SpaceX Invites Security Researchers to Hack Starlink

pcmag.com:

To secure Starlink, SpaceX is inviting security researchers to try and hack the satellite internet system and then report any vulnerabilities to the company. 

Interested security researchers can submit their findings to SpaceX’s bug bounty program(Opens in a new window), which can pay up to $25,000 per discovered vulnerability. The company is looking for bugs covering the entire Starlink ecosystem, including its mobile apps and the main website Starlink.com.

SpaceX made the announcement this week after a security researcher at the Black Hat conference publicly disclosed several vulnerabilities in the Starlink dish that can be used to run custom computer code over the hardware at all privilege levels. 

“We find the attack to be technically impressive, and is the first attack of its kind that we are aware of in our system," SpaceX said in its announcement(Opens in a new window). 

The researcher, Lennert Wouters, told(Opens in a new window) Wired that a SpaceX patch has rolled out for Starlink dishes to make it harder to exploit the vulnerabilities. Even so, the flaws will persist in existing hardware unless the main chip inside can be replaced. He discovered the flaws after tearing down a Starlink dish.

Still, users shouldn’t worry about the discovered vulnerabilities, according to SpaceX. The flaws can only be exploited if the attacker has physical access to a Starlink dish, meaning a remote attack that can infect a user's Starlink dish isn’t possible.

Perhaps more importantly, the vulnerabilities also can’t be used to attack a Starlink satellite in orbit. Nor can they expose other user’s information or be exploited to tamper with other Starlink dishes over the network. 

Nevertheless, the discovered flaws underscore the