United airlines no doubt has Sometimes the best intentions are only half the job. United Airlines launched a bug bounty to find holes in its computer systems. The idea is to get well meaning security researchers and hackers to find the security flaws in their system before the evil hackers do. The reward for finding the flaws could be as much as one million frequent flyer miles. United Airlines is joining a growing number of companies offering rewards for reports of security vulnerabilities.
United produced a list of systems eligible for the reward. They encourage security researchers and hackers to attack the following websites, United.com, beta.united.com and mobile.united.com; the United app; and other third-party applications loaded by united.com or other online properties. All these systems sell tickets and protect customer and company data. But not your life.
Researchers and hackers won’t make any money on the deal. United is only offering award miles for finding the vulnerabilities. For small flaws they offer as much as 50,000 miles up to one million miles for major ones. United, being United, requires participants be members of, or join, their MileagePlus loyalty program to collect.
Here’s the the problem; researchers and hackers hunting for the bugs cannot test aircraft or aircraft systems, including inflight entertainment and Wi-Fi, or conduct vulnerability scans of United servers.
“Hopefully United’s position is not that it would not consider such vulnerabilities as being serious, but rather they are loath to having researchers attempting to find flaws in a plane that’s flying at 30,000 ft,” wrote Graham Cluley, an independent security consultant, in a blog post.
Breaking It Down
Someone should tell United Airlines this is a half-ass attempt to show they are pro-active in protecting their systems. But is certainly not of any comfort to the people who are sitting in the seats. United could have scored a major public relations coup by stating they had employed researchers to secure their planes against cyber attack or in-flight hacking. Instead it appears that they have decided to protect the systems that generate profits and not lives. Sad. Maybe United has a plan or action in place to do this. I don’t know so I can’t say they don’t. But it would be re-assuring to passengers if they did talk about it. Aviation security spreads the responsibility around to everyone including the passengers. So if you see something say something. United is not taking their responsibility seriously. They aren’t even dishing out any cash. Instead they are offering frequent flyer miles. In the mean time Malaysian Flight 370 is still missing.
