Olivier Beg, a 19-year-old security researcher from the Netherlands, made it to hacker conferences in Las Vegas this week by using some of his huge stash of flyer points — earned through United Airlines’ bug bounty.
According to Netherlands Broadcasting Foundation, the flights to Vegas set Beg back 60,000 airline miles and €5 in airport tax.
United Airlines offers security researchers up to one million flyer miles for reporting remote code execution bugs, 250,000 miles for medium-severity bugs, and 50,000 miles for low-severity issues.
Beg reported about 20 bugs to United Airlines, and his highest single reward was 250,000 miles. He wouldn’t reveal what flaws he found.
Since launching the bug bounty last year, United Airlines has rewarded a number of hackers with the million-mile prize, including a researcher from Cisco’s security services team. The top prize equates to about 20 round-trip flights between the US and Europe.
United Airlines kicked off the bounty shortly after a hacker controversially claimed to have taken control of a flight. One of the first researchers to pick up United Airlines’ top prize was Jordan Wiens.
The airline was one of the first companies outside tech to adopt a bug bounty. Since then it’s been joined by the US Department of Defense’s Hack the Pentagon program and bounties run by Tesla, General Motors, Fiat Chrysler, and others.
The highest value rewards on offer though remain in the tech sector, with incentives from Google and Microsoft exceeding $100,000.
Apple this year finally announced a cash rewards program for researchers who contribute to its product security and will pay up to $200,000 for bugs in the secure boot firmware components.
Hackers could also earn up to $100,000 for bugs in the Secure Enclave, or $50,000 for gaining access to iCloud accounts on Apple’s servers. Its program is expected to launch in September.