A security researcher has uncovered a software bug connected to Starlink that was leaking sensitive information.
Researcher Angelo Gueta, based in the Philippines, disclosed the finding to SpaceX, which offered him a $6,000 reward through its bug bounty program. Details about the vulnerability were kept vague. But in a LinkedIn post, Gueta wrote: “SpaceX can reach orbit. Their secret reached me.”
“Context: some secret accidentally leaked with unpredicted potential including information that should not be exposed [to the] public,” he added.
Gueta included a screenshot of SpaceX’s apparent response, which mentions patching the flaw and offering a $6,000 reward. “In addition to the exposed PIl [personal identifiable information] here, we found that this had potential for broader impact beyond,” it says, noting the possible “reputational damage.”
SpaceX didn’t immediately respond to a request for comment. But in 2022, the company began inviting security researchers to hack Starlink to help it uncover security flaws. The bug bounty program, hosted on Bugcrowd, applies primarily to SpaceX.com and Starlink.com, as well as the Starlink mobile apps and satellite dish hardware. Gueta is currently listed as the top contributor; he previously discovered an authentication bypass flaw, which earned him a $2,500 reward.
Recommended by Our Editors
SpaceX offers up to $50,000 in rewards for more severe hacks involving remote code execution that could hijack a SpaceX system or spread malware. Lower-level rewards of $5,000 to $10,000 are available for cross-site scripting and cross-site request forgery vulnerabilities, which can also expose its 9 million global users to a malicious hack.
In addition to the bug bounty program, SpaceX is hiring more cybersecurity staff at a time when it’s supplying wartime communications in Ukraine.
Get Our Best Stories!
Your Daily Dose of Our Top Tech News
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy
Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
About Our Expert
Michael Kan
Senior Reporter
Experience
I’ve been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I’m currently based in San Francisco, but previously spent over five years in China, covering the country’s technology sector.
Since 2020, I’ve covered the launch and explosive growth of SpaceX’s Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I’ve combed through FCC filings for the latest news and driven to remote corners of California to test Starlink’s cellular service.
I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. Earlier this year, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.
I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I’m now following how President Trump’s tariffs will affect the industry. I’m always eager to learn more, so please jump in the comments with feedback and send me tips.
Read Full Bio
