Fiat-Chrysler Issuing a Bounty on Software Vulnerabilities

Chrysler UConnect

With cars getting more and more connected, and more and more autonomous, hacking of those cars is becoming more and more of a concern. Wifi and 4G connectivity are nothing to be afraid of, but the connected car means that automakers have to work harder to make sure that all of those connections are friendly. To that end, Fiat Chrysler Automobiles is launching a “bug bounty” to try and hunt down any and all possible vulnerabilities in their software.

Already common for companies concerned about cyber security Fiat Chrysler’s is the first bounty by a mainstream  automaker, although Tesla has already implemented a similar program. A bug bounty is a cash prize paid out to any person or group who can show how a system can be hacked. The idea is to offer a reward rather than a penalty and to encourage friendly hackers to find the security holes before the bad guys do. Ideally, before it impacts the consumer. Updates to the affected software can be made over the air, at dealers, or sometimes even by the owner at home. It’s a way to encourage the people who were already digitally tinkering with their car to help make it better. Anyone who reports a vulnerability can earn up to $1,500 (USD) depending on the impact of what they have discovered.

Fiat hasn’t said if they’ll make the results of the research public, but just last year they announced a vulnerability with certain radios and quickly issued an update to fix it. It’s likely that the fallout from that incident is what lead them toward the current bounty.

The bounty is being offered through Bugcrowd, a community of cyber security researchers who crowdsource to find vulnerabilities in software and systems. They also provide a platform to report issues used by major companies like Tesla Motors, Pinterest, and Western Union.

Share
The following two tabs change content below.
Evan Williams

Evan Williams

Evan is based in Halifax, and has been a car nut for as long as anyone can remember. He autocrosses, does lapping days and TSD rallies, breaks cars and then fixes them again.