Cyber Bug Bounty Hunt
Hacking a FCA vehicle will earn you up to $1,500
(photo courtesy of FCA US Media)
InAutoNews / Sorin Tetcu / July 14, 2016
Fiat-Chrysler said it has launched a bug bounty program that invites hackers to find cybersecurity flaws in the automaker’s vehicles.
With cars becoming smarter and smarter as connectivity features rapidly advance, security concerns have unavoidably increased. To find and fix system glitches in its cars and connected services, Fiat Chrysler has proposed a very interesting program, through which hackers have been invited to show their skills. The public bug bounty idea is managed by the Bugcrowd platform, which runs programs for a range of companies including Tesla, and a reported vulnerability could earn the “friendly” hacker from 150 to 1,500 dollars.
“Exposing or publicizing vulnerabilities for the singular purpose of grabbing headlines or fame does little to protect the consumer,” Titus Melnyk, senior manager – security architecture for FCA, said. “Rather, we want to reward security researchers for the time and effort, which ultimately benefits us all.”
FCA become last year the first company in the world to recall vehicles because of a car hacking threat. The vulnerability uncovered at that time by Wired Magazin led to a 1.4-million-vehicle callback to prevent the use of a wireless connection to gain control of the cars.
“Automotive cybersafety is real, critical, and here to stay. Car manufacturers have the opportunity to engage the community of hackers that is already at the table and ready to help, and FCA US is the first full-line automaker to optimize that relationship through its paid bounty program,” Casey Ellis, CEO and founder of Bugcrowd, said.
Bugcrowd Inc. is a pioneer and innovator in crowdsourced security testing for the enterprise, Bugcrowd harnesses the power of more than 30,000 security researchers to surface critical software vulnerabilities and level the playing field in cybersecurity. Bugcrowd also provides a range of responsible disclosure and managed service options that allow companies to commission a customized security testing program that fits their specific requirements. Bugcrowd’s proprietary vulnerability disclosure platform is deployed by Tesla Motors, The Western Union Company, Pinterest, Barracuda Networks and Jet.com. Based in San Francisco, Bugcrowd is backed by Blackbird Ventures, Costanoa Venture Capital, Industry Ventures, Paladin Capital Group, Rally Ventures and Salesforce Ventures. Learn more at www.bugcrowd.com