Hackers score 1 million miles for helping United find security bugs

[printfriendly]

Two hackers scored an unusual bounty of one million frequent flyer miles for identifying holes in United Airlines’ security system.

That’s enough for each of them to circle the globe five times.

Such awards, known as a “bug bounties” are paid to any hacker that can help United identify a problem with its system. Many companies and security firms offer bug bounties, including Google (GOOG) andFacebook (FB, Tech30), but United says it’s the first airline to so.

The miles are worth about $15,000 to each hacker according to experts. But offering frequent flyer miles instead of cash helped get the hacker community’s attention.

“I don’t usually do bug bounties for several reasons, but United made the reward seem worth the effort,” said Kyle Lovett, one of the winning hackers. He can’t disclose details of the bug he found, but he did say that it “wasn’t a trivial” vulnerability.

The United program has been up and running since May.

Related: United flights resume after computer problem

“We believe that this program will further bolster our security,” United said in a statement. It offers a range of payments, from 50,000 to one million frequent flyer miles depending on the severity of the problem detected. The hackers’ one-million mile awards were first reported by Reuters.

Lovett, a Cisco (CSCO, Tech30) employee, said it only took him about two hours to find and document the bug for United. He said United quickly fixed the bug he discovered.

Lovett doesn’t have any exciting travel plans yet, but he has bought tickets so that his mother and brother can visit him in California.

Jordan Wiens, a co-founder of a firm Vector35, which does vulnerability research and reverse engineering for firms, was the other hacker to win 1 million miles. He posted a screenshot of his mileage account on Twitter.

All of United (UAL)’s worldwide flights were grounded for more than an hour last week due to a problem with its computer reservation system. But the airline says that problem was a connectivity issue that wasn’t caused by hacking.

Source: CNN Money

Leave a Reply