SpaceX invited responsible security researchers to conduct tests on Starlink.
In a blog post, SpaceX wrote about its security measures to ensure that customer information is kept safe. The entry also mentioned SpaceX’s bug bounty program, which encourages researchers to test Starlink for potential security issues.
According to SpaceX’s page for the bug bounty program, security researchers have already found 43 vulnerabilities in Starlink. Each one that was discovered received an award ranging between $100 to $25,000. The average payout in the last three months is $913.75.
SpaceX takes four days to check submissions to the bug bounty program, and 75% of them are accepted or rejected within that timeframe. There are 33 “Hall of Famers,” and the top security researcher has 50 points.
SpaceX recognizes impressive Starlink hack
In its recent blog post, SpaceX congratulated Lennert Wouters for his security research on Starlink.
“They describe an attack where invasive physical access (taking apart the Starlink user terminal and attaching wires and additional components to it) can be uses to bypass the secure boot protections within the user terminal by messing with the electrical power rails at just the right time during boot,” explained SpaceX.
SpaceX noted that Wouters’ “attack” on Starlink was “technically impressive” and was the first its kind.
Starlink’s Bug Bounty Program Guidelines
SpaceX requests that security researchers are responsible. In return, the company promises not to take any legal actions against researchers as long as they follow the guidelines listed below.
- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our services.
- Do not modify or access data that does not belong to you.
- Give SpaceX a reasonable time to correct the issue before making any information public.
- Do not abuse vulnerabilities, or exploit them beyond the extent necessary to create a proof-of-concept.
SpaceX assured that regular Starlink users do not need to worry about the security researchers’ tests affecting them.
The Teslarati team would appreciate hearing from you. If you have any tips, contact me at firstname.lastname@example.org or via Twitter @Writer_01001101.