United Airlines: Go ahead, try and hack us

15 May 2015

United Airlines is looking to futureproof the security of its computer networks, having announced a bug bounty programme to anyone who can infiltrate their website and apps, but not aircraft.

Reportedly, this now makes it the first time that an airline has put itself up for review from the online programmer community in terms of its online security but, unfortunately for those who may like the idea of cold, hard cash, the airline is only offering air miles, according to Wired.

According to its release on the programme, the highest reward for someone who is able to enable a remote code execution against its online portals will receive 1m air miles, while someone who may find a flaw through something like an authentication bypass will be rewarded 250,000 air miles.

However, an oddity appears when it comes to their ‘cannot attack’ list, which lists brute-force attacks (DDoS), but also lists brute-force attacks in its list of bounties.

Wi-Fi hacking is a no-go

But perhaps most interesting, of the things that must not be attacked is perhaps one of its most vulnerable, that being, the in-flight Wi-Fi that would arguably be one of the most-targeted systems if someone were looking to commit a terrorist act.

This comes despite the fact that the US’ Government Accountability Office (GAO) last April warned that the very fact Wi-Fi is offered on board aircraft puts them potentially at risk of the plane’s systems being taken over by a passenger and brought down.

Despite not wanting its Wi-Fi tested, the airline was the first to react swiftly to the GAO report as only a few days after it was issued, the airline kicked off renowned security researcher, Chris Roberts, just before his flight was about to take off after he tweeted a joke questioning how easy it would be to hack his plane’s Wi-Fi.

Roberts has now once again seen the humour in United Airlines asking to be hacked, having tweeted this rather sarcastic message.


United Airlines image via Christian Junker – AHKGAP/Flickr

Colm Gorey was a senior journalist with Silicon Republic