Connect with us

Hi, what are you looking for?



Panasonic Avionics Launches Bug Bounty Program

Panasonic Avionics, one of the world’s biggest suppliers of inflight entertainment and communications systems, has launched a bug bounty program on the HackerOne platform.

Panasonic Avionics, one of the world’s biggest suppliers of inflight entertainment and communications systems, has launched a bug bounty program on the HackerOne platform.

Not many details are available about the program launched on Thursday at the DefCon conference in Las Vegas. According to the company, the goal of the program is to ensure the security of its inflight entertainment systems.

It’s worth noting that this is not an open bug bounty program – only a select group of hackers will be invited to participate. Panasonic Avionics told SecurityWeek that it’s prepared to offer between $100 and $10,000 for valid issues. The company says it wants to adequately reward those who put time and effort into analyzing its products.

“We are looking for issues that can be used to interfere with passenger use or allow for unintended use. Some examples would be privileged escalation and or code injection,” the company told SecurityWeek. “Our focus at this week’s DefCon event is on our wireless eXW platform, which uses our In-Flight (IFAPI) software architecture. Our customers want more opportunities to interface with our IFE system, and IFAPI is our gateway. While our program’s initial focus is on IFAPI, and our ultimate goal is to include all of our systems.”

Panasonic Avionics pointed out that several major companies have launched successful bug bounty programs via HackerOne, which so far has raised a total of $34 million in funding. The IFEC company seems particularly impressed by the Department of Defense’s “Hack The Pentagon” program, which helped the organization find and patch 138 vulnerabilities in less than one month.

“Panasonic Avionics has always taken a proactive approach to security. We have extensive processes in place to identify potential and emerging vulnerabilities, and we also engage with security consultation firms who provide penetration testing and other services,” said Michael Dierickx, director of security engineering and information security officer at Panasonic Avionics.

“Still, these teams bring a fresh perspective and innovative ways to search for potential issues. We want to harness this out-of-the-box thinking and create a win-win scenario that rewards both Panasonic and this community for our hard work and dedication.” Dierickx added.

Aircraft cyber security was a highly-debated topic last year after the U.S. Government Accountability Office (GAO) warned that Internet connectivity could expose aircraft systems to cyberattacks, and advised the FAA to strengthen the cybersecurity of air traffic control systems. Shortly after the GAO reports were published, a researcher was questioned by authorities after he reportedly hacked an airplane midflight.

Advertisement. Scroll to continue reading.

United Airlines launched a bug bounty program soon after that, but the company has only invited hackers to test its websites and apps, not on-board Wi-Fi, avionics or entertainment systems.

Many organizations have launched bug bounty programs over the past period and a study conducted by Bugcrowd shows that traditional industries have increasingly turned to such initiatives.

*Updated with information on scope and rewards

Related Reading: Kaspersky in Search of Hackers for New Bug Bounty Program

Related Reading: Fiat Chrysler Launches Bug Bounty Program

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.