Inflight Entertainment Service Provider Gogo Launches Bug Bounty Program

Gogo Inc., a world-renowned in-flight broadband Internet service and other connectivity services provider for business and commercial airplanes has launched its own bug bounty program urging hackers and security researchers to discover security flaws and vulnerabilities in their website and Gogo’s airborne systems that allow users to connect to the Internet, watch live TV and on-demand videos.

The sole purpose of this bug bounty program is to secure Gogo’s cyber-infrastructure including the use of its system by employees and customers. In an official press release, Gogo explained that “Our goal with this program is to ensure that Gogo’s customers and employees are using a secure platform that’s free of security vulnerabilities. For testing the airborne systems, researchers will only be able to access these systems while flying on a Gogo equipped aircraft.”

Must Read: Vulnerable In-flight WiFi lets hackers remotely take over aircraft

The websites that are eligible for testing are gogoair.com and Gogoinflight.com. Any website other than these two are not part of the program and will not be considered. The first domain is for customers who want to buy packages and/or check prices by adding their credit card details whilst the second domain acts as an Internet gateway/proxy and also serve video content to customers on the plane and can only be accessible on a Gogo equipped aircraft. The company, however, is urging researchers to focus primarily on vulnerabilities that may lead to credit card data theft.

Currently, airlines using Gogo include Aeroméxico, Aer Lingus, American Airlines, Air Canada, Alaska Airlines, Beijing Capital, British Airways, Delta Air Lines, GOL, Hainan Airlines, Iberia, Japan Airlines, JTA, United Airlines, Vietnam Airlines, Virgin America and Virgin Atlantic. In-flight entertainment partners include American Airlines, Alaska Airlines, Air Canada, Aeromexico, Delta Air Lines, Japan Airlines, JTA, GOL, Hainan Airlines, United Airlines and Scoot. When they were in business it was used by AirTran Airways and US Airways

Gogo Inc. will pay researchers a sum between $100 to $1,500 per bug.

The announcement came as no surprise since it was recently revealed in documents leaked by Edward Snowden that The US’s National Security Agency (NSA) and British Government Communication Headquarters (GCHQ) both spied on passengers’ in-flight phone calls.

Must Read: Reporter Gets His Email Hacked on The Plane

The safety concerns about in-flight entertainment systems are not now but it all started when Chris Roberts, a security researcher from World Labs identified risks in airplane in-flight entertainment systems that could be used to take control of an aircraft. After his findings, United Airlines launched its first-ever bug bounty program to fix dangerous vulnerabilities in their systems.