July 13, 2016 by

Detroit Auto Industry’s First Bug Bounty Launched

Fiat Chrysler has launched the first-ever bug bounty program for an automaker out of Detroit, awarding cash for security researchers and white hat hackers who find vulnerabilities in its vehicles.

Over a year has passed since two security researchers remotely hacked and took control of a Jeep Cherokee, a vehicle manufactured by Fiat Chrysler Automobiles.

Now, the Italian-owned car manufacturer has announced a bug bounty program where it will reward up to $1,500 to security researchers who report vulnerabilities in its vehicles’ software.

The bug bounty program is managed by Bug Crowd, a bug bounty platform backed by venture capital and private equity firms.

Speaking to Wired, the publication which originally reported the Jeep Cherokee hack last year while having its own writer driving the car at the time, Bug Crowd CEO Casey Ellis stated called it a huge move on the automaker’s part to launch the program.

“This is basically creating normalcy around the dialogue between hackers and vehicle manufacturers for the purposes of making vehicles safer,” he stated.

While Fiat Chrysler is  the first carmaker among Detroit’s “Big Three” automobile manufacturers, Tesla has notably paid out bug bounties in the past. The electric car maker has paid up to $10,000 to hackers who have uncovered and reported vulnerabilities and flaws. Tesla also runs its bug bounty program on Bug Crowd.

Fiat Chrysler’s bug bounty program specifically mentions the targets that are to be focused on by the hackers. They are the Uconnect infotainment apps on the Android and iOS platforms, as well as the Eco-Drive driving efficiency applications. However, Ellis confirmed that vulnerabilities that affect target vehicles directly, beyond the software that is involved, are also eligible for rewards.

The increasing focus on cybersecurity in an age when there are an increasing number of internet-connected vehicles can only be a step in the right direction, despite the relatively low bug bounty paid out by Fiat Chrysler.

Ellis added that “several” other car manufacturers are also in conversations with Bug Crowd to implement their own bug bounty programs.

Image credit: Flickr.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

HBO Offers $250,000 ‘Bug Bounty’ to Game of Thrones Hackers

A purported leaked email by HBO extortionists has revealed an HBO executive offering a “bug...

Read more arrow_forward

Google Will Pay Up to $200,000 for Android Hacks

Google is increasing payouts for its Android bug bounty program, with rewards up to $200,000 for...

Read more arrow_forward

Tesla Releases Patch after Hackers Remotely Hijack Moving Car

Tesla has rushed to release a patch within 10 days of Chinese white hat hackers’ (security...

Read more arrow_forward