|
 United
Airlines awards hackers millions of miles for revealing risks
Send a link to a friend
[July 16, 2015]
By Jeffrey Dastin
(Reuters) - United Continental Holdings
Inc has awarded millions of frequent flier miles to hackers who have
uncovered gaps in the carrier's web security, in a first for the U.S.
airline industry.
|
|
 United confirmed with Reuters that it has paid out two awards
worth 1 million miles each, worth dozens of free domestic flights on
the airline. United did not confirm tweets from individuals who say
they have been paid smaller awards as well.
The Chicago-based carrier has hoped to trailblaze in the area of
airline web security by offering "bug bounties" for uncovering cyber
risks. Through the program, researchers flag problems before
malicious hackers can exploit them. The cost can be less than hiring
outside consultancies.
Three of United's competitors declined to comment on bug bounty
programs. A fourth was not immediately available for comment.
Trade group Airlines for America said in a statement that all U.S.
carriers conduct tests to make sure their systems are secure.
United unveiled the approach in May just weeks before technological
glitches grounded its entire fleet twice, underscoring the risks
that airlines face. One incident locked the airline out of its
reservations system, preventing customers from checking in, and
another zapped functionality of the software United needed to
dispatch its flight plan.
"We believe that this program will further bolster our security and
allow us to continue to provide excellent service," United said on
its website, declining additional comment.
Jordan Wiens, a researcher focused on cyber vulnerabilities, tweeted
last week that he received United's top reward of 1 million miles
for exposing a flaw that could have allowed hackers to seize control
of one of the airline's websites.
[to top of second column] |
"It’s really interesting that United did what they did," he said in
an interview. "There actually aren’t that many companies in any
industry outside of technology that do bug bounties.”
Wiens said it was normal for large companies such as United to have
bugs in their websites.
Terms of the agreement prohibit Wiens from disclosing the bug he
discovered. The terms also required that Wiens reveal the supposed
problem to United without trying to exploit it, meaning he does not
know how much information he could have accessed or manipulated.
Beyond the bounty, United said it tests systems internally and
engages cybersecurity firms to keep its websites secure.
(Reporting by Jeffrey Dastin in New York; Editing by Leslie Adler)
[© 2015 Thomson Reuters. All rights
reserved.]
Copyright 2015 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
 |
