Last updated: 02:45 PM ET, Sat May 16 2015

United Offering Up to a Million Miles to 'Ethical Hackers'

Airlines & Airports | Michael Isenbek | May 16, 2015

United Offering Up to a Million Miles to 'Ethical Hackers'

Image courtesy of Thinkstock

In light of increased cybersecurity issues for businesses worldwide, United Airlines is beginning a “bug bounty” program. The airline will award “ethical” or “white hat” hackers who find and report security bugs in the airline’s network up to one million air miles, Arjun Kharpal of NBC News reported.

According to a figure calculated by Juniper Research, cited by Kharpal, data breaches will cost businesses around the world $2.1 trillion in total by 2019, four times 2015’s amount.

Setting an external group of white hat hackers loose to find security flaws is not a new tactic for businesses, but United is one of the first airlines to try it.

United’s website fleshes out what is eligible for submission to get those miles. Areas in their system the airline wants scoured for bugs includes the customer facing websites, the United app, and where the user’s private credentials are kept.

Discoverers of low-level bugs get 50,000 miles, while those who find bugs of medium severity get 250,000. The grand prize of a million air miles, goes to the hacker who finds a "remote execution code," which, according to Kharpal, allows a hacker to “infiltrate a network from a remote location.”

But there are limits.

Drawing the line at passenger safety in the air, bugs found in "onboard Wi-Fi, entertainment systems or avionics" are not eligible for submission, according to United. They also warned that if a white hat hacker turns to a “black hat,” they face disqualification from the program, and a legal investigation.

Jason Steer, chief security strategist at FireEye commented about the logic of an external group finding bugs in the system. "This is a really smart move by United Airlines, as crowdsource testing for security weaknesses can be hugely valuable to organizations," he said in a statement. "Its bug bounty is a novel way to incentivize white hat hackers to look for weaknesses in its system, and a great way to save them money whilst increasing its security."


You may use your Facebook account to add a comment, subject to Facebook's Terms of Service and Privacy Policy. Your Facebook information, including your name, photo & any other personal data you make public on Facebook will appear with your comment, and may be used on Click here to learn more.

Discover Club Med All-Inclusive Vacations

Hotels & Resorts