One year after Fiat Chrysler Automobiles's Jeep was made into the headlines for car hacking concerns, now they have become the first full-line automaker to launch a public bug bounty program to hackers who identify potential vulnerabilities in their vehicles.
“There are a lot of people that like to tinker with their vehicles or tinker with IT systems,” Titus Melnyk, senior manager of security architecture for FCA in the United States, said in a statement. “We want to encourage independent security researchers to reach out to us and share what they’ve found so that we can fix potential vulnerabilities before they’re an issue for our consumers.”
The announcement of the program comes as cars become more complex and prone to hackers as the new initiative reflects the rapidly increasing convergence of connectivity technology and the automotive industry, FCA said.
The program is managed by Bugcrowd.com, and offering payouts ranging from $150 US to $1,500 US.
According to the FCA US, the Bugcrowd program will help them in:
“Exposing or publicizing vulnerabilities for the singular purpose of grabbing headlines or fame does little to protect the consumer,” added Melnyk. “Rather, we want to reward security researchers for the time and effort, which ultimately benefits us all.”
Last year, FCA had to recall 1.4 million Jeep Cherokees in order fix a software hole that allowed hackers to wirelessly break into some vehicles and electronically control vital functions.
“There are a lot of people that like to tinker with their vehicles or tinker with IT systems,” Titus Melnyk, senior manager of security architecture for FCA in the United States, said in a statement. “We want to encourage independent security researchers to reach out to us and share what they’ve found so that we can fix potential vulnerabilities before they’re an issue for our consumers.”
The announcement of the program comes as cars become more complex and prone to hackers as the new initiative reflects the rapidly increasing convergence of connectivity technology and the automotive industry, FCA said.
The program is managed by Bugcrowd.com, and offering payouts ranging from $150 US to $1,500 US.
According to the FCA US, the Bugcrowd program will help them in:
- identify potential product security vulnerabilities;
- implement fixes and/or mitigating controls after sufficient testing has occurred;
- improve the safety and security of vehicles and connected services;
- and foster a spirit of transparency and co-operation within the cyber-security community.
“Exposing or publicizing vulnerabilities for the singular purpose of grabbing headlines or fame does little to protect the consumer,” added Melnyk. “Rather, we want to reward security researchers for the time and effort, which ultimately benefits us all.”
Last year, FCA had to recall 1.4 million Jeep Cherokees in order fix a software hole that allowed hackers to wirelessly break into some vehicles and electronically control vital functions.