Two hackers have been rewarded by U.S. airline United with a million free flight miles each, the maximum number allowed, for disclosing security flaws, rather than sharing them online. The second largest U.S. flight line operates a “bug bounty” program that offers hackers compensation for reporting issues associated with security, helping to ensure safety.
According to a post on its website, the flight provider stated, “We are committed to protecting our customers’ privacy and the personal data we receive from them. We believe that this bounty program will further bolster our security and allow us to continue to provide excellent service.”
Jordan Wiens, a software researcher, discovered a fatal glitch in United’s system, called “remote code execution,” which could allow hackers to receive total control over flight-related devices. Another major bug spotted by him was related to information disclosure, but could not be discussed further due to the rules he is bound by.
“Schemes like this reward hackers for finding and disclosing problems in the right way. That makes the internet safer for all of us,” said security consultant Dr. Jessica Barker. “Bug bounties are common in tech companies as they tend to understand online security a bit more, but other industries are catching up.”
With aviation liabilities near the forefront, it seems as if United is catching up with the times to avoid any cyber threats. Among the largest companies that offer incentives to hackers who privately report bugs are Facebook, Yahoo, and Twitter.
For United, rewarding bug bounties with flight miles is a cost-effective method for identifying glitches that is less expensive than hiring an outside consultant. At the same time, this approach may be discouraging to the internal security staff that may have been hired.
Nonetheless, Dr. Barker seems to believe bug bounties are beneficial, noting, “It encourages positive behavior and shows young hackers that they can benefit from doing the right thing.”
Source: BBC
Advertisement
Learn more about Electronic Products Magazine
