United Airlines offers air miles as bug bounty

By

But don't touch internal, onboard systems.

Major American carrier United Airlines has launched a bug bounty program which offers air miles as a reward for researchers who discover flaws in its web portals.

United Airlines offers air miles as bug bounty

Bug bounty programs are increasing in popularity as incidents of cybercrime rise. Companies such as Google and Facebook use these programs to get third-party eyes on systems, offering monetary reward for disclosure to lure hackers away from selling the information on the black market.

United Airlines, however, has chosen to offer air miles - on a sliding scale depending on the severity of the bug discovered - instead of cash.

"If you think you have discovered a potential bug that affects our websites, apps and/or online portals, please let us know. If the submission meets our requirements, we'll gladly reward you for your time and effort," the airline said.

Air miles are available for those who discover a bug in customer-facing websites and third-party programs which affects the "confidentiality, integrity and/or availability of customer or company information".

Cross-site scripting, cross-site request forgery and third-party issues affecting United are classified as low-severity and are worth 50,000 air miles.

Researchers can access 250,000 air miles per vulnerability classified as medium-severity, such as authentication bypass, brute force attacks and issues that could lead to personal data being disclosed.

Discovering a high-security vulnerability - such as remote code execution - will earn the researcher a maximum of 1 million air miles.

Those interested in participating in the bug bounty program will need to be MileagePlus members, United said.

The airline is only looking to unearth bugs in customer-facing systems - issues with legacy systems, operating systems, onboard wi-fi, internal websites or entertainment systems are not eligible.

Similarly, any researchers who perform brute force or DDoS attacks, code injection on live systems, or test on in-flight systems will be disqualified and potentially face criminal investigation, United said.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
bug bountysecurityunited airlines

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?