United Airlines Wants You To Hack Its Websites
I think it’s fair to say that no one really enjoys flying United. But what’s this, did someone say free miles?
Right now, United Airlines is offering up to a million air miles to hackers who can find security bugs in its network. Sounds like a challenge to me.
United’s new, seemingly pro-active stance on cybersecurity comes weeks after the airline booted security researcher Chris Roberts off one of its flights for posting a tweet that referenced vulnerabilities in the on-board computer networks of certain United airplanes.
On the website, United Airlines lists the types of threats that are eligible for submission into its so-called “bug bounty program”. These include finding bugs on customer facing websites, flaws in the United app, and attacks that compromise the private credentials of users.
Does this sound like a PR stunt to you?
Here is how it works- the amount of air miles awarded depends on the severity of the bug discovered. For a so-called “ethical hacker” to receive a million air miles, they must uncover what is known as a “remote execution code” – a security flaw that allows hackers to infiltrate a network from a remote location.
The reward for uncovering a medium severity bug is 250,000 air miles, and people who discover low level bugs will receive 50,000 air miles.
The program is only open to those who report flaws in its websites and mobile applications, and United has specifically prohibited the reporting of bugs affecting ”onboard Wi-Fi, entertainment systems or avionics”. Anyone who does carry out testing of those systems will be immediately banned from the programme and could face “possible criminal and/or legal investigation”. United has also prohibited vulnerability scans or automated scans on United servers.
I guess if you are a hacker and a United MileagePlus member, it might be worth your while to scour the website for bugs. Time to get off that couch, and get hacking.