Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Panasonic Avionics Launches Bug Bounty Program

Panasonic Avionics, one of the world’s biggest suppliers of inflight entertainment and communications systems, has launched a bug bounty program on the HackerOne platform.

Panasonic Avionics, one of the world’s biggest suppliers of inflight entertainment and communications systems, has launched a bug bounty program on the HackerOne platform.

Not many details are available about the program launched on Thursday at the DefCon conference in Las Vegas. According to the company, the goal of the program is to ensure the security of its inflight entertainment systems.

It’s worth noting that this is not an open bug bounty program – only a select group of hackers will be invited to participate. Panasonic Avionics told SecurityWeek that it’s prepared to offer between $100 and $10,000 for valid issues. The company says it wants to adequately reward those who put time and effort into analyzing its products.

“We are looking for issues that can be used to interfere with passenger use or allow for unintended use. Some examples would be privileged escalation and or code injection,” the company told SecurityWeek. “Our focus at this week’s DefCon event is on our wireless eXW platform, which uses our In-Flight (IFAPI) software architecture. Our customers want more opportunities to interface with our IFE system, and IFAPI is our gateway. While our program’s initial focus is on IFAPI, and our ultimate goal is to include all of our systems.”

Panasonic Avionics pointed out that several major companies have launched successful bug bounty programs via HackerOne, which so far has raised a total of $34 million in funding. The IFEC company seems particularly impressed by the Department of Defense’s “Hack The Pentagon” program, which helped the organization find and patch 138 vulnerabilities in less than one month.

“Panasonic Avionics has always taken a proactive approach to security. We have extensive processes in place to identify potential and emerging vulnerabilities, and we also engage with security consultation firms who provide penetration testing and other services,” said Michael Dierickx, director of security engineering and information security officer at Panasonic Avionics.

“Still, these teams bring a fresh perspective and innovative ways to search for potential issues. We want to harness this out-of-the-box thinking and create a win-win scenario that rewards both Panasonic and this community for our hard work and dedication.” Dierickx added.

Aircraft cyber security was a highly-debated topic last year after the U.S. Government Accountability Office (GAO) warned that Internet connectivity could expose aircraft systems to cyberattacks, and advised the FAA to strengthen the cybersecurity of air traffic control systems. Shortly after the GAO reports were published, a researcher was questioned by authorities after he reportedly hacked an airplane midflight.

United Airlines launched a bug bounty program soon after that, but the company has only invited hackers to test its websites and apps, not on-board Wi-Fi, avionics or entertainment systems.

Many organizations have launched bug bounty programs over the past period and a study conducted by Bugcrowd shows that traditional industries have increasingly turned to such initiatives.

*Updated with information on scope and rewards

Related Reading: Kaspersky in Search of Hackers for New Bug Bounty Program

Related Reading: Fiat Chrysler Launches Bug Bounty Program

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Vulnerabilities

A high-severity format string vulnerability in F5 BIG-IP can be exploited to cause a DoS condition and potentially execute arbitrary code.