SpaceX says it’s inviting ethical security researchers to hack into its satellite internet network, Starlink, and could be paid up to $25,000 for discovering significant bugs in the service.
Th announcement followed a claim by security researcher Lennert Wouters last week that he was able to hack into Starlink using a $25 homemade device. He said he performed the hack test in respect to SpaceX's bug bounty program, where researchers submit findings of potential vulnerabilities in Starlink's network.
SpaceX in a six-page document entitled "Starlink welcomes security researchers (bring on the bugs)," commended Wouters on his research finding.
"We find the attack to be technically impressive, and is the first attack of its kind that we are aware of in our system," SpaceX said in the document. Wouters' hack involving a homemade circuit board shouldn't worry any Starlink users and won't directly affect the satellites, SpaceX added.
SpaceX engineers from time to time try thacking Starlink to improve the service and make it more secure. It welcomed any security researchers who wanted to help secure Starlink, asking them to consider joining the team or contributing their findings to the company's bug bounty program.
"We allow responsible security researchers to do their own testing, and we provide monetary rewards when they find and report vulnerabilities," SpaceX said in the document.
According to information on SpaceX's bug bounty website, it asks researchers who carry out non-disruptive tests on Starlink, report the findings, and discover vulnerabilities within scope can get rewards ranging from $100 to $25,000.
There are already 32 researchers who SpaceX said reported important security issues in Starlink. It also says the average payout in the last three months was $973.
The findings that are considered out of scope are testing that disrupts the service for users, physical attacks on large-scale infrastructure, and email spoofing, SpacX said on its bounty website.
"We are going to sell a lot of Starlink kits (that's our business!), so we have to assume some of those kits will go to people who want to attack the system," SpaceX said in last week's document.