According to SpaceX, responsible researchers are invited to break into
Starlink, their satellite internet network. It also stated that it would pay
them up to $25,000 for finding certain service issues.
The statement came after security researcher Lennert Wouters claimed last
week that he had used a $25 home-made gadget to hack into Starlink. He said
that he carried out the test as a part of SpaceX's bug bounty program, in
which researchers can report any possible weaknesses they discover in the
Starlink network.
SpaceX praised Wouters' work in a six-page paper titled "Starlink invites
security researchers (bring on the flaws)."
The letter from SpaceX stated, "We find the assault to be technically
remarkable, and is the first attack of its sort that we are aware of in our
system. According to SpaceX, no Starlink customers need to be concerned
about Wouters' hack employing a handmade circuit board because it won't
directly impact the satellites.
According to SpaceX, the company's experts are always attempting to
compromise Starlink in order to enhance the service and increase security.
Any security researcher who wished to assist in securing Starlink was warmly
welcomed, and they were encouraged to think about joining the team or
submitting their discoveries to the organization's bug bounty program.
In the statement, SpaceX stated that it "allows responsible security
researchers to do their own testing and provides financial prizes when they
uncover and disclose vulnerabilities."
Researchers that run non-disruptive tests on Starlink, submit their
findings, and uncover vulnerabilities within scope can get rewards between
$100 to $25,000, according to SpaceX's bug bounty website.
The website provides a list of 32 researchers who, according to SpaceX,
discovered significant security flaws in Starlink. The average compensation
over the previous three months, it is also said, was $973.
According to the bug bounty website, some of the discoveries that are
deemed outside of scope include testing that interferes with customers'
usage of the service, physical assaults on significant infrastructure, and
email spoofing.
In response to Insider's request for comment, SpaceX delayed their
response.
In the paper from last week, SpaceX stated, "We have to consider that some
of those kits will go to persons who wish to attack the system. We are going
to sell a lot of Starlink kits (that's our business!).
