Earn United Airlines Award Miles For Finding Bugs
Written by Sue Gee   
Sunday, 17 May 2015

A new Bug Bounty program has been launched. Instead of cash United Airlines is offering Award miles in return for finding vulnerabilities. But looking for ones in on-board systems or avionics is strictly off limits.

unitedairlines

 

Like most other bug bounty programs reward can only be claimed by the first researcher to submit a report about a new bug and the researcher submitting the bug must not be the author of the vulnerable code. An extra eligibility criteria is that the researcher must be a member "in good standing" of United Airline's MileagePlus rewards scheme and the payouts - which range from 50,000 to 1,000,000 according to the severity of the bug are in "award miles". But if you don't want to become a frequent flyer there are other goods and services that they can be exchanged for. 

usrewards

 

Authentication bypass, cross-site request forgery or cross-site scripting, remote code execution and the ability to brute force reservations, MileagePlus numbers, PINs or passwords are among the bugs that are eligible for submission.

On the other hand bugs in avionics are not eligible for submission so looking for stack overflow in airlines, see Reboot Your Dreamliner Every 248 Days To Avoid Integer Overflow, won't earn you any airmiles.

There's also list of actions that:

will result in permanent disqualification from the bug bounty program and possible criminal and/or legal investigation

including: 

  • Brute-force attacks
  • Code injection on live systems
  • Disruption or denial-of-service attacks
  • The compromise or testing of MileagePlus accounts that are not your own
  • Any testing on aircraft or aircraft systems such as inflight entertainment or inflight Wi-Fi
  • Vulnerability scans or automated scans on United servers

As it's a new program there are like to be some bugs waiting to be discovered. The procedure it to submit them by email describing the nature of the bug along with any steps required to replicate it, as well as pertinent applications, programs or tools used to discover the bug. A report including screenshots is appreciated and one item of vital info, together with name and phone number or your MileagePlus number.

 unitedsq

More Information
United Airlines bug bounty program

Related Articles

Reboot Your Dreamliner Every 248 Days To Avoid Integer Overflow

Microsoft Expands Bounty Programs

Google Increases Maximum Bounty For Chrome Bugs

New Online Services Bug Bounty Program 

Microsoft and Facebook Launch Internet Bug Bounty Scheme

Bounty Hunter Awarded $100,000

 

To be informed about new articles on I Programmer, install the I Programmer Toolbar, subscribe to the RSS feed, follow us on, Twitter, FacebookGoogle+ or Linkedin,  or sign up for our weekly newsletter.

 

Banner

JetBrains Updates IDEs With AI Code Completion
04/04/2024

JetBrains has launched the first set of updates for 2024 of its JetBrains IDEs. The new versions include full-line code autocompletion powered by locally run AI models.


+ Full Story
Angular and Wiz To Merge
27/03/2024

Two web development frameworks used at Google are merging. One, Angular is open source and widely known, while the other, Wiz, is an internal web framework developed and used by Google for some o [ ... ]


+ Full Story
More News

 

raspberry pi books

 

Comments




or email your comment to: comments@i-programmer.info
Last Updated ( Sunday, 17 May 2015 )