Account Hacking Over Starlink Sparks Calls For Two-Factor Authentication
SpaceX's Starlink features a lot of cutting-edge tech, but surprisingly it doesn't offer a built-in two-factor authentication for user logins.
The security gap is coming under scrutiny following several incidents involving hackers breaking into Starlink user accounts to make fraudulent charges. On Wednesday, one Starlink customer took to Reddit to report that hackers had hijacked their account, and locked them out.
The user then posted a screenshot showing that the cybercriminals had bought some Starlink hardware over the account, resulting in $6,235.29 in charges. It also didn’t help that SpaceX’s customer support for the satellite internet service can be notoriously slow.
The good news is that SpaceX helped the user resolve the matter within a day of the Reddit post, offering refunds on the fraudulent charges. Nevertheless, customers on Reddit are pointing out the lack of two-factor authentication over Starlink makes it easier for the hackers to strike again and attack other accounts.
“The fact that there is no 2FA on the account portal is a serious problem,” wrote one user on Reddit. Instead, the Starlink support page indicates a user can only go through an account recovery process to regain access if they’ve been locked out.
Two-factor or multi-factor authentication can stop an account hijacking since it requires anyone logging in to enter both the correct password and a one-time code generated over the account holder’s smartphone. Since passwords can sometimes be guessed, stolen or even cracked through software programs, the additional need to type in the one-time code can stymie hackers from breaking in.
SpaceX didn’t respond to a request for comment, making it unclear if 2FA will one day become a security
Read more on pcmag.com
