United Airlines offers 1.25 million frequent flyer miles to hacker

United Airlines offers 1.25 million frequent flyer miles to hacker

United Airlines has initiated a bounty program for hackers that can alert them to cyber threats.

United Airlines, the second largest carrier in the United States, rewarded a hacker, Jordan Wiens, 1.25 million frequent flyer miles for detecting a software deficiency, South China Morning Post reports. 

Other technology firms have smartened up and adopted bounty programs for hackers like Jordan. Facebook, Twitter and Dropbox offer hundreds of dollars for hackers who spot security weaknesses on their sites. As the threat of cyber attacks becomes more ominous, other companies outside of the tech sector have seen the imperative in staying informed.

“As things get increasingly automated all around us, software is all around us and software bugs are all around us,” Harlan Yu, a principal at technology firm Upturn, said in a recent interview.

United Airlines just weeks before they unraveled their version, was experiencing various software issues. Glitches caused fleets to land twice, and on June 2 a bug in their flight dispatching software delayed 150 flights for nearly an hour. On July 8, their reservation system became wonky and didn’t allow passengers to check in for their flights.

Because of the confidentially agreement with the contest, Wiens can only offer a wink at what he discovered. The flaw that rewarded the million miles was a “remote code execution” vulnerability that gave hackers the ability to hijack control of an entire device. The second susceptibility was an “information disclosure”, or simple a data leak.

A United Airlines spokesman made a statement that Wiens was one of the two million-mile winners, but didn’t elaborate any further.

“We believe that this [bounty] programme will further bolster our security and allow us to continue to provide excellent service,” United posted on its website.

By day, Wiens is an information technology security consultant and hadn’t considered the challenge until a friend introduced him as he was entering the program. Wiens did some leisurely online detective work of his own and discovered he was on the trend’s vanguard.

Fast forward one night later, Wiens sniffed out a bug and days later was offered a wanderlust’s dream; then, United fattened up his cache with more miles.

But Wiens doesn’t believe United has slipshod security issues, but the on the contrary, is in on the upward curve. He said that companies are becoming more realistic to internet predators and using the leverage crowdsourcing cyber8security offers.

“I don’t think United has a bad security posture,” he said. “I think having a bug bounty programme speaks to the maturity of their online presence.”

 

 

Be social, please share!

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail