United Airlines will reward professional hackers who can crack the airline's mobile apps and websites with up to 1 million air miles. Brett Larson has the details.
on.aol.com
Calling all “ethical hackers. . . .” United Airlines has introduced a program that can earn the right person up to 1 million air miles. All that person has to do is to hack into United Airlines.
Fabrice Coffrini/AFP via Getty Images
The aim is to expose security bugs so that they can be remedied. Estimates relate that by 2019, the security breaches through this year will look like a cakewalk in comparison and will cost businesses worldwide $2.1 trillion.
Not all hacks are up for grabs, though. United doesn’t want hackers messing with onboard systems such as WiFi and avionics. There would be no rewards there, but more likely, legal action. One security researcher found this out the hard way when he was banned from the airline last month for tweeting about the security vulnerabilities he found in onboard systems.
Naked Security reports May 18 that bug bounties have been offered by tech companies such as Facebook, Googleand Microsoft. The Bank of England has also employed similar tactics, hiring on ethical or “white hat hackers” to test big banks’ lines of defense. According to United’s page for the “bug bounty program,” this particular program is the “first of its kind in the airline industry.”
CNBC reports, that the types of vulnerabilities up for grabs include finding bugs on customer facing websites, finding bugs on the United’s phone app, and uncovering vulnerabilities that could lead to the compromise of customers’ identity data. The amount of miles awarded depend on the severity of the vulnerability discovered. Up to 50,000 miles will be awarded to ethical hackers who can uncover what the airline considers low level bugs such as cross-site scripting, cross-site request forgeries and third-party issues that affect the airline.” Up to 250,000 miles will be rewarded in the mid-level range for vulnerabilities such as authentication bypasses, brute-force and timing attacks.
Up to 1 million miles will be awarded to “researchers” who report on high security bugs in remote code execution. Essentially, anyone who can prove that a cyberattack done from a remote location is possible can earn the whopping number of miles -- that is, if the bug has not been reported already by someone else.
“If you think you have discovered an eligible bug, we would love to work with you to resolve the issue,” states United on the page for their bug bounty program. Researchers must work within the guidelines of the program, however. Making attempts on systems including actual brute force attacks, breaches on inflight systems such as WiFi and onboard entertainment, scanning United’s servers and cyber actions that could be seen as terrorist attacks will lead to permanent disqualification from the program and possible scrutiny under the law.
*originally published on the now defunct Examiner.com
*originally published on the now defunct Examiner.com
No comments:
Post a Comment