By on July 13, 2016

2016 Jeep Grand Cherokee Summit, Image: FCA

In a few weeks, after Pokémon Go jumps the shark and we all head back to our homes for nights of solitude, Fiat Chrysler Automobiles will offer another opportunity for high-tech geekery. And a lucrative one, too.

Announced today, the automaker will hand tech-savvy individuals cold, hard cash in return for information on weaknesses in its vehicles’ cybersecurity. Exposing a hidden backdoor that hackers could sneak through will net you up to $1,500.

FCA says the industry-first “bug bounty” program is open to anyone — vehicle owners, IT professionals, IT…enthusiasts? — and is designed to guard the safety of its vehicle systems and connected services. Tips can be sent to the automaker via the Bugcrowd platform. (The automaker explains the process in a YouTube video.)

“Exposing or publicizing vulnerabilities for the singular purpose of grabbing headlines or fame does little to protect the consumer,” stated Titus Melnyk, FCA’s U.S. senior manager of security architecture, in a release. “Rather, we want to reward security researchers for the time and effort, which ultimately benefits us all.”

Bugcrowd manages the reward payout, which varies depending on the seriousness of the weakness discovered. The starting “bug” price is $150. Bugcrowd CEO Casey Ellis said FCA’s program will “engage the community of hackers that is already at the table and ready to help.”

Last year, hackers exposed a weakness in FCA’s Uconnect infotainment system that allowed them to commandeer a Jeep Grand Cherokee as it drove down a Missouri highway. The flaw was so troubling, FCA recalled 1.4 million vehicles to install a software patch.

Get the latest TTAC e-Newsletter!

Recommended

10 Comments on “Fiat Chrysler Will Give You Cash to Find Cyber Threats...”


  • avatar

    I’d prefer they lend me a TRACKHAWK so I can beta test.

  • avatar

    Technically they should give that money to me for pointing out how bad the ZF shifter was BEFORE they ever implemented it – since AUDI HAD IT FIRST and I recognized it was trash then.

    I could have saved Anton Yelchin.

  • avatar
    mcs

    FCA is being cheap. A lot of companies are offering into the low 5 figures for the top reward.

    For example, Uber is offering $10,000 for critical bugs and down to $3,000 for medium issues. So, if you’re a professional hacker, where are you going to spend your time?

  • avatar
    ajla

    “will net you up to $1,500.”

    Enough to buy a 2014 Dart!

  • avatar
    RHD

    “Up to” is marketingspeak for “less than”.

    This just makes it appear that FCA is too cheap to have their own personnel look for the security weaknesses, or that they don’t expect them to find them all.

    How much longer will it take for corporations to realize that software isn’t the perfect solution for all problems, real and imagined? Self-driving cars are fatally fallible, vehicles are hackable and can be taken over or stolen in ways not before possible, banks are being robbed over the internet, top secret national security information is being bled all over, emails contain file-encrypting viruses… on the other hand, we can all now enjoy Candy Crush, Twitter, Pokémon Go, Facebook, Ashley Madison, Tinder and TTAC.

    • 0 avatar
      highdesertcat

      RHD, the best security-oriented minds do not work for Fiatsler, nor GM, nor Ford, nor the US gov’t.

      My guess would be that the best security-oriented minds work for state-sponsors of terrorism, hacking and cracking, i.e. Russia, China, North Korea, Iran.

      But it is a comfort that Israel is on the side of the good guys, with their ability to crack the iPhone and develop worms like StuxNet.

  • avatar
    Big Al From 'Murica

    That is pretty low for a zero day exploit. Any significant vulnerability against a vehicle would likely be worth significantly more.

  • avatar
    shaker

    P0kem0n G0 is the bigger virus, it will infiltrate our idiocracy, and may cause more deaths than Autopilot – why? Because business has found that it’s a fantastic way to *physically* lure drones to their business lairs.

    So, which car company will actually integrate the P0kem0n G0 app into their nav system?

    Stay Tuned…

  • avatar
    Tosh

    Now that’s a cry for help if I ever heard one.

  • avatar
    05lgt

    So, just to be *wrong* about this: FCA will pay “up to” $1,500 to expose their hidden back door. Damnit Sergio, no means no!

Read all comments

Back to TopLeave a Reply

You must be logged in to post a comment.

Recent Comments

  • ajla: “(similar to those in 1957 and 1968)” “The coronavirus outbreak could kill 100,000 to 200,000...
  • thelaine: The President has hinted that he is considering a county-by-county response to minimizing the virus’s...
  • Lou_BC: @thelaine: “assumes that most people who contract the virus don’t show symptoms and very few need to go to...
  • Lie2me: Yeah, right… “Sunday, March 29 NEW YORK (AP) — The coronavirus outbreak could kill 100,000 to...
  • Lou_BC: Death rates are tied to the health care system response. Wuhan province and Italy have seen extremely high...

New Car Research

Get a Free Dealer Quote

Who We Are

  • Timothy Cain
  • Matthew Guy
  • Ronnie Schreiber
  • Bozi Tatarevic
  • Chris Tonn
  • Corey Lewis
  • Mark Baruth