Fiat Chrysler fixed the security flaw through a vehicle recall and software patch, but the hack raised new questions about the safety of the growing pool of internet-connected cars on the road.
Advertisement
The Auburn Hills, Mich., automaker said Wednesday it has enlisted the help of San Francisco-based Bugcrowd – a company that manages organized hacking – to create and manage the program. For example, a Denial-of-Service attack against any piece of FCA infrastructure is excluded from the bounty program. Such programs have proven to be a lucrative venture for hackers and security researchers. It needs to be seen whether the bug bounty reward offered by FCA would be enough to tempt hackers to find bugs in its cars. Just as automakers introduce technology in their vehicles through automated features, concerns are rising to make these safer from hacks.
FCA is launching the program nearly exactly a year after two software engineers described in a Wired magazine article last July how they were able to hack into and take control over a Jeep Cherokee. The hackers posted a video of hack on public forums to tell how easy it was to break into vehicles and put personal information of auto owners at risk.
“I think the secondary goal both for Fiat and for us is to really clearly signal to the market that this is a company that’s serious about cybersafety and its customers”, says Casey Ellis, co-founder and CEO of Bug Crowd, in the video announcing the program.
The program is focused on FCA’s connected vehicles, including systems within them and external services and applications that link to them. Many companies, including Facebook, offer high rewards to hackers to find bugs in their systems. Bugcrowd’s proprietary vulnerability disclosure platform is deployed by Tesla Motors, The Western Union Company, Pinterest, Barracuda Networks and Jet.com.
Tesla Motors also introduced a bug bounty program on Bugcrowd, and is offering between $25 and $10,000 a bug. However, it offered much larger payment to hackers up to $10,000, as the company can not risk a bad publicity at a stage when it is planning to ramp up deliveries.
It is also asking DIY vehicle mechanics for help. The fatal crash is now under probe of US auto regulators and US National Highway Traffic Safety Administration (NHTSA) is looking for detailed documents related to upgrades and updates of Autopilot feature. This incident forced GM to make several security fixes at its wireless OnStar connected auto digital data system.
Advertisement
Headquartered in Auburn Hills, Michigan, FCA US is a member of the Fiat Chrysler Automobiles N.V. (FCA) family of companies.
