Polls

Is there an unsecured wireless network near you?
 
Belgian boffins dump Starlink dish terminal's firmware, gain root access and a few ideas
Thursday, 08 July 2021 17:27

HTTP/2 200 date: Fri, 09 Jul 2021 02:00:35 GMT content-type: text/html; charset=UTF-8 link: ; rel=preload; as=script;,/5e3b42887de55c95121fd13d3d97af106450bb4e/javascript/_.js>; rel=preload; as=script;,/default/c6e5f9bac7a897811eaa5b313d8966da650f83a0/scaffolding.css>; rel=preload; as=style;,/default/c6e5f9bac7a897811eaa5b313d8966da650f83a0/design.css>; rel=preload; as=style;,/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-700.latin.woff2>; rel=preload; as=font; crossorigin;,/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-400.latin.woff2>; rel=preload; as=font; crossorigin; cache-control: max-age=0 expires: Fri, 09 Jul 2021 02:00:35 GMT vary: Accept-Encoding x-reg-bofh: pfy02us x-clacks-overhead: GNU Terry Pratchett, Lester Haines cf-cache-status: DYNAMIC expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server: cloudflare cf-ray: 66bdf5a24cf816c1-SYD Belgian boffins dump Starlink dish terminal's firmware, gain root access and a few ideas • The Register

Extra-terrestrial service probed


Belgian boffins have published a teardown of the Starlink user terminal – also known as Dishy McFlatface – in which they managed to dump the device's firmware that was housed on a eMMC card upon the PCB.

For the the academics at the Katholieke Universiteit Leuven (KU Leuven), actually getting their hands on the firmware for later analysis proved to be a somewhat fraught process.

Although the hardware came with a UART (Universal Asynchronous Receiver Transmitter) port for USB debugging, SpaceX opted — perhaps for obvious reasons — to restrict access to those entrusted with development credentials. Still, it revealed some clues, particularly when it came to the boot process, with integrity and authenticity checks used to ensure the kernel had not been tampered with.

The KU Leuven researchers then turned their attention to the eMMC card, which contained the system image. SpaceX left 10 test points on the circuit board, which corresponded to the equivalent solder points on the eMMC chip. The academics were then able to create an ad-hoc logic capture device, using a memory card reader and a few carefully soldered wires and resistors, allowing them to dump the contents of the storage in-circuit.

The next hurdle came when the researchers attempted to read the firmware’s contents, as SpaceX uses a custom FIT (flattened image tree) format. Fortunately, these changes were publicly accessible, as the company deployed a modified version of U-Boot, and was forced to publish its changes in order to remain GPL compliant.

So far, the findings haven't yet been fully published, although the researchers claim they were able to access a root shell, without adequately explaining how they accomplished it. It is, however, understandable they wouldn't publish the entire dump with one eye on SpaceX's lawyers.

The researchers also made some observations about the quad-core ARM processor used to power the terminal, and its configuration, with each of the cores responsible for a specific task. They also noticed that on all consumer devices, all logins are disabled, effectively meaning the original attempt to access the device via the UART port was a dead-end.

This isn't the first teardown of Dishy McFlatface we've seen, although all prior warranty-destroying attempts focused on the physical hardware, rather than the software it runs. With a ticket price of $499, these endeavours are best left to those with deep pockets and a curiosity that exceeds their aversion to potentially ruining an expensive bit of kit.

You can read the teardown here. Note that SpaceX does have a bug bounty program, which you can access here. ®

Similar topics


Other stories you might like

OpenAI warned that its Codex neural network, like the one that powers GitHub’s code-completion tool Copilot, is likely to generate source that looks plausible but is incorrect, and its performance will decrease as it grows in size.

The artificial intelligence lab revealed the shortcomings and limitations of non-production builds of its Codex model in a pre-print paper this week. It should be noted a distinct production variant of the system powers GitHub Copilot; the preliminary models discussed in the paper are smaller and are only trained on Python whereas Copilot was trained on more data and supports code-completion for a range of programming languages.

Still, GitHub Copilot suffers from similar problems as the prototypes of Codex. Namely, the code generated is unlikely to be correct and useful for developers in its first attempt, and it tends to come up with responses that at first glance appear sensible but may be wrong. Programmers should carefully check the auto-written code for any mistakes.

Continue readingGoogle herds FLoC back to the lab for undisclosed post-third-party-cookie ad tech modifications Privacy advocates say surgery on bird-themed system must happen in public

Google has decided to let the initial test of its FLoC ad technology conclude in a few days to work on improvements – though it isn't inclined to share feedback from test participants.

Privacy advocates would prefer if the online ad giant provided more insight into the test results, since Google's ongoing ad infrastructure rewrite affects every internet business and internet user, not to mention the digital ad industry generating $350bn annually.

FLoC stands for Federated Learning of Cohorts and promises a way to divide browser users into interest groups so they can be presented with interest-based ads without revealing personal information to advertisers. It's one proposal among many, collectively referred to as the Privacy Sandbox, intended to repackage targeted advertising technology so it can continue amid tighter privacy laws and technical limitations like the eventual discontinuation of third-party cookies.

Continue reading11-year-old graduate announces plans to achieve immortality by 'replacing body parts with mechanical parts' Walking sci-fi horror movie plot wants to look inside boffin brains to find way to help ailing grandparents

Eleven-year-old Laurent Simons has become the second-youngest college graduate in history after obtaining a bachelor's degree in physics from the University of Antwerp.

The gifted Belgian child, who finished high school at the age of eight and has an IQ of 145, completed the three-year course in only a year, topping his class with a pass mark of 85 per cent.

He had originally planned to graduate from Eindhoven University in the Netherlands at the age of nine in 2019, which would have made him the youngest graduate, but he left the course before graduating after college authorities said he could not get his degree before his 10th birthday as he had not taken sufficient exams.

Continue readingLinux Foundation celebrates 30 years of Torvalds' kernel with a dry T-shirt contest Artistic types invited to submit their designs – under very specific guidelines

The Linux Foundation, not satisfied with a model that sees world+dog invited to contribute to the open-source kernel that bears its name, is asking for help on another project: designing a T-shirt to celebrate 30 years of the software – and we have little doubt El Reg readers will have some suggestions.

The competition, announced in the run-up to the Open Source Summit + Embedded Linux Conference 2021 this September, aims to celebrate three decades since Linus Torvalds revealed in August 1991 he was working on what he described in a post to the comp.os.minix Usenet group as "a (free) operating system (just a hobby, won't be big and professional like GNU) for 386(486) AT clones."

The first official version of Linux, 0.02, was announced by Torvalds in October that year.

Continue readingEx-IBM whistleblower's suit back in court, 8 years after he alleged irregularities in $265m IRS software deal Judges revive some of the claims

A long-running legal case concerning the alleged $265m mis-selling of software licences by IBM to the US tax office has a new lease of life following a ruling by the US Court of Appeal earlier this week [PDF].

In 2013, senior IBM sales rep Paul Cimino – who sold IBM's Rational brand of software to the Internal Revenue Service (IRS) – filed a complaint under seal against Big Blue through the federal whistleblower False Claims Act alleging IBM Corp had fabricated audit results to mislead the IRS into signing a $265m software deal.

After a lengthy inquiry, investigators declined to intervene and the case was finally dismissed in 2019 by US District Court Judge Amit Mehta in the US Court for the District of Columbia [PDF] in late 2019.

Continue readingUS offers Julian Assange time in Australian prison instead of American supermax if he loses London extradition fight Appeal against January decision to be heard by High Court

Julian Assange will remain in a British prison for now after the US government won permission to appeal against a January court ruling that freed him from extradition to America.

News of the appeal came as the US Department of Justice offered Assange a deal that would keep him out of the notoriously cruel US supermax prisons, according to The Times.

The High Court this morning granted the US permission to appeal against a ruling by Westminster Magistrates' Court that Assange couldn't be extradited because he would commit suicide if handed over to the Americans. The WikiLeaker-in-chief's legal team lost on every other legal ground against extradition.

Continue readingMassive 3D catzilla gets crowds purring in busy Shinjuku district of Tokyo We'd hate to see the litter tray

A giant cat has been spotted peering down at onlookers in one of the busiest parts of Tokyo and doing what felines do best – taking catnaps.

The giant feline – a colossal lifelike 3D animation – has been drawing crowds above the entrance to a railway station in the busy Shinjuku district as part of the Cross Shinjuku Vision project.

Continue readingGPU workstations help first responders hit pause on PTSD VR headset app 'may be a useful tool to reduce burnout and post-traumatic stress'

Sponsored Having photographed some of the most horrific, fast-moving news stories of the 1990s, Yael Swerdlow believes one of the keys to recovering from trauma and moral injury is for people to slow down and immerse themselves in classical music. But helping people do so means putting some of the fastest workstations and GPUs to work.

Maestro Games CEO Swerdlow began her career as a photojournalist whose assignments included the Rodney King Riots and the Northridge earthquake in early 1990s LA. She also shot the aftermath of the Rwanda genocide for International Medical Corp., as part of what she dryly tags the “man’s inhumanity world tour”, which also took place in Somalia and Southern Sudan.

Today, her Los Angeles – based company is a Social Purpose Corporation (SPC), with the main mission of addressing the consequences of post-traumatic stress disorder (PTSD) and moral injury, which is often described as a “wound to the soul” that can occur when individuals commit, fail to prevent, or witness an act that violates their moral beliefs. These problems are not only well-known in military and police circles, but also, increasingly, among other first responders and medical staff, particularly as they deal with the consequences of the COVID-19 pandemic.

Continue readingFool me OnePlus, shame on me: Chinese phone firm fingered for fiddling with performance figures – again Company caught throttling everyday apps but leaving benchmarks, selected games alone

Chinese smartphone maker OnePlus has had the shine taken off its latest launches with tests that indicate it is once again trying to fiddle the figures on benchmark results, throttling real-world performance considerably compared to synthetic workloads.

OnePlus hit the market in 2014 with the launch of the OnePlus One, under the tagline "Never Settle". Designed to be a flagship phone priced as a mid-range device, the handset was the first to launch with third-party Android fork CyanogenMod as standard.

Sales have been strong, no thanks to supply issues and an initial but since-abandoned invite-only purchase model, and the success gave the company cause to abandon CyanogenMod in favour of building its own Android fork, dubbed OxygenOS.

Continue readingUK competition watchdog sniffing around Motorola profits after delay to replace company's Airwave service Blue-light radio network drags on, adding excess £1.2bn to telco's coffers

The UK's competition regulator is consulting on whether to launch a probe into the supply of emergency services telecoms and data networks that could deliver £1.2bn in excess profit for Motorola from 2020 to 2026.

Motorola owns the Airwave mobile radio network, which was first commissioned in 2000 to support the police, ambulance, and fire services.

It is set to be replaced by the 4G-based Emergency Service Network (ESN), which has already been delayed by five years, is £3bn over budget, and won't be fully available before the end of 2026.

Continue readingICO survey on data flouters: 50% say they receive more unwanted calls than before pandemic Plus: Fewer people proportion agree 'current laws' sufficiently protect personal information

The dodgy use of personal data by rogue organisations in fraud and scams continues to be the biggest data protection bugbear for people in the UK, according to research from the Information Commissioners Office (ICO).

When quizzed about which data protection issue is most pressing, rather than citing privacy issues – the UK survey's 2,102 adult respondents, polled between 6 and 18 May, said their top concern was that "personal information [is] being used for scams or fraud."

What's more, organisations with a poor record on keeping people's data safe or not using it properly – such as those who pepper the public with unwanted marketing calls – are likely to find themselves scratched off people's Xmas card list.

Continue reading

HTTP/2 200 date: Fri, 09 Jul 2021 02:00:35 GMT content-type: text/html; charset=UTF-8 link: ; rel=preload; as=script;,/5e3b42887de55c95121fd13d3d97af106450bb4e/javascript/_.js>; rel=preload; as=script;,/default/c6e5f9bac7a897811eaa5b313d8966da650f83a0/scaffolding.css>; rel=preload; as=style;,/default/c6e5f9bac7a897811eaa5b313d8966da650f83a0/design.css>; rel=preload; as=style;,/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-700.latin.woff2>; rel=preload; as=font; crossorigin;,/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-400.latin.woff2>; rel=preload; as=font; crossorigin; cache-control: max-age=0 expires: Fri, 09 Jul 2021 02:00:35 GMT vary: Accept-Encoding x-reg-bofh: pfy02us x-clacks-overhead: GNU Terry Pratchett, Lester Haines cf-cache-status: DYNAMIC expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server: cloudflare cf-ray: 66bdf5a24cf816c1-SYD Belgian boffins dump Starlink dish terminal's firmware, gain root access and a few ideas • The Register

Extra-terrestrial service probed


Belgian boffins have published a teardown of the Starlink user terminal – also known as Dishy McFlatface – in which they managed to dump the device's firmware that was housed on a eMMC card upon the PCB.

For the the academics at the Katholieke Universiteit Leuven (KU Leuven), actually getting their hands on the firmware for later analysis proved to be a somewhat fraught process.

Although the hardware came with a UART (Universal Asynchronous Receiver Transmitter) port for USB debugging, SpaceX opted — perhaps for obvious reasons — to restrict access to those entrusted with development credentials. Still, it revealed some clues, particularly when it came to the boot process, with integrity and authenticity checks used to ensure the kernel had not been tampered with.

The KU Leuven researchers then turned their attention to the eMMC card, which contained the system image. SpaceX left 10 test points on the circuit board, which corresponded to the equivalent solder points on the eMMC chip. The academics were then able to create an ad-hoc logic capture device, using a memory card reader and a few carefully soldered wires and resistors, allowing them to dump the contents of the storage in-circuit.

The next hurdle came when the researchers attempted to read the firmware’s contents, as SpaceX uses a custom FIT (flattened image tree) format. Fortunately, these changes were publicly accessible, as the company deployed a modified version of U-Boot, and was forced to publish its changes in order to remain GPL compliant.

So far, the findings haven't yet been fully published, although the researchers claim they were able to access a root shell, without adequately explaining how they accomplished it. It is, however, understandable they wouldn't publish the entire dump with one eye on SpaceX's lawyers.

The researchers also made some observations about the quad-core ARM processor used to power the terminal, and its configuration, with each of the cores responsible for a specific task. They also noticed that on all consumer devices, all logins are disabled, effectively meaning the original attempt to access the device via the UART port was a dead-end.

This isn't the first teardown of Dishy McFlatface we've seen, although all prior warranty-destroying attempts focused on the physical hardware, rather than the software it runs. With a ticket price of $499, these endeavours are best left to those with deep pockets and a curiosity that exceeds their aversion to potentially ruining an expensive bit of kit.

You can read the teardown here. Note that SpaceX does have a bug bounty program, which you can access here. ®

Similar topics


Other stories you might like

OpenAI warned that its Codex neural network, like the one that powers GitHub’s code-completion tool Copilot, is likely to generate source that looks plausible but is incorrect, and its performance will decrease as it grows in size.

The artificial intelligence lab revealed the shortcomings and limitations of non-production builds of its Codex model in a pre-print paper this week. It should be noted a distinct production variant of the system powers GitHub Copilot; the preliminary models discussed in the paper are smaller and are only trained on Python whereas Copilot was trained on more data and supports code-completion for a range of programming languages.

Still, GitHub Copilot suffers from similar problems as the prototypes of Codex. Namely, the code generated is unlikely to be correct and useful for developers in its first attempt, and it tends to come up with responses that at first glance appear sensible but may be wrong. Programmers should carefully check the auto-written code for any mistakes.

Continue readingGoogle herds FLoC back to the lab for undisclosed post-third-party-cookie ad tech modifications Privacy advocates say surgery on bird-themed system must happen in public

Google has decided to let the initial test of its FLoC ad technology conclude in a few days to work on improvements – though it isn't inclined to share feedback from test participants.

Privacy advocates would prefer if the online ad giant provided more insight into the test results, since Google's ongoing ad infrastructure rewrite affects every internet business and internet user, not to mention the digital ad industry generating $350bn annually.

FLoC stands for Federated Learning of Cohorts and promises a way to divide browser users into interest groups so they can be presented with interest-based ads without revealing personal information to advertisers. It's one proposal among many, collectively referred to as the Privacy Sandbox, intended to repackage targeted advertising technology so it can continue amid tighter privacy laws and technical limitations like the eventual discontinuation of third-party cookies.

Continue reading11-year-old graduate announces plans to achieve immortality by 'replacing body parts with mechanical parts' Walking sci-fi horror movie plot wants to look inside boffin brains to find way to help ailing grandparents

Eleven-year-old Laurent Simons has become the second-youngest college graduate in history after obtaining a bachelor's degree in physics from the University of Antwerp.

The gifted Belgian child, who finished high school at the age of eight and has an IQ of 145, completed the three-year course in only a year, topping his class with a pass mark of 85 per cent.

He had originally planned to graduate from Eindhoven University in the Netherlands at the age of nine in 2019, which would have made him the youngest graduate, but he left the course before graduating after college authorities said he could not get his degree before his 10th birthday as he had not taken sufficient exams.

Continue readingLinux Foundation celebrates 30 years of Torvalds' kernel with a dry T-shirt contest Artistic types invited to submit their designs – under very specific guidelines

The Linux Foundation, not satisfied with a model that sees world+dog invited to contribute to the open-source kernel that bears its name, is asking for help on another project: designing a T-shirt to celebrate 30 years of the software – and we have little doubt El Reg readers will have some suggestions.

The competition, announced in the run-up to the Open Source Summit + Embedded Linux Conference 2021 this September, aims to celebrate three decades since Linus Torvalds revealed in August 1991 he was working on what he described in a post to the comp.os.minix Usenet group as "a (free) operating system (just a hobby, won't be big and professional like GNU) for 386(486) AT clones."

The first official version of Linux, 0.02, was announced by Torvalds in October that year.

Continue readingEx-IBM whistleblower's suit back in court, 8 years after he alleged irregularities in $265m IRS software deal Judges revive some of the claims

A long-running legal case concerning the alleged $265m mis-selling of software licences by IBM to the US tax office has a new lease of life following a ruling by the US Court of Appeal earlier this week [PDF].

In 2013, senior IBM sales rep Paul Cimino – who sold IBM's Rational brand of software to the Internal Revenue Service (IRS) – filed a complaint under seal against Big Blue through the federal whistleblower False Claims Act alleging IBM Corp had fabricated audit results to mislead the IRS into signing a $265m software deal.

After a lengthy inquiry, investigators declined to intervene and the case was finally dismissed in 2019 by US District Court Judge Amit Mehta in the US Court for the District of Columbia [PDF] in late 2019.

Continue readingUS offers Julian Assange time in Australian prison instead of American supermax if he loses London extradition fight Appeal against January decision to be heard by High Court

Julian Assange will remain in a British prison for now after the US government won permission to appeal against a January court ruling that freed him from extradition to America.

News of the appeal came as the US Department of Justice offered Assange a deal that would keep him out of the notoriously cruel US supermax prisons, according to The Times.

The High Court this morning granted the US permission to appeal against a ruling by Westminster Magistrates' Court that Assange couldn't be extradited because he would commit suicide if handed over to the Americans. The WikiLeaker-in-chief's legal team lost on every other legal ground against extradition.

Continue readingMassive 3D catzilla gets crowds purring in busy Shinjuku district of Tokyo We'd hate to see the litter tray

A giant cat has been spotted peering down at onlookers in one of the busiest parts of Tokyo and doing what felines do best – taking catnaps.

The giant feline – a colossal lifelike 3D animation – has been drawing crowds above the entrance to a railway station in the busy Shinjuku district as part of the Cross Shinjuku Vision project.

Continue readingGPU workstations help first responders hit pause on PTSD VR headset app 'may be a useful tool to reduce burnout and post-traumatic stress'

Sponsored Having photographed some of the most horrific, fast-moving news stories of the 1990s, Yael Swerdlow believes one of the keys to recovering from trauma and moral injury is for people to slow down and immerse themselves in classical music. But helping people do so means putting some of the fastest workstations and GPUs to work.

Maestro Games CEO Swerdlow began her career as a photojournalist whose assignments included the Rodney King Riots and the Northridge earthquake in early 1990s LA. She also shot the aftermath of the Rwanda genocide for International Medical Corp., as part of what she dryly tags the “man’s inhumanity world tour”, which also took place in Somalia and Southern Sudan.

Today, her Los Angeles – based company is a Social Purpose Corporation (SPC), with the main mission of addressing the consequences of post-traumatic stress disorder (PTSD) and moral injury, which is often described as a “wound to the soul” that can occur when individuals commit, fail to prevent, or witness an act that violates their moral beliefs. These problems are not only well-known in military and police circles, but also, increasingly, among other first responders and medical staff, particularly as they deal with the consequences of the COVID-19 pandemic.

Continue readingFool me OnePlus, shame on me: Chinese phone firm fingered for fiddling with performance figures – again Company caught throttling everyday apps but leaving benchmarks, selected games alone

Chinese smartphone maker OnePlus has had the shine taken off its latest launches with tests that indicate it is once again trying to fiddle the figures on benchmark results, throttling real-world performance considerably compared to synthetic workloads.

OnePlus hit the market in 2014 with the launch of the OnePlus One, under the tagline "Never Settle". Designed to be a flagship phone priced as a mid-range device, the handset was the first to launch with third-party Android fork CyanogenMod as standard.

Sales have been strong, no thanks to supply issues and an initial but since-abandoned invite-only purchase model, and the success gave the company cause to abandon CyanogenMod in favour of building its own Android fork, dubbed OxygenOS.

Continue readingUK competition watchdog sniffing around Motorola profits after delay to replace company's Airwave service Blue-light radio network drags on, adding excess £1.2bn to telco's coffers

The UK's competition regulator is consulting on whether to launch a probe into the supply of emergency services telecoms and data networks that could deliver £1.2bn in excess profit for Motorola from 2020 to 2026.

Motorola owns the Airwave mobile radio network, which was first commissioned in 2000 to support the police, ambulance, and fire services.

It is set to be replaced by the 4G-based Emergency Service Network (ESN), which has already been delayed by five years, is £3bn over budget, and won't be fully available before the end of 2026.

Continue readingICO survey on data flouters: 50% say they receive more unwanted calls than before pandemic Plus: Fewer people proportion agree 'current laws' sufficiently protect personal information

The dodgy use of personal data by rogue organisations in fraud and scams continues to be the biggest data protection bugbear for people in the UK, according to research from the Information Commissioners Office (ICO).

When quizzed about which data protection issue is most pressing, rather than citing privacy issues – the UK survey's 2,102 adult respondents, polled between 6 and 18 May, said their top concern was that "personal information [is] being used for scams or fraud."

What's more, organisations with a poor record on keeping people's data safe or not using it properly – such as those who pepper the public with unwanted marketing calls – are likely to find themselves scratched off people's Xmas card list.

Continue reading

Source: https://bit.ly/36orS9I