Fiat Chrysler (FCA US) has launched a bug bounty program on Bugcrowd, and is paying out prizes of up to $1,500 for tracking down security vulnerabilities in its vehicles.
White hat hackers and security researchers will be able to submit bugs they’ve found in Fiat Chrysler’s vehicle software in exchange for cash prizes, ranging from $150 to $1,500 for more severe flaws.
“There are a lot of people that like to tinker with their vehicles or tinker with IT systems,” said Titus Melnyk, senior manager of security architecture at Fiat Chrysler. “We want to encourage independent security researchers to reach out to us and share what they’ve found so that we can fix it before it becomes an issue for our consumers.”
Bugcrowd is a platform for bug county programs and features a network of more than 30,000 ethical hackers that can scrutinize companies’ software for flaws. Fiat Chrysler is now the first Bugcrowd partner to offer a bug bounty for its vehicle’s software. Other car manufactures have offered bug rewards before but only for their websites.
This announcement comes one year after the infamous Jeep Cherokee hack in which two hackers, Charlie Miller and Chris Valesek, were able to take over control of the vehicle mid-drive by infiltrating its software remotely.
Not long after that, Fiat Chrysler recalled 1.4 million cars and trucks over buggy radios that left the vehicles vulnerable to hackers.
“Automotive cybersafety is real, critical, and here to stay. Car manufacturers have the opportunity to engage the community of hackers that is already at the table and ready to help, and FCA US is the first full-line automaker to optimize that relationship through its paid bounty program,” said Bugcrowd CEO Casey Ellis.
“The consumer is starting to understand that these days the car is basically a 2-ton computer,” he added. The company and its network of researchers and hackers said it wants to help car makers write better, more secure code for the future.
Fiat Chrysler is “dedicated to collaboration and engagement” with researchers to build better security into its cars, said Sandra Hosler, from the carmaker’s cybersecurity department, in a statement.
- Intel opens bug hunt to all security researchers, offers possible $250K payout
- Microsoft misses another Edge-related 90-day security disclosure deadline
- Intel, Microsoft using integrated graphics to thwart next Meltdown-style threats
- AMD is working on fixes for the reported Ryzenfall, MasterKey vulnerabilities
- Hackers broke into a casino’s high-roller database through a fish tank