United Airlines Rewards Hackers With Million Airmiles

An aeroplane or airplane at an airport. UK border, Heathrow.

Two hackers awarded one million free airmiles each as part of innovative bug bounty scheme

Two hackers have been rewarded with a million free airmiles each after they exposed potential security issues with an airline’s website.

The rewards were part of United Airlines bug bounty scheme launched in May, that offers friendly hackers frequent flyer miles if they can hack into its corporate websites and mobile apps.

Bug Bounty

A number of hackers took advantage of the scheme and according to the BBC, two of them were handsomely rewarded for privately disclosing security flaws rather than sharing them online. It was reported that the two had been given the maximum reward of a million airmiles each.

Jordan Wiens for example tweeted his appreciation of the airline’s reward. “Wow! @united really paid out! Got a million miles for my bug bounty submissions! Very cool,” he tweeted.

Software BugAlthough Wiens wouldn’t reveal the bug class/severity, he did mention that the bugs were not “technically challenging though.”

One Twitter user congratulated Wiens on his reward, but noted he didn’t anywhere near that amount of airmiles for providing emergency medical treatment to a passenger and thus preventing an emergency landing.

It is the first time that an airline has offered a bug bounty scheme that instead of cash, offers friendly hackers between 50,000 and 1 million frequent flyer miles depending on the severity of the vulnerabilities they unearth.

But the airline has warned that hackers would be permanently disqualified from the bug bounty program and face possible criminal and/or legal investigation if they attempt brute-force attacks; code injection on live systems; disruption or denial-of-service attacks, as well as a number of other restrictions including threats against airline staff.

Aviation Worry

Computer problems are a growing issue for airlines nowadays. Indeed, last week a network connectivity issue grounded many of United Airlines’s aircraft for a number of hours.

The US Government Accountability Office has also previously warned that in-flight Wi-Fi could be used by terrorists or other hackers to take control of an aircraft’s avionic systems.

It is concerned because avionic systems that have traditionally been self-contained are now sharing the same network as passenger Wi-Fi, raising the possibility of remote unauthorised access.

And United Airlines found itself at the centre of security row last month, when one of the world’s foremost experts on counter-threat intelligence within the cybersecurity industry was hauled off one of its flights by the FBI.

Are you a security pro? Try our quiz!