Welcome back, aspiring cyberwarriors.
Starlink has become one of the most important communications tools in places where the internet is being cut, filtered, or tightly controlled. In Iran, that has made it both valuable and dangerous. Reuters reported in January 2026 that Iran had intensified its crackdown on Starlink use, while Rest of World described how military-grade GPS jamming had already cut performance in parts of the country by as much as 80 percent. The result is a very real cat-and-mouse game between users trying to stay online and authorities trying to find them.
The danger is not only legal. Iran passed severe penalties for unauthorized Starlink use, and Reuters reported that the government has treated the service as an illegal security threat. As part of our fight for freedom, we want to share this information for your awareness and safety.
Why Starlink Is Uniquely Fingerprint-able
What makes Starlink so hard to hide is that it does not look or behave like ordinary home internet equipment. Consumer Starlink terminals look like rectangular antenna dishes, and Starlink’s own support material shows that many kits include a built-in Wi-Fi router, while other kits can be switched into bypass mode so a third-party router can take over. The hardware has a very specific visual and network profile that is quite different from a normal ISP modem. That visual profile gives security forces something to look for before they ever need to touch the network. A flat rectangular terminal mounted on a roof, with cabling leading to a router inside, is easy to notice. Reuters also noted that Starlink terminals are used in Iran despite the ban, which makes even a casual rooftop scan more likely to be meaningful for investigators.
Thermal signature is another reason the hardware stands out. A late-2025 report on thermal imaging and Starlink detection described Russian military claims that thermal drones could identify Starlink terminals from the air because they emit noticeable heat. That does not prove every detection story in Iran, but it does support the broader point. Powered satellite hardware is not invisible to infrared cameras, especially when a drone is looking for something warm.
Starlink also has a radio fingerprint. The service depends on GPS for pointing and network behavior, and Reuters reported that Iranian authorities were using jammers and fake GPS signals to confuse or disable terminals. When a terminal begins showing unstable positioning, repeated reconnects, or degraded performance under interference, that behavior itself becomes a clue that the system is under pressure.
The Wi-Fi side adds yet another layer. Any Wi-Fi network leaves a radio footprint, and BSSID-based tracking is a well-known technique in wireless analysis. BSSIDs can be used to pinpoint user activity and location details, which is why Wi-Fi scanning remains a practical part of many fingerprinting workflows. Starlink’s official help pages show that the router has a default Wi-Fi network name and that users can rename it or place the router into bypass mode if they want to use a third-party router instead.
Iran’s Detection Playbook
Iran’s approach appears to combine low-tech policing with higher-end signal hunting. People reported raids, arrests, and seizures, while also describing the state’s broader effort to identify and disable terminals. This means the first layer is human and physical, involving searches, tips, financial tracing, and visible patrols looking for obvious rooftop equipment.
The second layer is technical. During the big January 2026 protests and internet blackout in Iran, Iran very likely deployed a prototype or early version of Russia’s new “Kalinka” electronic warfare system. Kalinka was built by Russia specifically as a “Starlink killer.” It can detect Starlink terminals and jam their signals. This doesn’t kill the satellites themselves but can cause massive packet loss or make the dishes stop working properly.
There are also reports from public activist posts about a leaked guide that focuses on Wi-Fi scanning and RSSI-based narrowing of the source. Those reports are not officially verified, so they should be treated carefully. But once a device has a radio footprint, local scanning can become part of the search process. Publicly available discussion of BSSID tracking helps explain why that angle is plausible.
Taken together, the playbook is less mysterious than it may sound. First comes the obvious sweep, then the radio hunt, then the effort to tie the device back to people, accounts, and movement. Iran has even taken the issue into diplomatic channels, pressing international bodies to block the service.
Staying Below the Radar
Many users, activists, and engineers have tried to reduce Starlink’s visibility, but none of the available approaches are perfect. One option is disabling the Wi-Fi on the Starlink router by enabling Bypass Mode in the Starlink app settings. This turns off the internal Starlink Wi-Fi, allowing you to use a third-party router or a wired-only Ethernet connection, though it typically requires an Ethernet Adapter for standard Gen 2 systems. This can reduce one of the most obvious Wi-Fi clues (BSSID-based tracking), although it does nothing to hide the dish itself.
If your Starlink does not support Bypass Mode, placing it in a basement crowded with objects can significantly reduce the signal coverage, making it somewhat safer to use, especially if you switch it off when the internet is not needed. It is still risky, but it is a better option if you do not have any safer alternative.
People have also tried to reduce visual exposure by placing the terminal where it is less obvious from the street or from the air. One of the approaches that Neil Mavis has suggested is covering the terminal with a towel. It does reduce the heat visible to sensors. But you must cover the terminal properly so the towel does not touch the edges, while still allowing airflow for the antenna to reduce exposure.
But you must cover the terminal properly so the towel does not touch the edges, while still allowing airflow for the antenna to reduce exposure. When a towel covers the edges of the terminal, sensors can clearly detect the heat.
This only helps if the terminal still has a clear view of the sky.
On the network side, users often route traffic through VPNs or other encryption layers. That can help protect the contents of communication, but it does not hide the radio and physical presence of the terminal.
Rest of World described how the service was being weakened by jamming in parts of Iran, but jamming is usually not nationwide. It is typically done with mobile or fixed jammers covering a 5-20 km radius. Kalinka and Tobol-style systems are powerful, but they are also directional and expensive. SpaceX has rolled out battle-tested fixes from Ukraine that reduce the impact. Many Iranians are already using these and restoring their connection. You can try to bypass it. Open the Starlink app, go to Advanced, then Debug Data. Toggle on “Use Starlink positioning exclusively” (sometimes called “Starlink PNT” or “Ignore GPS”). This makes the dish ignore all external GPS signals and instead triangulate its position using the Starlink satellites themselves through time-of-flight, Doppler shift, and ephemeris data. This feature was added after Russia’s jamming efforts in Ukraine and was pushed via a firmware update in Iran in January 2026. It is the single most effective measure users report.
Summary
Iran’s Starlink crackdown is an example of how modern connectivity and modern repression collide. It was reported that the government is using jamming, GPS spoofing, raids, and legal penalties, and the interference is already strong enough to cripple service in parts of the country. Starlink may be difficult to block completely, but it is not invisible, and it is certainly not untraceable. Any system that depends on radio emissions and predictable behavior can become recognizable.
Source: HackersArise
Source Link: https://hackers-arise.com/signals-intelligence-how-the-iranian-regime-is-using-starlinks-signature-to-hunt-down-people-using-it/