Automaker Fiat Chrysler Announces Bug Bounty Program
The latest bug bounty program from an automobile manufacturer comes from Fiat Chrysler, more than a year after two white hat hackers proved that they could remotely compromise and take control of its popular selling vehicle, the Jeep Cherokee.
White hat hackers can now start picking away at cybersecurity flaws in the vehicle software embedded in Fiat Chrysler connected cars. The bounty program is specifically focused on the automaker’s fleet of connected vehicles, including the systems used within them as well as the applications and external services that are connected to them.
The bounty reward is relatively small compared to the bug bounties offered by the likes of Google and Facebook. Fiat Chrysler’s program pays out beween $150 to $1,500 for a bug. In comparison, Tesla Motors’ bug bounty program on the same platform used by Fiat Chrysler (more details below) rewards between $25 and $10,000 for valid bug reports.
The program will be managed and operated by crowd-sourced cybersecurity company Bug Crowd. The platform claims to have nearly 28,000 white hat hackers and security researchers available on its platform.
In a statement, Fiat Chrysler Automobiles’ senior manager for security architecture Titus Melnyk said:
We want to encourage independent security researchers to reach out to us and share what they’ve found so that we can fix potential vulnerabilities before they’re an issue for our consumers.
The hacking demonstration of a Jeep Cherokee occurred a year ago in July 2015, when two security researchers hacked and took total control of a car driven by a Wired journalist who penned the report at the time. Hacked reported on the incident which showed a relatively straightforward process in which hackers took control of the vehicle. Altogether, nearly half a million vehicles were revealed to be vulnerable, with multiple variants of the Jeep Cherokee, the Dodge Ram, along with other Fiat Chrysler vehicles.
For its part, Chrysler set about damage control by issuing an official recall of some 1.4 million vehicles by providing vehicle owners with a USB stick that contains a firmware upgrade and a patch to remedy the situation.
Still, that did not stop vehicle owners to launch a class action lawsuit against Fiat Chrysler, due to the hack.
Featured image from Shutterstock.