Home Medical Factors Facing Pilots Aviation Stories Of Interest FAA Exam Aviation News Maintenance and Aircraft Mechanics General Aviation Helicopters
Aviation History Legal Issues In Aviation Links To Other Sites Editorials Hot Air Balloon Aviation Training Handbooks Read Online Upcoming Events Editorials


United Airlines Puts Computer Security To The Test Offering Hackers Reward Miles

May 17, 2015 - United Airlines is so confidant in its computer security it is offering up one million air miles to any computer hacker that can penetrate it system. This move comes amid increasing cyber security threats to businesses around the world. 

In order for a hacker to receive the one million air miles, the hacker must be an "ethical hacker" and they must identify coding known as a "remote execution code" which would allow a hacker to gain access their network from a remote location. This is known as a security flaw in the software.


United Airlines stated "At United, we take your safety, security and privacy seriously. We utilize best practices and are confident that our systems are secure. We are committed to protecting our customers' privacy and the personal data we receive from them, which is why we are offering a bug bounty program, the first of its kind within the airline industry.

"We believe that this program will further bolster our security and allow us to continue to provide excellent service. If you think you have discovered a potential bug that affects our websites, apps and/or online portals, please let us know. If the submission meets our requirements, we’ll gladly reward you for your time and effort".

United states that to ensure that submissions and payouts are fair and impactful, they have instituted eligibility requirements and guidelines to those submitting for the reward miles.

- All bugs must be new discoveries. Award miles will be provided only to the first researcher who submits a particular bug.

- The researcher must be a MileagePlus member in good standing. If you’re not yet a member, join the MileagePlus program now.



-  The researcher must not reside in a country currently on a United States sanctions list.

- The researcher submitting the bug must not be an employee of United Airlines, any Star Alliance™ member airline or any other partner airline, or a family member or household member of an employee of United Airlines or any partner airline.

- The researcher submitting the bug must not be the author of the vulnerable code.

United states the following bugs are eligible for submission:
- Bugs that only affect legacy or unsupported browsers, plugins or operating systems
- Bugs on internal sites for United employees or agents (not customer-facing)
- Bugs on partner or third-party websites or apps
- Bugs on onboard Wi-Fi, entertainment systems or avionics
- Insecure cookie settings for non-sensitive cookies
- Previously submitted bugs
- Self-cross-site scripting

Bugs that are eligible for submission:
- Authentication bypass
- Bugs on customer-facing websites such as:
- united.com
- beta.united.com
- mobile.united.com
- Bugs on the United app
- Bugs in third-party programs loaded by united.com or its other online properties
- Cross-site request forgery
- Cross-site scripting (XSS)
- Potential for information disclosure
- Remote code execution
- Timing attacks that prove the existence of a private repository, user or reservation
- The ability to brute-force reservations, MileagePlus numbers, PINs or passwords

United Airlines payout will be assessed from Low to high risk. Low risk will payout 50,000 reward miles (Cross-site scripting, Cross-site request, forgery, Third-party issues that affect United), Medium risk will payout 250,000 reward miles (Authentication bypass, Brute-force attacks, Potential for personally identifiable information (PII) disclosure, Timing attacks) and High risk will payout the one million reward miles (Remote code execution).

United has warned hackers that it will not allow anyone attempt such things as injecting malicious code into live systems, coercion or extortion of the airline's employees. Anyone who attempts this will not be allowed in the company's bug bounty program. Any hacker who does attempt could face criminal charges.  For more information you can Google United Airlines bug bounty program.

Other News Stories (For the latest news please checkout our home page)
blog comments powered by Disqus  
Home Aviation News Aviation Stories Of Interest FAA Exam Upcoming Events Links To Other Sites General Aviation Helicopters Medical Factors Facing Pilots
Maintenance and Aircraft Mechanics Hot Air Balloon Aviation Training Handbooks Read Online Aviation History Legal Issues In Aviation Sea Planes Editorials
 ©AvStop Online Magazine                                                                 Contact Us                                                  Return To News                                          Bookmark and Share  

AvStop Aviation News and Resource Online Magazine