Hack your way to an exotic vacation destination? That’s essentially what United Airlines is offering with its new program that rewards up to 1 million frequent flyer miles to hackers who uncover security vulnerabilities in its website or mobile travel apps.
United says it’s the first airline to implement a “bug bounty program” — when a website or software company offers some kind of compensation to individuals who can uncover bugs and other vulnerabilities it its system. The airline launched a preview of its United.com website last week.
Hackers simply need to enroll in United’s MileagePlus reward program to be eligible. The more severe the bug that’s uncovered, the more generous the bounty. The airline is promising 50,000 miles for low-level discoveries, 250,000 miles for medium-level discoveries, and a whopping 1 million miles for the discovery of the highest-level of vulnerabilities, which it says is a “remote code execution.”
But there’s a major caveat in the program’s rules: The airline does not want hackers messing with “any testing on aircraft or aircraft systems such as inflight entertainment or inflight Wi-Fi.” In other words, stick to tinkering with the airline’s website and mobile app on the ground, not the actual systems that are employed during flight. (That’s a sure way to get booted from a flight and even be subject to criminal investigation.)
United’s announcement comes just weeks after a Chris Roberts, a computer security researcher, tweeted that he could hack the onboard systems of his United flight. The airline promptly banned Roberts from flying and the incident led to an FBI investigation.
United has had security issues with its website in the past. Last year, hackers broke into the airline’s website and booked free trips and upgrades using United frequent flyer accounts.