Security Experts Say Fiat Chrysler's 'Bug Bounty' Reward Isn't Big Enough

security experts say fiat chryslers 8216 bug bounty reward isnt big enough

Fiat Chrysler Automobiles will give you up to $1,500 to find weaknesses in its vehicles’ security, but cybersecurity experts want the automaker to pony up more dough.

After the company announced its industry-first “bug bounty” program on July 13, many professional hackers say FCA’s reward isn’t enough to attract real talent in the search for software breaches, Forbes reports.

Cash rewards offered by FCA range from $150 to $1,500, depending on the seriousness of the identified weakness. The company’s view is that security researchers who help protect its vehicle technology deserve real rewards for their time and effort.

Forbes notes that Facebook recently awarded a 10-year-old $10,000 for discovering a bug in its Instagram social networking service. That technology flaw simply allowed users to delete photos, so why should exposing a vehicle security weakness — a public safety issue — warrant less money, the publication asks.

The article gauges hacker reaction via their Twitter posts. One calls the reward “laughable,” while another says researchers need vehicles to work on, not cash. Mark Dowd of Azimuth Security says hackers submit technology faults for similar rewards “all the time,” but speculates that FCA might boost the bounty once they get comfortable offering the reward program.

FCA had a very high-profile run-in with hackers last year, when two Missouri researchers discovered how to remotely take control of a Jeep Grand Cherokee using a weakness in its Uconnect infotainment system. That discovery led to the recall of 1.4 million vehicles and a software patch.

[Image: FCA US]

Join the conversation
5 of 11 comments
  • GeneralMalaise GeneralMalaise on Jul 15, 2016

    Make hacking a serious crime at the state and federal level, with a 20 year sentence possible for each charge upon conviction, sentences can't run concurrently. That's my solution.

    • See 2 previous
    • Wolfinator Wolfinator on Jul 15, 2016

      "Hacking" should not be illegal. "Hacking" is what security researches do to FIND these issues. Making "hacking" illegal is like making picking locks illegal. Now locksmithing is a crime! Congrats, you just screwed everyone! What you want to be illegal are negative *effects* of hacking. Whether it be theft of personal data, theft of services or goods, bank fraud, etc etc etc. Guess what? Those are already illegal! PS: more garbage legislation in the US is hardly going to have an effect. Most 'hackers' live overseas, and effectively ignore US law.

  • Art Vandelay Art Vandelay on Jul 15, 2016

    I am in the Cyber Security field and this was my first thought when I read the last post. Day zero (vulnerabilities baked into the release) exploits trade for waaaaay more than 1500 bucks in the black hat community. Try hundreds of thousands in some cases. What do you think the FBI paid to unlock Sayed Farook's iPhone and that was something that had been around for a while.

  • MRF 95 T-Bird Sears and JC Whitney also had similar dune buggy kits. The VW accessories along with the running gear for legal use just bolted on. Hmm Amazon? A Bradley GT or Kelmark kit using an electric “skateboard” platform would also be cool.
  • Inside Looking Out Cadillac now associates with rap music. In the past it was all about rock'n'roll. Rap is environmentally friendlier than rock'n'roll.
  • EBFlex This is nothing compared to what Ford is doing. The fake lightning is seeing massive price increases for 2023. Remember how they self pleasured themselves about the fake lightning starting under $40k? In 2023, the price jumps by a very Tesla like $7,000. And that’s not the biggest price jump. And much less talked about, the government fleet discounts are going away. So for a basic 3.3L Explorer, the price is jumping $8,500. S basic F150 is also now $8,500 more. Im sure the same people that complained about the oil companies making “obscene profits” will say the same thing about Ford.
  • Bobbysirhan Sometimes it seems like GM has accepted that the customers they still have are never going to come to their senses and that there aren't any new dupes on the horizon, so they might as well milk their existing cows harder.
  • Buickman how about LowIQ?