Starlink signals can be reverse-engineered to work like GPS—whether SpaceX likes it or not

Starlink signals can be reverse-engineered to work like GPS—whether SpaceX likes it or not thumbnail

Tod Humphreys offered to SpaceX a simple solution. It is possible to make the constellation’s rapidly expanding Starlink constellation ultra-precise in position, navigation, timing, and other features. The US Army, which funds Humphreys’s work at the University of Texas at Austin, wanted a backup to its venerable, and vulnerable, GPS system. Starlink could fill that role.

When the idea was first proposed in 2020, executives at SpaceX were open to the idea, says Humphreys. Then word got out from high. Humphreys stated to MIT Technology Review that Elon had told all the leaders he spoke to that every other LEO [low-Earth orbit] communications network had gone bankrupt. “SpaceX must focus on staying out of bankruptcy. We cannot afford any distractions.”

But Humphreys wouldn’t take no for an answer. For the past two years, his team at UT Austin’s Radionavigation Lab has been reverse-engineering signals sent from thousands of Starlink internet satellites in low Earth orbit to ground-based receivers. Humphreys claims that his team has solved the problem and believes that regular beacon signals from Starlink internet satellites in low Earth orbit, intended to aid receivers connect with them, could be the basis for a useful navigation system. This could be done without any assistance from SpaceX.

In a non peer-reviewed paper that he has posted on his lab’s website, Humphreys claims to have provided the most complete characterization of Starlink’s signals to date. He claims that this information is the first step towards developing a global navigation technology that could operate independently from GPS or its European, Russian and Chinese counterparts.

” The Starlink system signal is a closely guarded mystery,” says Humphreys. “Even though SpaceX was more cooperative in our initial discussions, they didn’t reveal any details about their signal structure to us. We had to start from scratch, building basically a little radio telescope to eavesdrop on their signals.”

To get the project started, UT Austin acquired a Starlink terminal and used it to stream high-definition tennis videos of Rafael Nadal from YouTube, 24/7. This provided a steady source of Starlink signals so that an antenna nearby could listen in.

Humphreys quickly discovered that Starlink relies upon a technology called orthogonal Frequency-Division Multiplexing (OFDM). OFDM is an efficient method of encoding digital transmissions, originally developed at Bell Labs in the 1960s and now used in Wi-Fi and 5G. Mark Psiaki, a Virginia Tech GPS expert and professor of aerospace, says that OFDM is “all the rage.” It’s a way of packing the most bits per sec into a given bandwidth.

The UT Austin researchers didn’t attempt to break Starlink encryption or access user data sent down by satellites. Instead, they sought out synchronization sequences–predictable, repeating signals beamed down by the satellites in orbit to help receivers coordinate with them. Humphreys not only found such sequences but he also said that they had “pleasantly surprised” to find more than the strictly required synchronization sequences. Each sequence contains clues about the satellite’s velocity and distance. Humphreys says that the Starlink satellites transmit four sequences per millisecond, which is “just wonderful for dual-use of their system for positioning.” If the terrestrial receiver has a good understanding of the satellites movements (which SpaceX shares online in order to reduce the risk from orbital collisions), it can use the sequences regularity to determine which satellite they came originating from and then calculate the distance to the satellite. By repeating this process for multiple satellites, a receiver can locate itself to within about 30 meters, says Humphreys.

If SpaceX later decided to cooperate by including additional data on each satellite’s exact position in its downlinks, that accuracy could theoretically improve to less than a meter–making it competitive with GPS. SpaceX did not respond when asked.

Other researchers have been following a similar path. Zak Kassas, a professor at Ohio State University in the Department of Electrical and Computer Engineering, is the director of a US Department of Transportation Center focusing on navigation resilience. His team was the first team to demonstrate that Starlink signals can be used to position , using machine learning.

Kassas’s method, which he calls cognitive-opportunistic navigation (CON), analyzes the changing frequencies and periods of signals from satellites as they travel overhead. The receiver also uses the sequences of synchronization to learn the orbit of the satellite and track it. The receiver can calculate its own location by using multiple satellite passes. At a recent conference, Kassas claimed his system had now achieved accuracies of less than 10 meters with Starlink. He says, “It’s an open framework that can be applied to any terrestrial signal or extraterrestrial signal.” “It will learn on the fly, tell you what is being transmitted, and tell you where you are.”

A fuller understanding of Starlink’s signals has implications beyond navigation. Starlink satellites don’t appear to be using two channels SpaceX has licensed for. Humphreys speculates this could be because Musk wants to not interfere with radio telescopes operating on nearby frequencies. The bright streaks of orbiting Starlink satellites have already been accused of disrupting optical astronomy.

UT Austin’s findings also point out the possibility of Starlink being deliberately interfering with. Humphreys points out that, while the synchronizations sequences are promising for navigation, their predictability and use across the entire constellation is a security risk. Psiaki says that Humphreys has been a great help to the navigation community by identifying these sequences. “But any navigation system working on open-source sequences could definitely be spoofed, because everyone will know how to spot those signals and create fake ones.”

Starlink reportedly suffered a catastrophic loss of communications in late September in Ukraine, where it is being widely used for voice and electronic communications, to help fly drones, and even to correct artillery fire. Although it is unclear whether the outages were due to jamming by Russian forces, Musk tweeted last week: “Russia is actively trying to kill Starlink. SpaceX has spent huge resources on defense Starlink to protect Ukraine. However, reports of the outages and continued confusion about who will be paying for Starlink services there raise concerns over its future.

As their dependence on Starlink grows, Ukraine and its allies from the West are beginning to realize that they have very little control over Starlink and don’t know much about it. Humphreys says. “But now many million have a vested in Starlink security, including its resilience against jamming. Assessing that security starts with a clear understanding of the signal structure.”

Read More