Fiat Chrysler Will Pay Hackers to Find Cybersecurity Vulnerabilities

fiat

Fiat Chrysler Automobiles has launched a bug bounty program aimed at attracting white-hat hackers to discover cybersecurity flaws in its products and connected services. Under the terms of the bounty program, the automaker will give hackers between $150 and $1,500 every time they uncover potential cybersecurity flaws in its vehicles and alert the company.

The company is collaborating with Bugcrowd Inc., a San Francisco company that runs bug bounty programs that compensate hackers willing to work with companies or other organizations to uncover gaps.

The program is focused on FCA’s connected vehicles, including systems within them and external services and applications that link to them. This move is directly connected to the remote hack and control of a Jeep Cherokee, one of the company’s products, by security researchers. Chrysler created a security patch and issued a recall for 1.4 million vehicles last year.

Chrysler said it believes that the program is one of the “best ways” to address the cybersecurity challenges created by the convergence of technology and the automotive industry.

The Bugcrowd program gives Fiat Chrysler the ability to: identify potential product security vulnerabilities; implement fixes and/or mitigating controls after sufficient testing has occurred; improve the safety and security of FCA US vehicles and connected services; and foster a spirit of transparency and cooperation within the cybersecurity community. 

According to Bugcrowd, the payments would be “scaled based upon the criticality of the product security vulnerability.”

“We want to encourage independent security researchers to reach out to us and share what they’ve found so that we can fix potential vulnerabilities before they’re an issue for our consumers,” Fiat Chrysler’s senior manager of security architecture Titus Melnyk said in a statement.

“Automotive cybersafety is real, critical, and here to stay. Car manufacturers have the opportunity to engage the community of hackers that is already at the table and ready to help, and FCA US is the first full-line automaker to optimize that relationship through its paid bounty program,” said Casey Ellis, CEO and founder of Bugcrowd.