IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

SpaceX bug bounty offers up to $25,000 per Starlink exploit

The spacecraft manufacturer has offered white hats immunity to exploit a wide range of Starlink systems, with a dedicated report page

SpaceX is offering between $100 and $25,000 in bounties to hackers who report exploits to the company through their website.

The spacecraft manufacturer has set up a dedicated page on crowdsourced bug bounty platform Bugcrowd, giving would-be white hats a centralised method for reporting un-patched SpaceX and Starlink exploits.

Related Resource

Introducing IBM Security QRadar XDR

A comprehensive open solution in a crowded and confusing space

Whitepaper cover with title over a grey rectangle and a dark header banner with turquoise lines and ESG logoFree Download

Hackers who submit reports on network vulnerabilities can expect up to $10,000, while on a “case-by-case” basis those who discover and report vulnerabilities with Starlink dishes, satellites or other such hardware can receive up to $25,000.

According to its Bugcrowd page, SpaceX has so far rewarded 41 vulnerability reports, at an average of $972 each. A more comprehensive list of prices per type of vulnerability discovered can be found on the page, but SpaceX specifically forbids physical tampering with its infrastructure or that of Starlink’s, as well as testing that could directly impact its services.

In a document shared by SpaceX titled ‘Starlink welcomes security researchers (bring on the bugs), the company outlines its position on bug bounties.

“We allow responsible security researchers to do their own testing, and we provide monetary rewards when they find and report vulnerabilities,” states the document.

“We recognize and appreciate the support of the broader security community in making Starlink better and more secure. We encourage researchers to test Starlink for security issues in a non-destructive way and to report their findings through our bug bounty program.”

SpaceX further states that it considers vulnerability research within its bug bounty policies to be exempt from Digital Millennium Copyright Act (DMCA) claims, legal action as a result of Computer Fraud and Abuse Act (CFAA) violation, and SpaceX terms and conditions that would interfere with research.

Bug bounties are a popular form of publicly-sourced testing for companies, that offer white hat hackers lucrative rewards and permission to attempt to hack some of the most challenging commercial security systems, in return for information on any vulnerabilities that they discover.

In June, an employee working for the vulnerability coordination platform HackerOne was found to have been stealing and re-submitting bug bounties for personal profit and was subsequently fired.

The Starlink constellation, which aims to provide satellite broadband access to customers worldwide, is rapidly growing. With over 2,500 satellites currently in orbit and an end goal of 12,000 having been approved by the FCC, it is a frontrunner in the growing race for satellite internet dominance, which has already spawned disagreements as well as interest from agencies such as DARPA.

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Recommended

Forrester: Autonomous ‘set and forget security’ is “a pipe dream”
Security

Forrester: Autonomous ‘set and forget security’ is “a pipe dream”

27 Oct 2022
MI5 and FBI warn businesses over mass Chinese IP theft
Security

MI5 and FBI warn businesses over mass Chinese IP theft

7 Jul 2022
Extending APM into observability
Whitepaper

Extending APM into observability

1 Apr 2022
Best presentation software 2022
Software

Best presentation software 2022

25 Mar 2022

Most Popular

Empowering employees to truly work anywhere
Sponsored

Empowering employees to truly work anywhere

22 Nov 2022
Q&A: Fred Voccola, Kaseya
channel

Q&A: Fred Voccola, Kaseya

30 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022