Cybersecurity researcher Nariman Gharib has published a technical investigation into the failure of Starlink terminals in Iran during a massive internet blackout. The main finding: the terminals were subject to GPS spoofing, causing connectivity and network stability issues.
Cybersecurity researcher Nariman Gharib has published a technical investigation into the failure of Starlink terminals in Iran during a massive internet blackout. The main finding: the terminals were subject to GPS spoofing, causing connectivity and network stability issues.
«Cybersecurity researcher Nariman Garib published a technical investigation into the Internet blackout in Iran. He says that damn spoofing is to blame for everything. He allegedly fooled the Starlink terminals and everything worked, but poorly,» military communications expert Sergey (Flash) Beskrestnov described the incident in simple words.
Spoofing occurs when an attacker feeds incorrect signals to a GNSS receiver in order to intercept its original positioning data. Spoofing is a «smart» form of GPS interference. During a spoofing attack, the GPS receiver reports an incorrect position.
The GPS spoofing incident occurred against the backdrop of massive anti-government protests in the country that began in January 2026 due to an economic crisis, rising prices, and political tensions.
To limit the spread of information and control the protests, the Iranian authorities implemented a massive internet shutdown. During the blackout, virtually all access to the global internet was blocked, mobile and landline communications were severely restricted, and some internal services (state or «whitelisted») remained available.
In this context, Starlink terminals were supposed to provide access to the global network, but, according to Nariman Garib, they were purposefully subjected to GPS spoofing, which complicated connection and reduced service performance.
That is, Starlink’s technical problems are part of a broader government intervention in internet access during a crisis.
According to the researcher’s findings, the Internet in Iran disappeared due to spoofing detection and GPS jamming — the terminals detected anomalous GPS signals and activated countermeasures.
In addition, the fixer experienced low performance — about 20% constant packet loss, and there was no stable connection for 24 minutes of operation.
Satellite tracking problems due to directional error (deviation of about 1°) exceeded the position uncertainty (0.32°), making it difficult to maintain optimal communication.
The connection at the boom was maintained, but the bandwidth was limited and the stability was low.
According to Garib, this is the first documented case of a state using GPS spoofing against consumer satellite internet. The incident demonstrates how manipulation of GPS signals can disrupt satellite terminals and limit access to the global internet.
The investigation is publicly available .
