Starlink Terminal Telemetry Shows GPS Spoofing and Service Degradation in Iran

TL;DR

Debug telemetry from a Starlink terminal operating in Iran during a government-mandated internet shutdown shows the terminal detected and inhibited untrustworthy GPS signals while maintaining a degraded link. The data documents sustained packet loss, prolonged sensor-fusion convergence, and beam-pointing errors consistent with GPS spoofing rather than simple jamming.

What happened

Debug logs exported from a Starlink mobile terminal active in Iran during an official internet blackout show the unit flagged and inhibited GPS positioning despite tracking a normal satellite count. The record includes an inhibitGps flag set to true while gpsValid remained true and gpsSats reported 18, which the analyst interprets as evidence of spoofed rather than blocked GPS signals. The terminal stayed online for about 24 minutes but never achieved a stable connection: sensor-fusion (EKF) required 198 seconds to converge, uplink and downlink bandwidth were restricted (reason code 1), and packet loss averaged roughly 20–22% over five-minute windows. Beam pointing was off by about 1–1.2 degrees while attitude uncertainty was 0.32 degrees, indicating degraded positioning accuracy. Most subsystems were ready except for one module labeled "cady," and the device was operating in roaming mode with country code IR.

Why it matters

• Demonstrates that GPS spoofing can significantly degrade consumer satellite broadband without fully severing connectivity.
• Shows Starlink terminals can detect and inhibit compromised GPS signals but rely on fallback positioning that currently reduces performance.
• Provides a technical data point for researchers tracking state-level electronic interference against satellite internet.
• Highlights potential vulnerabilities in phased-array beam pointing when primary positioning is compromised.

Key facts

• Telemetry captured in Iran during a government-directed internet shutdown (country code: IR).
• Terminal reported gpsValid: true, gpsSats: 18, and inhibitGps: true — interpreted as anti-spoofing activation.
• Terminal uptime ~1,413 seconds (~24 minutes) with zero seconds of recorded stable connection.
• Extended Kalman Filter (EKF) convergence took 198 seconds, longer than typical initialization.
• Sustained packet loss averaged about 20–22% over five-minute intervals; POP ping drop rate showed spikes (instantaneous 50%).
• Beam pointing error measured ~1.06°–1.21° (azimuth/elevation) versus attitude uncertainty of 0.32°.
• Both downlink and uplink showed bandwidth restriction flags (dlBandwidthRestrictedReason: 1, ulBandwidthRestrictedReason: 1).
• All listed subsystems reported ready except 'cady' (cady: false); RF and physical layers were operational.
• Dish and router software versions recorded in the telemetry: dish 2026.01.02.mr71031, router 2025.12.30.mr67903.
• Signal-to-noise ratio stayed above the noise floor and Ethernet reported a 1,000 Mbps link, indicating radios were functional.

What to watch next

• Whether SpaceX publishes firmware or algorithm updates to improve fallback positioning under spoofing conditions — not confirmed in the source.
• If similar telemetry appears from other terminals or regions that would corroborate a broader campaign of GPS interference — not confirmed in the source.
• Clarification on the role and impact of the 'cady' subsystem and whether its readiness is tied to positioning integrity — not confirmed in the source.

Quick glossary

• GPS spoofing: Transmission of false GPS signals that mimic legitimate satellite navigation data, causing receivers to compute incorrect positions or timing.
• Extended Kalman Filter (EKF): A sensor-fusion algorithm that combines inputs from multiple sensors (e.g., IMU, GPS) to estimate position and attitude; convergence time reflects how quickly a stable estimate is obtained.
• Beam pointing / pointing error: The angular difference between the antenna's actual aim and its intended direction; larger errors reduce link quality for directional satellite antennas.
• Signal-to-noise ratio (SNR): A measure of signal strength relative to background noise; higher SNR generally implies a clearer radio link.
• Anti-spoofing: Hardware or software measures that detect and mitigate falsified navigation signals, sometimes by disabling reliance on suspect sources.

Reader FAQ

Did the Starlink terminal lose all connectivity?
No. The link persisted but remained unstable, with sustained packet loss (~20%+) and bandwidth restrictions.

Was GPS spoofing detected?
Yes. Telemetry shows inhibitGps set to true while tracking 18 satellites and gpsValid true, which analysts interpret as anti-spoofing behavior consistent with spoofed signals.

Is this definitively a state-directed attack by Iran?
The telemetry is consistent with broadcasted false GPS signals during an Iranian government shutdown, but direct legal or operational attribution beyond that context is not confirmed in the source.

Has SpaceX publicly commented or issued fixes?
Not confirmed in the source.

Starlink Terminal GPS Spoofing/Jamming Detection in Iran Technical Analysis of Debug Telemetry During Internet Shutdown Date of Capture: January 2026 Location: Iran (confirmed via terminal telemetry) Context: Iranian government internet…

Sources

• Technical Analysis of Starlink Terminal GPS Spoofing/Jamming Detection in Iran
• GPS User Issue Detection & Evaluation (GUIDE) Tool

Related posts

• Verizon mobile outage disrupts wireless service across eastern U.S.
• Verizon, AT&T and T‑Mobile Report Widespread Service Outages
• Major Verizon Outage Disrupts U.S. Mobile Service and Some 911 Calls