Fiat Chrysler Automobiles announced the launch of a special bounty program to reward hackers who will discover potential vulnerabilities in their vehicles’ software.
FCA becomes this way the first mass-market car maker to follow Tesla’s footsteps, with the rewards ranging from $150 to $1,500 depending on the severity and impact of the found bug.
The new bounty program will work through bugcrowd.com, enabling a public channel for responsible disclosure of potential bugs thanks to the platform’s crowdsourced community of “cybersecurity researchers”.
“There are a lot of people that like to tinker with their vehicles or tinker with IT systems,” said Titus Melnyk, senior manager – security architecture, FCA US LLC. “We want to encourage independent security researchers to reach out to us and share what they’ve found so that we can fix potential vulnerabilities before they’re an issue for our consumers.”
Back in July 2015, Charlie Miller and Chris Valasek revealed a weak point on a 2014 Jeep Cherokee which allowed them to remotely take control of some of the onboard systems. FCA then released a software update that fixed the bug used by the hackers, securing all of the company’s vehicles equipped with the 8.4-inch Uconnect infotainment system.
“Car manufacturers have the opportunity to engage the community of hackers that is already at the table and ready to help, and FCA US is the first full-line automaker to optimize that relationship through its paid bounty program,” said Casey Ellis, CEO and founder of Bugcrowd. “The consumer is starting to understand that these days the car is basically a two ton computer. FCA US customers are the real winners of this bounty program; they’re receiving an even safer and more secure product both now and into the future.”