Two months ago, we reported that United Airlines was turning to the public for help in identifying vulnerabilities in its automated systems and networks.
Specifically, it laid out specific “bounties” it was willing to pay — in the form of MileagePlus miles — to specialists who could find potentially harmful bugs.
According to reports on security websites, one security researcher scored big-time in the bounty program, earning a 1 million mile credit in his MileagePlus account after he found a “remote code execution” vulnerability– i.e., a hole in United’s defenses that could let an attacker shoot malicious code into its systems.
That’s the biggest threat to giant networks like United’s, and the airline paid accordingly, giving a million miles to Florida researcher Jordan Wiens, who according to his tweets, has Premier gold status.
Here’s United’s reward schedule for the program, which is still in effect — although only the first person to report a specific vulnerability can claim the reward for that one.
Wiens told the website threatpost.com he actually submitted information on two potential bugs to United that he thought posed remote code execution problems, although he considered both of them “lame.” Apparently the airline didn’t agree.
United came out with the bounty program shortly after it banned a security researcher from its flights; he had posted tweets that discussed what he said were security vulnerabilities he discovered through the in-flight entertainment hardware under the aircraft seat.
Here’s Wien’s tweet announcing that he’d hit the jackpot:
— Jordan Wiens (@psifertex) July 10, 2015
According to his Twitter stream, Wiens is considering using his stash for a round-the-world trip. What would YOU do with 1 million miles? Please leave your comments below.
NOTE: Be sure to click here to see all recent TravelSkills posts about: Top 15 travel brands ranked + Slew of affordable new center city hotels + Swish new B777 + ATMs are out + More!