View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

United Airlines launches bug bounty after banning security researcher from flights

Airline will give you miles for bugs – just don't joke about it on Twitter.


United Airlines has launched a bug bounty scheme only a month after it banned a security researcher from its flights because he jokingly tweeted that he could hack the plane’s systems.

Programmers can earn up to 1,000,000 air miles by successfully sending a bug to the airline, which is a departure from the convention of not offering money for any flaws discovered.

Writing in a statement online, United Airlines said: "We are committed to protecting our customers’ privacy and the personal data we receive from them, which is why we are offering a bug bounty program – the first of its kind within the airline industry.

"We believe that this program will further bolster our security and allow us to continue to provide excellent service."

Eligible bugs in the programme include those enabling remote code execution, which allows hackers to sent malicious commands over the Internet; brute force attacks in which automated login attempts are used to crack passwords; and retrieval of personal information.

It follows the exclusion of Chris Roberts of OneWorld Labs from a United Airlines flight after he jokingly tweeted that he could force the oxygen masks to deploy on a flight between Colorado and San Francisco, where he was due to speak at RSA Conference 2015, a cybersecurity event.

After he was stopped from boarding Roberts was questioned by the FBI for four hours and deprived of his electronic equipment. He was later banned from the airline.

Content from our partners
Why all businesses must democratise data analytics
How start-ups can take the next step towards scaling up
Unlocking the value of artificial intelligence and machine learning

"Given Mr Roberts’ claims regarding manipulating aircraft systems, we’ve decided it’s in the best interest of our customers and crew members that he not be allowed to fly United," said United spokesman Rahsaan Johnson at the time.

"However, we are confident our flight control systems could not be accessed through techniques he described."

Whilst bug bounty programmes are common within the technology industry, with Microsoft, Google and Facebook all having set them up, such schemes are less common outside the sector – a trend that could change as more objects become connected in the Internet of Things.

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy