Stories
Slash Boxes
Comments

SoylentNews is people

United Airlines Offering Miles for Bug Bounty Rewards

posted by CoolHand on Friday May 15 2015, @06:05PM   Printer-friendly
from the flying-bugs-helping-us-fly dept.

fliptop writes:

If you're a frequent flier and like looking for software bugs, United Airlines may have an offer you can't refuse. While most companies pay monetary rewards,

United Airlines, in keeping with the company's services, has chosen to offer air miles.

"We believe that this program will further bolster our security and allow us to continue to provide excellent service," United says. "If you think you have discovered a potential bug that affects our websites, apps and/or online portals, please let us know. If the submission meets our requirements, we'll gladly reward you for your time and effort."

If a researcher discovers bugs in the system which affect the "confidentiality, integrity and/or availability of customer or company information," through customer-facing websites and third-party programs used by United, they may be eligible for reward. Low-severity rated vulnerabilities, such as cross-site scripting, cross-site request forgery and third-party problems which affect United are worth 50,000 air miles.

Medium- and high-severity attacks will net 250,000 and 1 million miles, respectively. You probably don't want to conduct any research while in flight, though:

The airline says brute-force attacks, code injection on live systems, DDoS attacks, testing on MileagePlus accounts that are not your own and testing on in-flight systems will result in disqualification and possible criminal investigation.

 
This discussion has been archived. No new comments can be posted.
United Airlines Offering Miles for Bug Bounty Rewards | Log In/Create an Account | Top | 21 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Funny) by Megahard on Friday May 15 2015, @07:01PM

    by Megahard (4782) on Friday May 15 2015, @07:01PM (#183453)

    If you can take over the plane then you probably don't need frequent flyer miles.

    Starting Score:    1  point
    Moderation   +2  
       Funny=2, Total=2
    Extra 'Funny' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   4  

  • (Score: 2) by zocalo on Friday May 15 2015, @07:41PM

    by zocalo (302) on Friday May 15 2015, @07:41PM (#183462)
    "Testing" is not the same as "packet capture and analysis". You could, in theory, still capture a bunch of traffic from the in-flight systems and try and reverse engineer them for potential weaknesses, but even if you were to do that and find a definite flaw that's almost certainly not United's code but rather that of a sub-contractor of Airbus, Boeing, or whoever supplied the in-flight entertainment systems. Ditto for the software airlines typically run at the gate to manage boarding etc., which is most often supplied by ARINC, although there might also be a side channel for uploading media content, etc. over Wi-Fi.
    --
    UNIX? They're not even circumcised! Savages!

    • (Score: 2, Insightful) by Pseudonymous Coward on Friday May 15 2015, @10:20PM

      by Pseudonymous Coward (4624) on Friday May 15 2015, @10:20PM (#183510)

      And if it crashes, you're dead!

      • (Score: 2) by zocalo on Saturday May 16 2015, @10:18AM

        by zocalo (302) on Saturday May 16 2015, @10:18AM (#183714)
        If the plane's code is such that it can crash because someone is doing passive capture of stuff they were broadcasting out anyway it would be a wonder it got off the ground in the first place.
        --
        UNIX? They're not even circumcised! Savages!