LeifCarrotson wrote:
| Full of good sense. They do try to control the terminal to do a
| secure boot:
|
| > We want our devices to only run software that we wrote. This
| isn't like a personal computer where the user can install apps
| or save files - the only software we want to run on our devices
| is software that we've explicitly built, tested, and signed off
| on.
|
| > The same concepts that go into secure boot on our satellites
| are also useful on the Starlink user terminals. Even though we
| know that an attacker with persistent and invasive physical
| access will eventually be able to defeat secure boot on their
| own device, the protections of secure boot are still valuable
| for protecting against remote attacks over the Internet (or
| over wifi). There is a big difference between being able to
| take your own device off your roof and attack it, vs. someone
| else being able to compromise your device without you noticing.
|
| But recognize that it's not foolproof:
|
| > We expect attackers with invasive physical access to be able
| to take malicious actions on behalf of a single Starlink kit
| using its identity, so we rely on the design principle of
| "least privilege" to constrain the effects in the broader
| system. We treat Starlink user terminals as inherently
| untrusted and only expose the minimal necessary information and
| capabilities to each specific client.
|
| The article talks about the researcher "exploring the Starlink
| network" as if there's a screen on the satellites that will
| suddenly display "Access Granted" with a blinking cursor now
| that he's achieved root on his own dish. Getting access to the
| dish is an important step if the former is to be achieved, but
| it's by far the easier of the two steps.
| throwaway2037 wrote:
| Step 1: Why does Google Chrome on KDE/GNU/Linux refuse to allow
| me to copy text from this PDF??? So f-in annoying!
|
| That PR says: <<from embedded Linux running hundreds of
| thousands of computers in space>>
|
| Are these "computers" strictly controlled/owned by SpaceX? If
| yes, are there multiple computers per satellite? Please help me
| to understand this claim. In 2022, I assume when someone says
| "computers" they mean kernel count.
| yusefnapora wrote:
| An article from 2020 [1] claims that they had "32,000 linux
| computers" in orbit. At that time they had 480 satellites in
| orbit, so ~66 "computers" per satellite. That would put us at
| about 180,000 computers today.
|
| [1]: https://www.zdnet.com/article/spacex-weve-
| launched-32000-lin...
| drewg123 wrote:
| It works fine using the pdf viewer builtin to Linux firefox
| (running on FreeBSD-current).
| mynameisvlad wrote:
| There's 2700 satellites currently deployed, so even at 1 per
| satellite it's still in the "thousands".
| throwaway2037 wrote:
| Hmm... When I read "hundreds of thousands" I assume more
| than 100,000. Is that incorrect understanding of English?
| thereddaikon wrote:
| Satellites definitely have multiple computers onboard.
| Their design philosophy evolved from aircraft which tend
| to use discrete computer for different tasks.
| Communications, navigation, data logging etc. That's not
| counting the computers providing whatever the satellite's
| mission is and they almost always have redundant hardware
| to make up for failures which are common in space. So
| there are definitely far more "computers" in space than
| there are total satellites. Are there "hundreds of
| thousands"? I'm not sure.
| nine_k wrote:
| Yes, triple redundancy for critical systems is typical
| for space applications.
|
| With small computers being relatively cheap and
| lightweight, I suppose a satellite has a highly available
| internal computing configuration, with large level of
| redundancy, capable of functioning even after serious
| hardware degradation.
| kraftman wrote:
| I think 200 would be technically correct but most people
| would assume 300+ for 'hundreds'.
| samatman wrote:
| I would say that it depends on if the figure is an
| approximation or a range.
|
| A salary in the hundreds of thousands, or equivalently
| 'six figures', clearly includes a salary that starts with
| 1.
|
| But when it's a definite figure which is being
| approximated I would tend to agree with you.
| [deleted]
| [deleted]
| WD-42 wrote:
| I never understand why the dollar amount is always included in
| these headlines.
|
| Like affording the $25 worth of hardware is really the most
| difficult obstacle to overcome here.
| Hellion wrote:
| It's because it makes it accessible, which is important.
| twawaaay wrote:
| The original hacker might have needed a lot of specialized,
| highly valuable knowledge, but what $25 means is that almost
| anybody can do the same with some instruction even if they
| couldn't come up with the instructions or even don't understand
| what they are doing.
| chucksta wrote:
| Thats' the point, its a trivial amount. Implying it's super
| easy and people should be worried.
| [deleted]
| HWR_14 wrote:
| It's a sign of the hackers skill that they can take the same
| difficult problem and make it so anyone with $25 can duplicate
| it.
|
| Making something accessible to the masses makes it a more
| impressive achievement.
| bluedino wrote:
| Remember 20+ years ago when people did this with cable modems?
| hackernudes wrote:
| And remember how the cable companies completely fixed it?
| Starlink already seems to do the right thing to prevent cloning
| and unauthorized access. Secure chip (STSAFE) and mTLS for
| talking to internal services. Maybe researchers will find some
| bugs in their services but they will be patched quickly.
| Scoundreller wrote:
| Cable modems were easy: all you needed to do was JTAG them. I
| don't think any glitching was required.
|
| The approach used for the Starlink terminal is more like what
| was done to reprogram satellite TV smart cards. Get a copy of
| the ROM, count the processor cycles and find the operation you
| don't want happens and mess with the voltage or frequency at
| that point to let you send in unsigned/unauthorized updates.
| bee_rider wrote:
| Hacking in the older "using a device in an unexpected/unsupported
| way," not "black-hat hacking" I guess. Typical over-dramatic
| Wired. Hats off to this guy, hardware hacks always impress.
| [deleted]
| [deleted]
| russdill wrote:
| Locking down user terminals is one part of starlink security.
| Breaking that is a huge accomplishment. It appears that the
| other layers still prevent this from being a full blown attack,
| but that may just be a matter of time.
| bpodgursky wrote:
| What makes you think this is true?
|
| I'm not shocked they did lock it down, but why do you think
| it's important to the security?
| russdill wrote:
| They are using a layered model. Giving an attacker access
| to communicate directly with your satellites and send
| specially crafted packets is giving them a really useful
| tool.
| pelorat wrote:
| Sure, but an attack to do what? Even with full hardware
| access there's nothing that can be done with the network
| itself, nor can it be used to snoop on other users, nor does
| it give some access to the satellites themselves. It's akin
| to rooting your ISP provided modem.
| TechBro8615 wrote:
| If you root your ISP provided modem, aren't you one step
| closer to exploiting some bug in DOCSIS? Similarly here
| wouldn't you be one step closer to exploiting the "network
| itself?" (Air-quotes because I'm not actually sure what
| that means in this context.)
| bpodgursky wrote:
| If you root your Android, are you one step closer to
| hacking the 5G network?
| russdill wrote:
| If you root the baseband processor, yes.
| InitialLastName wrote:
| Yes, for some definition of the word hacking, because one
| of the underlying assumptions of the 5G network is that
| all of the devices operating on it are subject to local
| regulatory rules (won't behave badly on that spectral
| region) and rooting your Android phone could potentially
| give you access to do unacceptable things with the radio,
| up to and including interfering with other devices using
| the network.
| bpodgursky wrote:
| I guess my point is that this is trivially easy to do but
| 5G networks in practice have no problem chugging along
| supporting a bunch of user-controlled devices.
| InitialLastName wrote:
| Practically speaking, roughly 100% of those devices are
| fully regulator-approved and compliant with standards,
| because roughly 100% are running firmware from vendors
| who rely on regulatory approval.
|
| Essentially 0% of those devices are user-controlled in
| the "I can make the radio do whatever I want" sense.
| TechBro8615 wrote:
| I suppose that depends how you define "chugging along."
| They might be relatively stable and safe from DDOS, but
| malicious devices can certainly do damage to other users
| of a network, in some cases without even connecting to
| it.
|
| For example, an IMSI catcher isn't technically _connected
| to_ any cell network, but it does exploit the assumptions
| of clients who attempt and expect to connect to one.
| falcolas wrote:
| The difference, given service EULAs and DMCA laws, is probably
| non-existant to Space-X' lawyers.
|
| EDIT: But at least the engineers and/or marketing is supportive
| (from another thread here): https://api.starlink.com/public-
| files/StarlinkWelcomesSecuri...
| enlyth wrote:
| Isn't the literal name of this website using the same
| definition, as in tinkering with something?
| bee_rider wrote:
| True!
|
| To my reading, "the hacking of Starlink terminals has begun"
| is a little bit ominous looking, but maybe the error is on my
| side.
| iso1631 wrote:
| Feels a bit Yodaish
|
| Begun, the hacking of Starlink terminals has
| cgriswald wrote:
| In your defense, most media--especially media for general
| consumption--has spent most or all of my lifetime mostly
| using the term to mean something like "illegal or nefarious
| activities," often involving things that you or I might not
| even consider hacking.
| enlyth wrote:
| Yeah I can totally see what you mean, the most popular
| definition is the nefarious one, and news websites always
| try to get more clicks. Although I have given them the pass
| on this occasion since their use of the word is technically
| correct.
| zdragnar wrote:
| IIRC this website was born of a novel use of the term
| 'hacking' in the startup space- hacking business growth.
|
| Here, hacking is a more well established term- hacking
| networking hardware is something I suspect most people would
| associate with black-hat type hacking.
| rfrey wrote:
| I don't think so. Recall pg wrote "Hackers and Painters"
| before founding ycombinator and was/is a pretty well known
| Lisp hacker. I'd be surprised if he meant business hacking
| when he named this site.
| tlb wrote:
| No, Hacker News was named after the people who enjoy doing
| clever things with computers.
|
| At the time, using "hacker" to mean a black-hat was popular
| in the press, but not among actual hackers. And "growth
| hacking" was a metaphor for doing clever things to get
| growth, but not the primary association with "hacker".
| gpm wrote:
| As I understand the website was born out of MITs use of the
| term "hacking" to mean... well... what the website means by
| it.
|
| Wikipedia claims the term was widespread by the 60s
|
| https://en.wikipedia.org/wiki/Hacks_at_the_Massachusetts_In
| s...
| zdragnar wrote:
| I probably should have specified that it was a novel usage
| _within_ the startup space, not that that was where the
| term originated.
| Banana699 wrote:
| There is an argument to be made that if a word has a very
| widely-known meaning, and a very niche meaning, then the
| niche usage requires clarification even among the niche group
| that invented the niche meaning.
|
| For example, when there is a certain word that you and your
| peer group use as an in-joke, you usually have to wink or
| smirk to invoke the joke meaning, that acts as a signal to
| the group to resolve the word to its group-specific meaning.
| simias wrote:
| Complaining about hacking being used _correctly_ on Hacker
| News? Now I 've seen everything.
| H8crilA wrote:
| They switch between "hacking" and "attacking". So, yes.
| jjeaff wrote:
| These days, you pretty much have to "attack" some systems
| just to be able to "hack" them due to the modern propensity
| to put intentional road blocks in the way of anyone who
| wants to modify something they own.
| rkagerer wrote:
| I'd love to see what can be done with this access. Mobile
| Starlink?
| savrajsingh wrote:
| They already support RVs
| jerryjerryjerry wrote:
| [deleted]
| game-of-throws wrote:
| This attack sounds very similar to how the Super Game Boy boot
| ROM was dumped.
| https://gbdev.gg8.se/wiki/articles/Gameboy_Bootstrap_ROM
|
| Some things never change.
| notpushkin wrote:
| Previously, previously, previously, previously:
| https://hn.algolia.com/?query=The%20hacking%20of%20Starlink%...
| dang wrote:
| Reposts are fine if a story hasn't had significant attention
| yet! In fact, if the story is a good one, they're helpful,
| because they mitigate the randomness of what gets noticed on
| /newest.
|
| https://news.ycombinator.com/newsfaq.html
| notpushkin wrote:
| On a side note: wondering why the Starlink maritime coverage
| link [1] has made it to the homepage, but the hacking stuff
| never did.
|
| [1]: https://news.ycombinator.com/item?id=32426281
| dang wrote:
| Randomness.
| jerryjerryjerry wrote:
| wow, lots happened in just one single day... thanks and voted
| [deleted]
| keepquestioning wrote:
| Planet Labs really missed the boat here. Could've easily beat
| SpaceX
| philipwhiuk wrote:
| To what? Planet Labs have a handful of LEO imaging sats, some
| of which SpaceX has launched. They can't afford to launch a LEO
| internet constellation.
| shadowtamperer wrote:
| Any1savr the repo b4 it got taken down and have a copy ro share?
| orionkanat@pm.me
| Eriks wrote:
| Relevant presentation on DEFCON Media server:
|
| https://media.defcon.org/DEF%20CON%2030/DEF%20CON%2030%20pre...
|
| https://media.defcon.org/DEF%20CON%2030/DEF%20CON%2030%20pre...
| upupandup wrote:
| deepdriver wrote:
| > meaning everyone of those floating satellites needs to be
| brought back down and modified
|
| Don't they have a fairly short operational lifetime, thanks
| to increased drag from being in LEO? IIRC it's around 5
| years. I believe that's part of the reason for the high
| launch cadence. Worst case they just limp along with what
| they've got until they're all replaced with new satellites.
| debatem1 wrote:
| In the same way that me turning off secure boot on my desktop
| means free Netflix for everyone and we should shut down
| Comcast until there's a fix.
|
| This is a cool attack, but (so far) no more than that. I'd
| expect that the SpaceX security team is over there putting in
| some glitch resistant compares at the moment, assuming they
| haven't already.
| femiagbabiaka wrote:
| Yeah it's quite the opposite actually. Taken from the
| excellent preso linked above:
|
| """
|
| * This is a well-designed product (from a security
| standpoint)
|
| * No obvious (to me) low-hanging fruit
|
| * In contrast to many other devices getting a root shell
| was challenging
|
| * And a root shell does not immediately lead to an attack
| that scales
|
| """
| ajross wrote:
| Do you write a comment like that every time someone roots a
| cable modem too? That seems a little over the top.
|
| This is an exploit of the base station device. It seems that
| it might be used to grant access for which the owner hadn't
| paid, but that's also something that can be trivially patched
| around at the routing level ("sure, it's a valid base
| station, but if it's not on the list of paying customers it
| doesn't get packets"). It doesn't seem like there's a broader
| exploit against the network at all, beyond allowing the thing
| to attempt a DoS attack (something that is also always
| possible with jamming hardware, but very difficult in
| practice given the number of satellits).
| Scoundreller wrote:
| Should be possible to DoS your area in the footprint, so
| everyone within a few hundred kilometers around you?
|
| A phased array helps but you could also have a heliostat-
| type setup that tracks the satellite.
| pelorat wrote:
| What are you on about. This has nothing to do with the
| satellites, not can this hardware mod ever be used to affects
| the hardware in orbit.
| walnutclosefarm wrote:
| That's not necessarily true. Hacking the ground station
| means in all likelihood getting access to low level
| protocols between the ground station and satellite, which
| potentially means getting the ability to affect the
| satellites. Not a sure thing, but if I wanted to attack a
| StarLink satellite, this would be a solid first step in
| doing so.
| rockemsockem wrote:
| Uh, why though?
|
| This demonstrates that a determined attacker can get access
| to the software running on their own personal terminal.
| That's like a determined attacker being able to get access to
| their own personal router. It sounds like strictly a good
| thing and with how many satellite internet companies are
| coming online we will hopefully see some common hardware
| devices that users have full access to along with some custom
| firmware that folks can run on them.
|
| This has almost nothing to do with the security of the
| satellite constellation itself.
| AnotherGoodName wrote:
| Where it would be problematic is if it's trivial to do this
| to someone else's terminal.
| jchw wrote:
| Realistically, I think it's funded in large parts by U.S.
| government grants to provide affordable internet to rural
| areas.
|
| https://www.cnbc.com/2020/12/07/spacex-starlink-wins-
| nearly-...
|
| Of course though, I'm not sure what the status on that is
| _today_. Looks like they may not be able to ride that train
| anymore:
|
| https://www.reuters.com/world/us/us-rejects-broadband-
| subsid...
| panick21_ wrote:
| That was never considered a large part of the funding. That
| would simply have been some additional income over the next
| decade. And its not happening now anyway.
|
| And given the limited capacity, they might as well use that
| capacity for other costumers.
| Nextgrid wrote:
| > On the bright side, this means free internet outdoors in
| many remote parts of the world will be possible and funded by
| loyal Elon Musk fans ;)
|
| I don't believe they are _that_ stupid as to delegate access
| control to the _client_.
| contingencies wrote:
| Other relevant links from the presentation are
| https://exploitee.rs/index.php/Exploitee.rs_Low_Voltage_e-MM...
| (recommended firmware extraction hardware)
| https://www.esat.kuleuven.be/cosic/blog/dumping-and-extracti...
| (firmware extraction writeup) https://rtfm.newae.com/
| (glitching and side channel analysis hardware) and
| https://github.com/newaetech/chipwhisperer (associated open
| source toolchain)
| colinsane wrote:
| don't miss the link to the original article, especially if you
| prefer understanding the technical details:
| https://www.esat.kuleuven.be/cosic/blog/dumping-and-extracti...
| GormHouj wrote:
| I see a lot of articles that quote the cost for hacking a product
| or service. I feel like these type of titles undermine the effort
| that took place. Surely the lab Wouters used had tools and
| processes that aren't cheap, nor would you consider his expertise
| inexpensive.
|
| I'm not impressed by a PCB board being cheap. Does anyone else
| feel this way about similar headlines?
| rubylark wrote:
| Absolutely. This modchip is just a raspberry pi plus a couple
| parts. You'd have to try hard to get it to be expensive. The
| BOM for most embedded systems is going to be cheap unless you
| need some exotic hardware. It really does seem to ignore the
| amount of time this guy spent to get to figure out what parts
| he needed and where to solder them. If it was developed by a
| company instead of an individual, you can bet it wouldn't have
| cost "only $25 to develop".
|
| Edit: fixed for clarity of thought
| elteto wrote:
| It's just low grade journalism trying to inflate the impact of
| the bug.
|
| Conspicuously missing is the cost of the equipment in the lab
| where he developed the first prototype.
| jeffbee wrote:
| I think it's useful to differentiate between attacks anyone can
| do with common hardware and things like smartcard attacks that
| you can only do with access to an electron microscope.
| xen2xen1 wrote:
| Yes and no. Is the $25 increasingly irrelevant. Sure. Is it
| clickbait-y, yes. Does it matter because it might make it more
| widespread, it probably still does.
| mikeytown2 wrote:
| Price is a factor for how accessible the hack is. If it
| requires an expensive FGPA or a lot of AWS time to crack then
| that makes it less appealing.
| wpietri wrote:
| Exactly. For me it's about the replicability of the attack.
| Is it restricted to government-sized organizations? Or can
| anybody with the skills do it?
| GormHouj wrote:
| Interestingly, either H/N changed the submission title, or
| the article itself changed their title to reflect the content
| of the article better. Is there a way I can check which
| happened in the last few hours?
| beeboop wrote:
| "Twitter hack compromising 5.4 million accounts accomplished
| using $12 keyboard"
| nottorp wrote:
| Gods that one had no self respect! You cannot properly hack
| on any keyboard that isn't mechanical and worth at least
| $200!
| tppiotrowski wrote:
| I think the point is that anyone with $25 can hack Starlink
| once the script or instructions are published online.
| Information costs almost nothing to publish/ share so it's the
| cost of the hardware that matters.
| samstave wrote:
| " _You wouldn 't download a satellite uplink would you?_"
|
| Uh, yep thats exactly what I want to do :-)
| tg180 wrote:
| The article compares the Russian jamming of Viasat with the
| compromise of a Starlink UT. No, no, no... This is really wrong!
|
| > As is typically the case with any technology, the increase in
| use and deployment of Starlink and other satellite constellations
| also means that threat actors have a greater interest in finding
| their security holes to attack them.
|
| > Indeed, Russia saw an advantage in taking out a satellite
| providing internet communications across Europe by attacking its
| technology on the ground as Russian troops entered Ukraine on
| Feb. 24.
|
| Viasat orbits at 22,000 miles, Starlink is in LEO. Precisely for
| this reason Starlink is naturally more resistant to jamming, and
| is used in Ukraine because of this.
|
| Locally compromising a UT is a hack of an endpoint connection
| device, which has nothing to do with ELINT and electronic warfare
| activities (which is an entirely different kind of attacks for
| satellite networks).
| thereddaikon wrote:
| Starlink by its nature of using phased array antennas are
| inherently pretty hard to jam through traditional means. Not
| impossible but more difficult than older systems with simpler
| antennas.
| iso1631 wrote:
| The attack on Viasat was not related to it's GEO vs LEO
| situation, or blocking signals, it was an attack specifically
| on the consumer device to disable them
|
| https://www.viasat.com/about/newsroom/blog/ka-sat-network-cy...
|
| There's no reason that Starlink is any less susceptable to
| that. The attackers got into a terminal management network and
| issued various commands to shut down the endpoints. There's no
| reason an LEO constellation is more or less susceptible to this
| type of attack than a GEO system.
| detaro wrote:
| Viasat attack was by hacking ground terminals, not jamming
| satellites.
| tg180 wrote:
| The Russian approach is hybrid: in addition to the use of
| jamming (they use Divnomorye, Leer, Moskva, Krasukha, ...),
| traditional hacking is used to extend the damage range beyond
| what can be obtained through pure electronic warfare.
|
| In the case of Viasat they had access to a badly configured
| VPN appliance and used it to deploy on the terminals. Which
| is a classical case of network compromise, not a direct hack
| of the user devices.
|
| Also considering this aspect the comparison is not there:
| it's a local access to the hardware vs an "I own your
| infrastructure and I'm able to deploy my firmware".
| mlyle wrote:
| > Also considering this aspect the comparison is not there:
| it's a local access to the hardware vs an "I own your
| infrastructure and I'm able to deploy my firmware".
|
| Yes, performing this reverse engineering requires physical
| access. But it potentially enables one to find further
| vulnerabilities and systems knowledge necessary to build
| attacks that brick network terminals or otherwise disrupt
| the network. Russia's action proves these attacks are
| viable and useful (even if an authenticated management
| vector was used).
|
| Your original comment about the constellation height was a
| non-sequitur: we're talking about threat actors' attacks on
| end-user terminals. The article makes clear ("on the
| ground") that this is what it was referring to.
|
| Yes, jamming, etc, are _also_ useful attacks that threat
| actors use but not what we 're talking about.
| blottsie wrote:
| > The article compares the Russian jamming of Viasat with the
| compromise of a Starlink UT. No, no, no... This is really
| wrong!
|
| This is a bit misleading. The article mentions the Viasat hack
| in the next-to-last paragraph of the article before the update
| in the context of satellite security more broadly:
|
| > "As an increasing amount of satellites are launched--Amazon,
| OneWeb, Boeing, Telesat, and SpaceX are creating their own
| constellations--their security will come under greater
| scrutiny. In addition to providing homes with internet
| connections, the systems can also help to get ships online, and
| play a role in critical infrastructure. Malicious hackers have
| already shown that satellite internet systems are a target. As
| Russian troops invaded Ukraine, alleged Russian military
| hackers targeted the Via-Sat satellite system, deploying wiper
| malware that bricked people's routers and knocked them offline.
| Around 30,000 internet connections in Europe were disrupted,
| including more than 5,000 wind turbines."
| greggman3 wrote:
| I wonder when the first hacker will hack a satelite, fire it's
| retro-rockets to make it crash and cause the Kessler Syndrome,
| intentionally or not
|
| https://en.wikipedia.org/wiki/Kessler_syndrome
|
| Of course that could also happen with random bugs and no hacking
| I guess?
| j-wags wrote:
| Hackers damaged/destroyed the ROSAT satellite in the late 90s
|
| https://en.wikipedia.org/wiki/ROSAT#End_of_operations
| bayindirh wrote:
| There are already people who talk with satellites, recover them
| or make older ones work again. It's one google search away.
| ThrowawayTestr wrote:
| Is there any mitigation against these kinds of power/timing
| attacks? I think the Switch was originally hacked this way.
| mikeytown2 wrote:
| New hardware revisions are required to fix usually. You can
| probably detect a compromised terminal on the network though.
| KMnO4 wrote:
| No, not without changing microprocessors.
|
| Essentially these chips are locked by setting certain flags in
| memory. Various flags control various peripherals, including a
| flag to disable read/write access to the firmware. Obviously
| once you disable access, it's permanent because you don't have
| access to reenable it.
|
| This side channel attack takes advantage of a flaw in the
| actual silicon, where branches can be skipped if the power is
| altered momentarily. So if you skip that first check, the
| attacker has low level firmware control.
|
| (This was also how the firmware was dumped on the Apple
| AirTags)
|
| The only mitigation is to use a chip that doesn't suffer from
| this flaw or change the software to prevent "root" access even
| if an adversary has access to the entire firmware (ie do things
| server side)
| 14 wrote:
| Xbox 360 had the reset glitch hack where if you powered
| cycled the chip at the exact right timing you could run
| unsigned code. It required a small mod chip soldered to some
| of the smallest points on the motherboard that I have ever
| soldered. Different versions of the 360 worked better but
| most worked even if it took a minute or so before the
| glitched worked and booted into custom firmware. Mine worked
| really well and booted first try almost every time. I was
| very proud to successfully install it and watch my 360 boot
| into fsd a custom OS that allowed me to play all my games
| from a HDD.
| ThrowawayTestr wrote:
| That's what I was thinking of, the 360 not the Switch.
| bri3d wrote:
| Yep - the Switch had an issue in the mask ROM / first
| stage bootloader too, but it was a traditional software
| one, where the recovery mode bootloader passed an
| unverified length to a memcpy and smashed the stack.
| swanee wrote:
| The newest glitch hack v3 is really cool in that it uses
| the 360 southbridge to do the glitching without a external
| mod chip.
| karmicthreat wrote:
| I don't think you can eliminate them, just make them harder to
| exploit. Require multiple glitches to succeed etc.
| notfish wrote:
| Agreed, usually if they have hardware access it's gonna be
| cracked eventually. Hard to imagine a system that was truly
| unhackable with infinite unrestricted physical access.
| ck2 wrote:
| Pretty sure Russia has physical satellite killer missiles just
| like US does?
|
| Would a nuke in space even work to take out a group of them,
| maybe even via an EMP surge or are they hardened?
|
| Sometimes I wonder if the world would be more peaceful if
| cellphone networks couldn't work anymore but there would be so
| much other chaos so guess not.
| panick21_ wrote:
| Russia does not have the capability of destroying Starlink
| because the amount of upmass required to destroy them is larger
| then what the Russians can actually do.
|
| SpaceX replacement rate would be higher then Russia destroy
| rate.
| bogomipz wrote:
| Except Russia already proved they can shoot satellites out of
| space as they did almost a year ago with their Nudol ASAT
| weapon test:
|
| https://archive.ph/1tdHl
| marvin wrote:
| Excellent. Now repeat that feat 2500 times to destroy all
| existing Starlink satellites, and keep doing it 1300 times
| each year to destroy all the new Starlink satellites that
| are being launched.
|
| Assuming of course that SpaceX will not increase its launch
| cadence, and that this act of war will not provoke a
| response that stops is. The concept is laughable. It is
| intractable at every level of execution.
| upupandup wrote:
| CyanBird wrote:
| Don't spread useless misinformation on hackernews
| upupandup wrote:
| I don't think you understand what that word means.
| bpodgursky wrote:
| > The PLA has literally robots that can obscure and destroy
| US satellites without launching missiles at it
|
| This is 100% speculation.
|
| The only thing that China has demonstrably done is blow up
| satellites. It would be unsurprising if this tech was in
| development, but nobody has any clue whether there are non-
| kinetic satellite neutralization weapons deployed.
| politelemon wrote:
| I would like to point out the mildly appropriate and endearing
| name in this context, 'Wouters' (routers)
| Mo3 wrote:
| That's a pretty common name here in the Netherlands
| 29athrowaway wrote:
| Certainly it did not cost $25 to develop the modchip. If you put
| in the labor and software related cost it's not $25.
| nine_k wrote:
| It may cost $25 to _deploy_ the hack after it has been
| developed. It 's mere $25k to deploy 1000 instances of it, or
| even cheaper due to the economies of scale.
| TheDong wrote:
| I'm confused what you're even arguing against.
|
| The article specifically uses the phrasing "uses off-the-shelf
| parts that cost around $25". It doesn't say anything about the
| cost to develop, it doesn't say anything even slightly
| misleading or ambiguous about this.
|
| Like, what should the article have done instead? How could it
| possibly be clearer and more explicit about what $25 referred
| to here?
| unixbane wrote:
| I have quit the software industry and now get paid what people
| _should_ get paid for software which is a small fraction of
| what I was being paid before. By choosing to work on actual
| real problems, instead of partaking in the pseudo-intellectual
| clout chasing contest that is the tech industry, I have
| discovered the real value of software which was never much to
| begin with as I assumed it was when I was a kid.
|
| tl;dr yep, he could have been shoveling CRUD shit and making
| more money, or implementing high end algorithms within broken
| operating systems, or implementing high end algorithms with
| insufficient education or time to prove them, while getting
| dumber
|
| scratch that he got a bug bounty for his work so his net gain
| is equal. check mate
| 2OEH8eoCRo0 wrote:
| How narrow of a beam is attainable with this? What shape is the
| beam? How good is that clock chip? I wish I knew more about this
| stuff at the theory level. A cheap and hackable phased array
| sounds very cool to experiment with.
| jcims wrote:
| I'm sure it will never happen but it would be awesome if they
| would release an 'open' terminal under the same auspices of
| commercial SDR transceivers. I'm curious if these could be used
| for very localized doppler radar.
| debatem1 wrote:
| You can build a simple Doppler radar yourself today using a
| couple of SDRs, but sophisticated phased arrays are the kind of
| thing that makes for pretty good military equipment. I doubt an
| open one will come on the market (legally) soon.
| zmgsabst wrote:
| Just say you're doing high resolution of metamaterials for
| science. Materials resonant at the target radar band, because
| that wavelength is easier to manufacture/economically
| useful/etc.
|
| I think you're more likely to find a job than trouble -- SBIR
| has a bunch of grants in that area. (Last I looked.)
| vajenetehais wrote:
| This is quite impressive and congratulation are well deserved.
| Now the fun part can start. This work opens a door to the user
| segment, i can't wait to see what's behind and hope for starlink
| that their C2 and user segments are well isolated. Let the
| fuzzing begin.
| gtvwill wrote:
| Eh low threat hack. Requires physical access to dish and installs
| piece of easily identifiable hardware. Tbh give unfettered access
| to most hardware and you can hack it.
| yarg wrote:
| The terminal is used to contact the constellation as well as
| Starlink's backend servers.
|
| If the remote machines have the assumption of trustworthy
| terminals baked in, then this isn't a low threat hack.
| TrueDuality wrote:
| The value of this attack isn't breaking into the terminal
| itself, but that it allows the end user to modify the control
| channel to the satellite. It allows internal inspection of the
| protocols, authentication, data formats, etc between the
| terminal and the satellite itself.
|
| I assume that the actual received and transmitted packets from
| the terminal are encrypted so "outside in" inspection is very
| very difficult.
| Uptrenda wrote:
| This is like saying if someone can get close to your house with a
| hammer they can mount a hammer attack on your windows and bypass
| your homes security. lmao, what a load of bullshit.
| [deleted]
| roy9240356 wrote:
| I read the article as well as the DEFCON presentation. I still
| don't know how they used voltage fault injection to bypass the
| secure boot. Anyone care to explain?
___________________________________________________________________
(page generated 2022-08-12 23:00 UTC)