Latest in Airlines

Image credit:

Find a security flaw and United Airlines will pay you in... miles

Share
Tweet
Share

Sponsored Links

In the world of digital security, bug hunting is the practice of finding holes in a corporation's security and selling it back so the problem can be quietly fixed. Companies such as Microsoft know that it's far cheaper to pay researchers up to $100,000 up-front, rather than facing a massive public security breach shortly afterward. United Airlines has just started one of its own bug hunting programs, but the airline treats security experts much like it does its disgruntled passengers. Rather than just pay fees out in cold, hard, useful cash, the Joffrey Baratheon of airlines has decided to offer united air miles as a bounty.

The announcement comes just a few weeks after both the FBI and TSA asked airlines to start looking for theoretical hacks to their in-flight WiFi. It was prompted after security researcher Chris Roberts joked on Twitter that, on a United flight to Syracuse, he was able to access the airplane's oxygen mask controls. Naturally, he was met by FBI agents as soon as the plane touched down, and was promptly banned from flying with the airline.

As Wired points out, United have clearly missed the point with its bug hunting program, since it discourages people from looking for in-flight vulnerabilities. The rules also seem to discourage people from looking for issues that could hijack a plane, something that Hugo Teso claimed he could do at least two years ago. Instead, hackers are asked to poke holes in United's terrestrial operations, including its online authentication, mobile apps and remote code executions.

If, however, you're able to find and prove a remote code execution, you could receive a maximum payout of one million miles for your trouble. Although, knowing United as we do, there'll probably be some subclause that means you can only use your reward every third Sunday, and then only on the now-axed Newark to Columbia route.



All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Facebook is banning Oculus owners with multiple VR headsets

Facebook is banning Oculus owners with multiple VR headsets

View
Samsung, Stanford make a 10,000PPI display that could lead to 'flawless' VR

Samsung, Stanford make a 10,000PPI display that could lead to 'flawless' VR

View
Garmin smartwatches are on sale at all-time low prices at Amazon

Garmin smartwatches are on sale at all-time low prices at Amazon

View
GitHub takes down YouTube video download tools after an RIAA notice

GitHub takes down YouTube video download tools after an RIAA notice

View
Redbox's Free Live TV comes to Xbox One consoles

Redbox's Free Live TV comes to Xbox One consoles

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr