United Airlines is encouraging computer whizz-kids to help identify bugs on its website or mobile apps by offering a ‘bug bounty’ of free frequent flyer miles.
However the airline has said any testing of vulnerabilities onboard flights is strictly off-limits.
The carrier recently banned security researcher Chris Roberts who found security loopholes in United Airlines’ Wi-Fi and in-flight entertainment systems.
It said ‘any testing on aircraft or aircraft systems such as in-flight entertainment or Wi-Fi’ could result in a criminal investigation.
“At United, we take your safety, security and privacy seriously. We utilize best practices and are confident that our systems are secure,” a statement said.
United will pay out miles on a sliding scale to friendly hackers who discover security holes.
This includes 50,000 points offered for finding scripting bugs, 250,000 points for testers able to access customer information and up to one million points for finding major security flaws that would allow a hacker to rewrite code on the United website or app.
Other tech companies such as Facebook and Google have similar programs which offer cash bounties of several thousand dollars depending on the type of vulnerability found.
“We are committed to protecting our customers’ privacy and the personal data we receive from them, which is why we are offering a bug bounty program — the first of its kind within the airline industry,” United said.