The Starlink project, initiated by SpaceX, aims to provide global high-speed internet through a constellation of low Earth orbit satellites. Originally designed to offer internet services globally, particularly in remote areas where connectivity is limited, SpaceX has already launched over 6,000 satellites, providing service to hundreds of thousands of users in more than 30 countries. However, Starlink's potential as a game-changing "black tech" for warfare has become evident on the battlefield in Ukraine. As Russia destroyed Ukraine's ground communication infrastructure, Starlink provided a stable and efficient communication solution, ensuring that the military and government could maintain command and coordination capabilities despite the destruction of critical infrastructure.

Starlink, through hundreds of satellites, offers high-speed, low-latency internet service, enabling soldiers on the front lines to stay in real-time contact with command centers. This capability not only helps coordinate tactical operations but also provides real-time monitoring of enemy movements. For instance, in sharing battlefield information, Starlink has provided technical support for precision strikes and tactical adjustments by Ukrainian forces.

Figure 1: Starlink Device Control Interface

Using the tool ZoomEye, we can easily locate and discover exposed Starlink services on the internet (ZoomEye Dork: app:"Starlink", ZoomEye Link: https://www.zoomeye.hk/searchResult?q=app%3A%22Starlink%22&from=article ). Data shows that more than 70,000 Starlink devices worldwide are exposed, highlighting the widespread global application of this technology. Alarmingly, many Starlink devices are not limited to use by tech enthusiasts but are deployed in critical infrastructure-related applications.

Figure 2: ZoomEye Search Results

With the rise of global cyber threats, Starlink devices have become potential targets for cyberattacks. If these devices are exploited by hackers or malicious actors, it could not only lead to communication disruptions but also trigger large-scale security risks, directly threatening the stable operation of military, governmental, and vital public services. In light of this serious situation, the person in charge of Starlink need to attach great importance to the security protection of these devices. For instance, on December 1, 2022, the public account "Security Reference" published an article titled "Pro-Russian Hacker Group Killnet Prepares for 'Total Attack'; Starlink Down for Several Hours." The article describes how the pro-Russian hacker group Killnet claimed responsibility for test attacks on Elon Musk's Starlink, the White House website (WhiteHouse.gov), and the website of the Prince of Wales.

Figure 3: Screenshot of White House Website Attack

By leveraging global Starlink asset data provided by ZoomEye, exposed Starlink devices can be accurately identified, enabling the development of effective management and protection strategies. This not only ensures the proper management of Starlink assets but also provides a foundation for security upgrades, helping to prevent potential disasters caused by configuration vulnerabilities or security weaknesses. Currently, ZoomEye offers global Starlink asset data and analytical reports for sale for a limited time, providing comprehensive security insights and enhancing data protection capabilities. Purchasing and utilizing this data can significantly improve the overall security of Starlink devices, reducing the risk of exposure to malicious actors and preventing cyberattacks. If prompt action is not taken to strengthen the security of Starlink devices, tens of thousands of devices worldwide could become direct targets for cybercriminals.

Figure 4: How to Obtain Starlink Source Data

If you would like to learn more about Starlink-related information, please visit https://www.zoomeye.hk/datasets?from=article for more details.