Sign up for our newsletter - Navigating the horizon of business technology​
Technology / Cybersecurity

United Airlines launches bug bounty after banning security researcher from flights

United Airlines has launched a bug bounty scheme only a month after it banned a security researcher from its flights because he jokingly tweeted that he could hack the plane’s systems.

Programmers can earn up to 1,000,000 air miles by successfully sending a bug to the airline, which is a departure from the convention of not offering money for any flaws discovered.

Writing in a statement online, United Airlines said: "We are committed to protecting our customers’ privacy and the personal data we receive from them, which is why we are offering a bug bounty program – the first of its kind within the airline industry.

"We believe that this program will further bolster our security and allow us to continue to provide excellent service."

White papers from our partners

Eligible bugs in the programme include those enabling remote code execution, which allows hackers to sent malicious commands over the Internet; brute force attacks in which automated login attempts are used to crack passwords; and retrieval of personal information.

It follows the exclusion of Chris Roberts of OneWorld Labs from a United Airlines flight after he jokingly tweeted that he could force the oxygen masks to deploy on a flight between Colorado and San Francisco, where he was due to speak at RSA Conference 2015, a cybersecurity event.

After he was stopped from boarding Roberts was questioned by the FBI for four hours and deprived of his electronic equipment. He was later banned from the airline.

"Given Mr Roberts’ claims regarding manipulating aircraft systems, we’ve decided it’s in the best interest of our customers and crew members that he not be allowed to fly United," said United spokesman Rahsaan Johnson at the time.

"However, we are confident our flight control systems could not be accessed through techniques he described."

Whilst bug bounty programmes are common within the technology industry, with Microsoft, Google and Facebook all having set them up, such schemes are less common outside the sector – a trend that could change as more objects become connected in the Internet of Things.
This article is from the CBROnline archive: some formatting and images may not be present.