Starlink Vulnerability Research

Quarkslab is a French company specializing in information security R&D, consulting and software development. Our expertise is in combining offensive and defensive security to help organizations adopt a new security posture: Force the attackers, not the defender, to adapt constantly. Through our consulting services as well as our software we provide tailored solutions to organizations, helping them to protect their assets, sensitive data, and users against increasingly sophisticated attacks.

Quarkslab is an avid and active user of, and contributor to, Open Source Software and develops and maintains state-of-the-art security tools such as LIEF , QBDI, Triton, Irma, and several other projects.

We develop two commercial software products: QFlow, a platform to automate and orchestrate security analysis of files at scale, and QShield, advanced code and data protection software to disrupt code lifting, reverse engineering and tampering attacks.

Description
Starlink is the famous satellite-based internet solution by Space X. This solution already counts more than 400 000 subscribers all around the world, using the very same infrastructure.

Starlink relies on 3 components:

• a user terminal, which communicates with the satellites, and on which most of the current research is focusing;
• a satellite fleet acting as a mesh network;
• a gateway that connects the satellites to the internet.

Numerous studies have already been conducted on the subject, mainly on the user terminal. During this internship, you will continue the analysis of Starlink and focus on how the user terminal communicates with the rest world. This will require you to reverse engineer its firmware and the various protocols in use. Doing so will help you study the attack surface of the terminal and bring you to the final phase of this internship: vulnerability research.

What you will do

• Reverse engineer the firmware and network protocols.
• Study the attack surface and perform vulnerability research.

Assignment
Pick up a 2022 CVE of your choice impacting a Linux/Android system such as CVE-2022-2347 or CVE-2022-23218.

Describe the root cause and an exploitation path (a PoC, even nonfunctional, will be appreciated).

Location
Paris or Rennes

Duration
6 months

How to Apply?
To apply for an internship position, you must be a student, able to communicate effectively technical matters in written and spoken English, and willing to present the results of your internship to a large group of curious Quarkslab colleagues.
To apply prepare the following elements:

• a resume;
• a cover letter: avoid the generic letter saying that you are so motivated and that we are so interesting. We welcome a more personal letter which explains why the topic is of particular interest to you, why you, and why us;
• your proposed solution to the assignment attached to the offer you are interested in;
• your preference between pain au chocolat or chocolatine.

Package these elements and send them via email to internship-AT-quarkslab-DOT-com, with the subject field containing the internship name mentioned in the respective offer. Alternatively, you can apply here with all the above attached.

Do not forget that the key aspect of a good application is to show what you have already achieved, related to the topic or not. So do not be shy and apply! We know that you can do it.

Selection Process
Each internship offer comes with a little assignment that should not require too much time to be completed. The result will show us not only the type of skills and knowledge you already possess, but also how ingenious you are and how well you can present your reasoning. It will serve as the basis for the interview you will have in the selection process. The assignment works both ways and is also intended to make sure that you like the topic as well as the technical aspects of the internship. If unsure about a specific aspect of a challenge, do not hesitate to drop us an email. We want to discuss not frustrate you!

The first applications usually reach us by November, and we start reviewing them right away. Every year, the filling is alike: half of the internships are filled by Christmas, while the others remain open until March.

Being an Intern at Quarkslab
We consider internships as opportunities to spot profiles that match how we work. They are intended to guide students to enter the professional world as potential future colleagues if they feel like it. We love interns because they bring fresh air to the company and because we see them grow, not only during the internship but also after, when they are hired and can get to work on so many other topics. There are two goals in every internship we offer:

1. Exploring a topic we don't necessarily know very well, hence training the new expert on the topic.
2. Hiring you after the internship to keep and share your new expertise with colleagues.

Training and growing people in the security industry is part of the company's DNA. That is why we provide in-depth blogposts, tools, trainings, weekly internal conferences (called fridaycon, guess when they are), we teach in universities and schools, write articles in tech magazines and send our less experienced hires to a 6-month intensive training program (BADGE-RE or BADGE-SO). Sharing is caring, but sharing is also learning. We provide the environment for that the rest relies on you.

Intern package in France:

• Salary: 1800€ gross per month (approximately 1550€ net).
• "Tickets restaurant" (restaurant coupons).
• In-depth and challenging topics.

Required Skills

• reverse engineering skills;
• knowledge of the ARM architecture and Linux;
• knowledge in vulnerability research;
• preferably some knowledge of hardware attacks and basic PCB design (optional).