United pays miles to hackers who spotted IT-system flaws

The gold standard million-mile award is for uncovering a flaw that allows remote code execution on United’s online properties, reports The Register. Three declined to comment on bug bounty programs; the fourth was not available.

United in May started rewarding hackers who discovered and reported software defects in the airline’s system with miles of free air travel.

The company confirmed with Reuters that it has paid out two awards worth 1 million miles each, which includes tickets worth dozens of free domestic flights on the airline.

United Airlines last week made good on its promise to award 1 million airline miles to anyone who pointed out a severe security bug on the company’s website. Within weeks of the launch of the program, the airline’s fleet was gutted twice, once again revealing large chunks of risks that the airline had.

Four of United’s competitors were contacted by Reuters to see if they were looking into a similar program.

“Airlines take their customers’ privacy seriously and take all necessary precautions to keep passenger data secure”, it said in the statement.

Wiens’ experience highlights the fact that some companies have a great opportunity to develop attractive bug bounty programs without cash rewards.

But United wants to get out ahead of the problem as evidence mounts that the airline industry is digitally vulnerable. “There actually aren’t that many companies in any industry outside of technology that do bug bounties”. Got a million miles for my bug bounty submissions!

The award was in-line with a flaw he helped detect; the flaw allowed hackers to gain control of the website of the airlines.

“It’s really interesting that United did what they did”, he said in an interview. Mr. Wakelam said, “I’ve been rewarded 500,000 miles for a bug I found on [May 16], and I still have several bugs pending”, adding that he had dedicated only 10 hours in finding the bug.

The U.S. airline has been hit by a series of high-profile cyber gaffes over the past few months, including one instance of a security expert claiming to have hacked into his plane’s avionics through the in-flight entertainment, and two separate occasions where technical faults grounded United Airlines planes nationwide.