SPACETALK HOLDINGS PTY LTD is committed to maintaining the highest standards of cybersecurity for our connected device ecosystem. We welcome input on potential software and hardware vulnerabilities to ensure we can take appropriate steps to maintain the security of our products, systems, and customer data.
In line with Australia's Cyber Security (Security Standards for Smart Devices) Rules 2025; the UK The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023, and EU RED DA (EN 18031) cybersecurity requirements, we are dedicated to transparent security practices and responsible vulnerability management. We appreciate researchers following responsible disclosure practices and not prematurely revealing vulnerability information during the time required to address security issues. Premature public disclosure can place our customers and users at increased levels of risk.
Submit Security Vulnerability Information Only
This page is exclusively for security researchers and professionals who have information about SPACETALK HOLDINGS PTY LTD security vulnerabilities. Please direct other inquiries through our normal SPACETALK HOLDINGS PTY LTD Support channels:
For non-security matters, please contact our standard support:
Product repair requests
Installation, configuration, or operational questions
Functional software bugs (non-security related)
New product or feature recommendations
General product feedback or comments
Standard Support Contact: [email protected]
How To Submit A Suspected Security Vulnerability
A security vulnerability is a condition in a system, device, or software that can be exploited to violate its intended behavior, relative to confidentiality, integrity, or availability of data and services.
Reporting Channels:
For SPACETALK HOLDINGS PTY LTD customers: Please provide vulnerability inputs through your normal service support process or designated customer security contact. This will reduce the time it takes to reach the correct security team.
For independent researchers and security professionals: You may submit a security vulnerability by email to our dedicated security team: [email protected]
Required Information for Vulnerability Reports:
To help us effectively address your discovery, please include the following information:
Product Information: Model number (Loop, Adventurer 1, Adventurer 2, or other), software/firmware version, and hardware revision if available
Vulnerability Details: Comprehensive description of the security vulnerability
Technical Details: Information on how to reproduce the issue or create a proof-of-concept
Impact Assessment: Your assessment of the potential impact and exploitability
Active Exploits: Are you aware of any active exploitation of this vulnerability?
Prior Disclosure: Have you disclosed your findings to anyone other than Spacetalk Holdings Pty Ltd? If so, to whom and when?
Australian Cyber Security Compliance
In accordance with Australia's Cyber Security (Security Standards for Smart Devices) Rules 2025, SPACETALK HOLDINGS PTY LTD maintains:
No Universal Default Passwords: All our devices requiring authentication use unique, device-specific or user specified credentials
Defined Support Period: We publish and maintain clear timelines for security updates throughout each product's lifecycle. Refer to our compliance page.
Transparent Security Reporting: This vulnerability disclosure process ensures third parties can report security issues responsibly
Compliance Documentation: We maintain comprehensive records of our security compliance for regulatory requirements
Responsible Disclosure
We will not pursue legal action against you or any other security researcher who reports a vulnerability to us in accordance with this policy, provided that you:
Do not exploit the vulnerability in any way, other than to demonstrate the vulnerability to us.
Do not engage in unlawful or unethical behaviour.
Do not cause any impact or damage to our systems or applications while researching or reporting the vulnerability.
Do not engage in physical attacks against our facilities or data centres.
Do not leverage deceptive techniques, such as social engineering attacks, phishing or other attempts to trick our employees or contractors into disclosing sensitive information.
Do not attempt to access, modify, destroy, exfiltrate, or retain data stored by Spacetalk.
Submit false, misleading, or dangerous information.
Do not report security vulnerabilities relating to missing security controls or protections that are not directly exploitable. Examples include:
weak, insecure, or misconfigured SSL or TLS
Misconfigured DNS records i.e., SPF or DMARC records
Missing HTTP headers
Our policy does not authorise you to conduct security testing against Spacetalk. If you think a vulnerability exists, report it to us. We can test and verify it.
What To Expect After You Submit Your Report
Initial Response: Please allow up to 72 hours for acknowledgment of your vulnerability report. This timeframe ensures your input reaches our dedicated security team promptly.
Investigation Process: Our security team will:
Validate and assess the reported vulnerability
Determine the scope and impact of the issue
Develop appropriate remediation strategies
Coordinate with relevant product and engineering teams
Implement fixes and validate solutions
Follow-up Communication: We will respond directly via email with on our progress provided within 12 days of acknowledgement, including an expected timeline for resolution.
Recognition: After a patch or workaround has been distributed, SPACETALK HOLDINGS PTY LTD will acknowledge security researchers who:
Follow responsible disclosure practices
Do not prematurely disclose vulnerability information
Do not publish exploitation details that could harm our customers
Note: SPACETALK HOLDINGS PTY LTD does not currently operate a bug bounty or financial reward program for vulnerability disclosures. We provide recognition and acknowledgment as our standard practice for responsible security research.
Security Vulnerability Contact Information
Primary Security Contact: [email protected]
Alternative Contact (for urgent matters): [email protected] with subject line "URGENT SECURITY VULNERABILITY"
For regulatory or compliance inquiries related to Australian Cyber Security Rules: [email protected]
Our Commitment to Security
SPACETALK HOLDINGS PTY LTD is dedicated to:
Maintaining transparent and responsive security practices
Meeting all Australian cybersecurity regulatory requirements
Protecting our customers through proactive vulnerability management
Collaborating with the security research community
Continuous improvement of our security posture
Thank you for helping us maintain the security and trust that our customers depend on.
This policy is effective as of March 2025.
For questions about this policy, please contact our security team.