Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

SpaceX offers $25k bug bounty for white hats to hack Starlink

SpaceX has invited responsible researchers, aka “white hats”, to hack into its satellite internet network Starlink, announcing that it would offer a payment of up to $25,000 for discovering certain bugs in the service.

user icon
Tue, 16 Aug 2022
SpaceX offers $25k bug bounty for white hats to hack Starlink
expand image

After Lennert Wouters, a Belgian security researcher, demonstrated how he had hacked into Starlink using a $25 homemade device at the Black Hat Security Conference in Las Vegas, US last week, SpaceX has responded by welcoming other white hat researchers to hack Starlink by offering to pay up to $25,000 for certain bugs found on the service.

SpaceX congratulated Wouters on his research and made their bug bounty announcement titled "Starlink welcomes security researchers (bring on the bugs)", in a six-page document on their website.

While Wouters disclosed he had performed the test as part of SpaceX's bug bounty program, SpaceX stated that it was a great effort by the KU Leuven white hat in their bug bounty document.

============
============

"We find the attack to be technically impressive and is the first attack of its kind that we are aware of in our system.

"Wouters' hack involving a homemade circuit board shouldn't worry any Starlink users and won't directly affect the satellites," SpaceX stated.

SpaceX further explained in the document that the company's own engineers are always trying to hack Starlink, in order to improve the service and make it more secure.

The company added that any security researchers who wanted to help secure Starlink should consider joining the SpaceX team or contribute their findings to the bug bounty program.

"We allow responsible security researchers to do their own testing, and we provide monetary rewards when they find and report vulnerabilities," SpaceX said in the document.

According to SpaceX's bug bounty website, it states that researchers who carry out non-disruptive tests on Starlink, report the findings, and discover vulnerabilities within scope can be rewarded between $100 and $25,000.

So far, SpaceX has acknowledged 32 researchers who reported important security issues in Starlink on the site. The company has also disclosed that the average payout in the last three months was $973 on the website.

The findings that are considered out of scope are testing that disrupts the service for users, physical attacks on large-scale infrastructure, and email spoofing.

"We are going to sell a lot of Starlink kits (that's our business!), so we have to assume some of those kits will go to people who want to attack the system," SpaceX said.

[Related: Wesfarmers to bolster cyber security posture with new ‘cyber fusion centre’]

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.