SpaceX has offered $25,000 reward to anyone who can hack their satellite Starlink. The spacecraft engineering company has invited researchers to ‘test’ Starlink for security in a “non-disruptive” way. The findings of these pre-planned hacks and tests will help develop a better system equipped to combat hacking attempts in the hands of cybercriminals.
The $25,000 reward program comes after security researcher Lennert Wouters highlighted defects in the security systems of Starlink and demonstrated them at the Black Hat Security conference in Las Vegas. Using a $25 tool, Wouters displayed how the satellites meant to build a high-speed Internet connectivity network could be manipulated and hacked by miscreants.
Also called Vulnerability Rewards Program (VRP), the Bug Bounty Program offers a reward for reporting software bugs and discovering vulnerabilities in their satellite systems. Based on their guidelines, the compensation ranges between $100 to $25,000.
For interested participants, the company uses the crowdsourced security platform BugCrowd, where they can report any issues in the satellites, Starlink Dishes, and other hardware. The same can be reported to [email protected] by using their GPG key. This protects any sensitive information relayed in their report as this method will encrypt sensitive information.
For the Bug Bounty Program, participants must follow certain rules to avoid disrupting the satellite’s services. Physical attacks on the infrastructure, chain exploits and post-exploitation activities on satellites must be avoided. Moreover, the researchers and participants are expected to make good faith disclosure to SpaceX so that all their findings are used to improve the overall project.
While the company has allowed open research publication, they have urged the participants to give them a heads-up before publicising any information. This is to check the information and sync it as required.
SpaceX provides low-latency connectivity with the world’s largest satellite constellation in about 37 countries. As the system is ever evolving, the methods of infiltrating may need tough handling to find loopholes and upgrade the same. On their blog, the company shared that their engineers are working together to find inadequacies in their systems and correcting them to enhance the security measure.