SpaceX Calls First Starlink Hack ‘Impressive’, Debuts $25,000 Bug Bounty Program
After a successful hacking attempt on Starlink was achieved, the feat was called “technically impressive” by SpaceX. Now, the company has opened up opportunities for other security researchers to take aim at the internet service’s ecosystem.
SpaceX is encouraging security researchers to try to hack into Starlink’s service and report flaws to the company, according to a report from PC Mag.
Security researchers who want to try it should submit findings to SpaceX’s bug bounty program which offers up to $25,000 per flaw discovered. The move is a part of a larger campaign to identify bugs across the Starlink ecosystem, ranging from the mobile apps, to its service and to its website.
“Our engineers are constantly trying to hack our own systems, but we’re always excited to accept help! We allow responsible security researchers to do their own testing, and we provide monetary rewards when they find and report vulnerabilities. We recognize and appreciate the support of the broader security community in making Starlink better and more secure,” explained SpaceX.
SpaceX Loses $886 Million in FCC Subsidies for Starlink Internet https://t.co/n1DTRCzDrv
— TeslaNorth.com (@RealTeslaNorth) August 10, 2022
The news comes after security researcher Lennert Wouters publicly shared a handful of flaws in the Starlink dish at the Black Hat conference. The flaws let the research run custom computer code atop the hardware at any privilege level. He told Wired SpaceX has already implemented a patch to make it harder to hack Starlink.
In an announcement, SpaceX said, “We find the attack to be technically impressive, and is the first attack of its kind that we are aware of in our system.”
SpaceX says users don’t need to worry about the flaws since they can only be exploited by those with physical access to a Starlink terminal.
“First of all, we want to congratulate Lennert Wouters on his security research into the Starlink user terminal – his findings are likely why you’re reading this, and help us create the best product possible,” said SpaceX.
“They describe an attack where invasive physical access (taking apart the Starlink user terminal and attaching wires and additional components to it) can be used to bypass the secure boot protections within the user terminal by messing with the electrical power rails at just the right time during boot. We find the attack to be technically impressive, and is the first attack of its kind that we are aware of in our system,” noted the company.
Earlier this year, SpaceX head Elon Musk noted that Starlink resisted several Russian hacking and jamming attempts in Ukraine.