View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

United Airlines launches bug bounty after banning security researcher from flights

Airline will give you miles for bugs – just don't joke about it on Twitter.

By Jimmy Nicholls

United Airlines has launched a bug bounty scheme only a month after it banned a security researcher from its flights because he jokingly tweeted that he could hack the plane’s systems.

Programmers can earn up to 1,000,000 air miles by successfully sending a bug to the airline, which is a departure from the convention of not offering money for any flaws discovered.

Writing in a statement online, United Airlines said: "We are committed to protecting our customers’ privacy and the personal data we receive from them, which is why we are offering a bug bounty program – the first of its kind within the airline industry.

"We believe that this program will further bolster our security and allow us to continue to provide excellent service."

Eligible bugs in the programme include those enabling remote code execution, which allows hackers to sent malicious commands over the Internet; brute force attacks in which automated login attempts are used to crack passwords; and retrieval of personal information.

It follows the exclusion of Chris Roberts of OneWorld Labs from a United Airlines flight after he jokingly tweeted that he could force the oxygen masks to deploy on a flight between Colorado and San Francisco, where he was due to speak at RSA Conference 2015, a cybersecurity event.

After he was stopped from boarding Roberts was questioned by the FBI for four hours and deprived of his electronic equipment. He was later banned from the airline.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

"Given Mr Roberts’ claims regarding manipulating aircraft systems, we’ve decided it’s in the best interest of our customers and crew members that he not be allowed to fly United," said United spokesman Rahsaan Johnson at the time.

"However, we are confident our flight control systems could not be accessed through techniques he described."

Whilst bug bounty programmes are common within the technology industry, with Microsoft, Google and Facebook all having set them up, such schemes are less common outside the sector – a trend that could change as more objects become connected in the Internet of Things.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU