Skip to main content

Fiat Chrysler is calling on hackers to improve the software in its cars

Fiat 124 Spyder
Miles Branman/Digital Trends
Fiat Chrysler (FCA US) has launched a bug bounty program on Bugcrowd, and is paying out prizes of up to $1,500 for tracking down security vulnerabilities in its vehicles.

White hat hackers and security researchers will be able to submit bugs they’ve found in Fiat Chrysler’s vehicle software in exchange for cash prizes, ranging from $150 to $1,500 for more severe flaws.

“There are a lot of people that like to tinker with their vehicles or tinker with IT systems,” said Titus Melnyk, senior manager of security architecture at Fiat Chrysler. “We want to encourage independent security researchers to reach out to us and share what they’ve found so that we can fix it before it becomes an issue for our consumers.”

Bugcrowd is a platform for bug county programs and features a network of more than 30,000 ethical hackers that can scrutinize companies’ software for flaws. Fiat Chrysler is now the first Bugcrowd partner to offer a bug bounty for its vehicle’s software. Other car manufactures have offered bug rewards before but only for their websites.

This announcement comes one year after the infamous Jeep Cherokee hack in which two hackers, Charlie Miller and Chris Valesek, were able to take over control of the vehicle mid-drive by infiltrating its software remotely.

Not long after that, Fiat Chrysler recalled 1.4 million cars and trucks over buggy radios that left the vehicles vulnerable to hackers.

“Automotive cybersafety is real, critical, and here to stay. Car manufacturers have the opportunity to engage the community of hackers that is already at the table and ready to help, and FCA US is the first full-line automaker to optimize that relationship through its paid bounty program,” said Bugcrowd CEO Casey Ellis.

“The consumer is starting to understand that these days the car is basically a 2-ton computer,” he added. The company and its network of researchers and hackers said it wants to help car makers write better, more secure code for the future.

Fiat Chrysler is “dedicated to collaboration and engagement” with researchers to build better security into its cars, said Sandra Hosler, from the carmaker’s cybersecurity department, in a statement.

Editors' Recommendations

Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
Fiat Chrysler recalls nearly 300,000 Ram 1500 pickup trucks in the U.S.
2019 ram 1500 review 1

Fiat Chrysler Automobiles (FCA) is recalling 343,000 Ram 1500 trucks globally over a software issue that may result in airbags and seat belt pretensioners failing to activate in a collision.

The notice comes just three months after the automaker recalled 860,000 gas-powered vehicles comprised of various models because they failed to meet emissions standards.

Read more
Google, Harman are helping Fiat-Chrysler overhaul its infotainment tech
what is uconnect rg 4

Fiat-Chrysler Automobiles (FCA) will overhaul its connected-car and infotainment technologies with help from Samsung's Harman division and Google. The company -- whose portfolio of brands includes Fiat, Chrysler, Jeep, Dodge, Ram, Maserati, Alfa Romeo, and Lancia -- will begin rolling out its new software and features during the second half of 2019.

Harman and Google are helping FCA create what it called a comprehensive ecosystem of connected services designed to keep users connected on the go, allowing them to easily share their car with others, save money on insurance, and find the nearest electric car charging station, among other features. Harman's cloud-based Ignite platform will power all of these services. A 4G connection will power them, but every part of FCA's ecosystem is developed with 5G compatibility in mind. The firm stressed it put a big focus on future-proofing its technology to ensure it doesn't have to start from scratch in a few short years.

Read more
Ford is keeping hackers out of its cars by putting key fobs to sleep
Next-generation Ford Focus (European version)

As cars become more advanced and increasingly connected, the possibility of people with malicious intent hacking into them only increases. Ford's European division hopes to make life more difficult for hackers by rolling out a smart key fob that puts itself to sleep when it's not in use. The feature isn't available in the United States yet, but hacking isn't merely a regional problem so it could end up here sooner rather than later.

Ford explained hackers are able to copy the information contained in a key fob, and use it to make a duplicate with relative ease. It works just like a standard fob, and it performs the same functions as the original. That means thieves can lock or unlock the car, open the trunk, and, in some cases, start the engine. Ford's answer to this problem is a key fob that turns itself off when it detects it has been idle for over 40 seconds.

Read more