Security Experts:

Panasonic Avionics Launches Bug Bounty Program

Panasonic Avionics, one of the world’s biggest suppliers of inflight entertainment and communications systems, has launched a bug bounty program on the HackerOne platform.

Not many details are available about the program launched on Thursday at the DefCon conference in Las Vegas. According to the company, the goal of the program is to ensure the security of its inflight entertainment systems.

It’s worth noting that this is not an open bug bounty program – only a select group of hackers will be invited to participate. Panasonic Avionics told SecurityWeek that it's prepared to offer between $100 and $10,000 for valid issues. The company says it wants to adequately reward those who put time and effort into analyzing its products.

“We are looking for issues that can be used to interfere with passenger use or allow for unintended use. Some examples would be privileged escalation and or code injection,” the company told SecurityWeek. “Our focus at this week’s DefCon event is on our wireless eXW platform, which uses our In-Flight (IFAPI) software architecture. Our customers want more opportunities to interface with our IFE system, and IFAPI is our gateway. While our program's initial focus is on IFAPI, and our ultimate goal is to include all of our systems.”

Panasonic Avionics pointed out that several major companies have launched successful bug bounty programs via HackerOne, which so far has raised a total of $34 million in funding. The IFEC company seems particularly impressed by the Department of Defense’s “Hack The Pentagon” program, which helped the organization find and patch 138 vulnerabilities in less than one month.

“Panasonic Avionics has always taken a proactive approach to security. We have extensive processes in place to identify potential and emerging vulnerabilities, and we also engage with security consultation firms who provide penetration testing and other services,” said Michael Dierickx, director of security engineering and information security officer at Panasonic Avionics.

“Still, these teams bring a fresh perspective and innovative ways to search for potential issues. We want to harness this out-of-the-box thinking and create a win-win scenario that rewards both Panasonic and this community for our hard work and dedication.” Dierickx added.

Aircraft cyber security was a highly-debated topic last year after the U.S. Government Accountability Office (GAO) warned that Internet connectivity could expose aircraft systems to cyberattacks, and advised the FAA to strengthen the cybersecurity of air traffic control systems. Shortly after the GAO reports were published, a researcher was questioned by authorities after he reportedly hacked an airplane midflight.

United Airlines launched a bug bounty program soon after that, but the company has only invited hackers to test its websites and apps, not on-board Wi-Fi, avionics or entertainment systems.

Many organizations have launched bug bounty programs over the past period and a study conducted by Bugcrowd shows that traditional industries have increasingly turned to such initiatives.

*Updated with information on scope and rewards

Related Reading: Kaspersky in Search of Hackers for New Bug Bounty Program

Related Reading: Fiat Chrysler Launches Bug Bounty Program

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.