Fiat Chrysler Automobiles (FCA) is taking a page from Tesla’s book by offering hackers a cash prize for discovering potential cyber security weak points.
Called the FCA US bug bounty program, hackers will receive at least $150 and up to $1500 per bug discovered, with the compensation amount depending on the impact and severity of the discovery. FCA has teamed up with bugcrowd, an existing network that includes thousands of hackers worldwide, all trying to discover issues in cyber security.
Last year, a Jeep Cherokee was remotely hacked by a team of researchers who were able to control many of the vehicle’s functions, from the HVAC controls to the brakes. More recently, a thief was shown starting a Jeep Wrangler using only a laptop. In the first case, FCA issued a software update for many of its vehicles equipped with the 8.4-inch Uconnect system.
“We want to encourage independent security researchers to reach out to us and share what they’ve found so that we can fix potential vulnerabilities before they’re an issue for our consumers,” said Titus Melnyk, senior manager of security architecture at FCA US.
FCA says that it “may make research findings public,” depending on the nature and potential vulnerability of the findings.
“Automotive cybersafety is real, critical, and here to stay. Car manufacturers have the opportunity to engage the community of hackers that is already at the table and ready to help, and FCA US is the first full-line automaker to optimize that relationship through its paid bounty program,” said Casey Ellis, CEO and founder of Bugcrowd