FCA Offering $1,500 Bounty to Hackers

by Admin on July 23, 2016


Photo Credit: Automotive ISAC

Fiat Chrysler Automobiles (FCA) announced recently that they will be offering rewards up to $1,500 to ethical hackers who can find data security weaknesses in their vehicles and report them to the company. This news comes exactly one year after a Jeep Cherokee was turned off remotely by two hackers in conjunction with a reporter from Wired.com. You can read that full story here. That hack led to the recall of 1.4 million vehicles by FCA. Since then, automakers across the board have increased efforts to fix potential hacking issues with vehicles equipped with high-speed Internet connections.

After the initial story was reported in July 2015, several major automakers formed the Automotive Information Sharing and Analysis Centre (Auto-ISAC) to effectively combat the threat of cybersecurity. The main purpose of Auto-ISAC is to give manufacturers a streamlined way to communicate in real-time about cybersecurity issues so they can be handled effectively. Almost all manufacturers are a part of the Auto-ISAC now, as evidenced by a statement released by the group this week that claims that its members now account for 99 percent of light duty vehicles in North America.

The rewards themselves will be handled by a company named Bugcrowd Inc. based in San Francisco which manages similar “bounty” programs for a variety of other companies including Tesla Motors Inc. Bugcrowd’s chief executive, Casey Ellis, said recently that they employ 32,000 researchers that work to address cybersecurity concerns for their clients.

General Motors has a similar program handled by a company named Hackerone which is also based in San Francisco. GM does not offer cash rewards for their program, but does offer recognition for anyone who can report cybersecurity exploits in their vehicles. GM’s chief cybersecurity officer Jeffrey Massimilla said this week that GM may offer cash rewards similar to FCA but their main concern is that offering a bounty to hackers isn’t going to result in good research.

It will be interesting to see if aspiring hackers will jump on this opportunity to make some quick cash and further the cybersecurity research in the automotive industry at the same time. FCA senior manager for security architecture Titus Melnyk said that FCA “may” share information generated by the bounty program with the rest of the Auto-ISAC if it is for the benefit of the auto industry as a whole. If this program ends up being a success, it will benefit everyone involved.

Manvir Sangha
SEO/PPC Analyst

Leave a Comment

Previous post:

Next post: