United Airlines wants people to hack its websites, not its planes
United Airlines is now offering free frequent flier miles to would-be hackers who can crack the airline’s various websites and mobile apps as part of a bug bounty program.
However, the company doesn’t want anyone pointing out bugs in airplane Wi-Fi or entertainment systems like security researcher Chris Roberts did last month. In the new program’s rules United Airlines (UAL) threatens possible criminal or legal investigations for people who try to do so.
With the new hacker initiative, United Airlines joins a growing number of tech companies including Google, Facebook, and Microsoft that welcome friendly hackers. These companies believe that they can reduce data breaches by rewarding members of the public who find security holes in their technology that may have escaped the eyes of their in-house staff.
United Airlines claims that it is the first major airline to have launched a bug bounty program. But you have to chuckle at the timing of the news.
Last month, researcher Chris Roberts, who works for the security intelligence firm One World Labs, was pulled off a United flight and questioned by the FBI because of a Tweet he sent while on board one of the company’s planes. Roberts, who has pointed out lax computer security aboard commercial airliners, joked that it’s easy to hack into an airplane’s control system. The airline and the FBI were not amused. Authorities confiscated his computer gear and left him to arrange a flight on another airline.
In an interview with Fortune last month Roberts admitted that the joke was maybe a bit too blunt. But he remained firm in his belief that the airline industry needs to take security concerns more seriously it currently does.
Still, judging from a recent tweet by Roberts, he does not seem pleased with United Airlines’ new security initiative.
With the bug bounty, United Airlines is taking steps to prevent the type of mega data breaches at companies like Sony and Target. Like all airlines, it stores a huge amount of personal information for its public-facing websites that hackers would love to get their hands on.
For those who do manage to find security holes within United Airlines’ websites and apps, they could score anywhere from 50,000 to 1,000,000 frequent flier miles depending on the severity of the vulnerabilities they unearth.
For more on security issues, check out the following video from Fortune: