Want to score a million free frequent flier miles? United Airlines is inviting security experts to scour its sites for soft spots in a bug bounty program with a unique payout.
Chicago-based United wants to ensure the safety and security of its consumer’s privacy and company data, and a number of concerns recently arose surrounding the potential for hackers to access a plane’s computer network and take control of communications.
The bug bounty program is the first of its kind in the aviation industry.
Bug bounty programs are popular among security researchers, as some of the payouts from companies can reach staggering sums. The idea is that if someone finds a bug in the code of a website or app, they are paid for reporting it rather than exploiting it. In 2014, Facebook paid out more than $1 million to over 700 people who found bugs in its code.
United has three tiers of severity on which it will reward people with airline miles. Lowest priority with a payout of 50,000 miles are cross-site scripting and issues with third-party apps or services that affect the company. If you discover an authentication bypass, brute force attack, or a security issue that could disclose personally identifiable information, you’ll rake in 250,000 miles. One million airline miles will be given to anyone who discovers a flaw that allows for remote code execution—namely any means for taking control of an airplane’s systems remotely.
The company released a number of requirements for finding the bugs and reporting them. It also described a handful of bugs that, if discovered, aren’t eligible for a reward.
So if you want to take a vacation for free, try digging into the security of United’s sites; maybe you’ll find something that will net you a few thousand airline miles. At the very least, you’ll be making the skies a little friendlier.
Photo via Profilbesitzer/Flickr (CC BY-SA 2.0)