United Airlines Offers Bounties to Anyone who Finds Security Bugs

Chris Roberts gets arrested for tweeting about his hacking activities on-board United Airlines Boeing 737-800 from Chicago to Syracuse and was arrested on touchdown. Chris Roberts proves a point by twitter posts to point out the loopholes in the Airlines security. Today United Airlines has started a bug bounty program which will allow the passengers to you fly free if they find bugs in its software.

Ever since the advent of technology and digitization of the entire US infrastructure, hacking researchers have made it one of their goals to establish the weaknesses and loopholes in the system. They have proven their point by hacking into the systems they believed were insecure. Their practice of approach was of course not suitable since they were committing cyber crime themselves and declaring their results to general public. Their approach damaged the credibility of the institutes they attacked. Institutes that afford excellent lawyers who prosecuted the hackers for unlawful hacking and divulging company information.

For hackers, it serves as a fuel to their motivation to prove that when companies would rather cover up their errors instead of listening to them and prosecuting them in return, the hackers declared their claims publicly on media forums and conferences while companies assured customers and users that their systems are secure.

One of the other lines that the hackers have pursued is to prove the vulnerability of security systems to cyber terrorism. Government Accountability Office published a report on Wednesday outlining that all Boeing and Airbus planes were vulnerable to hacking and taking control due to the passenger WiFi portals under the passenger seats according to the reported loopholes in the system, the planes bay control, modules and flight controls could be accessed and taken over by any person skilled enough to break a few codes. 

According to the Wired, Onboard passenger, Chris Roberto, a respected cyber security professional with One World Labs. He has worked on airplanes cyber security since 2009. He decided to join in on the discussion on Twitter regarding the report.

He posted a tweet saying “Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? “PASS OXYGEN ON” Anyone ? :)” Suffice to say that he made his point, verification of his actions remain to be ascertained but what is known for sure is that he tweeted the above tweet. His words were implicating threat and moreover highlighting on social network how easy it would be to hack into a plane, something that could not be done otherwise. 

His tweet led him to a welcoming party consisting on two Syracuse police officers and FBI officers. The party spent time in the conference room at the end of which his laptop and tech stuff was taken without a warrant. He was banned from travelling on United and made other arrangements. His detainment has raised further protests. 

Confiscation of his items without warrant is being protested as illegal action. The fact that his tweets were being monitored also raised alarm regarding government spying on citizens’ internet activity. Moreover, the lack of admittance and panic from the airline also raises concern over whether the airline is even safe since presence of FBI proves that what Chris had implied might actually be right.

After this incident, United Airlines really worked on it and the company today announced a bug bounty program due to which those passengers who will find bugs in its security system will get rewarded. United Airlines will actually allow bug finders to fly free. What is actually this bug bounty program?

“A bug bounty program permits independent researchers to discover and report issues that affect the confidentiality, integrity and/or availability of customer or company information and rewards them for being the first to discover a bug,” according to United Airlines website.

However, not every bug finder will be rewarded. United Airlines has some eligibility requirements and guidelines that will need to be met by all researchers submitting bug reports. Read these on its website. And the company has also made a list of all the bugs that are eligible for submission and also a list of those bugs that are not eligible for submission.

United Airlines also offers three types of bounties: security researchers who will find High level bugs will get 1,000,000 award miles, Medium bug finders will get 250,000 award miles while Low bug finders will get 50,000 award miles free.

For more details, visit United Airlines website.