Fiat to offer bug bounties following Jeep hack

By on
Fiat to offer bug bounties following Jeep hack

Cash up for grabs for security flaws.

Fiat Chrysler will offer rewards of as much as US$1500 to ethical hackers who tell the auto maker about IT security weaknesses in its vehicles, the company said.

Fiat's move comes a year after independent security researchers used a wireless connection to turn off a Jeep Cherokee's engine. The hack alarmed auto makers and regulators, and it led Fiat to recall 1.4 million vehicles to prevent the use of a wireless connection to gain control of the vehicle.

Fiat officials said Bugcrowd, which manages similar programs for a range of companies including Tesla Motors, will manage its bug bounty program.

Auto makers have stepped up efforts to address concerns that vehicles equipped with internet connections could be vulnerable to criminals who could seek to harvest personal data through vehicle systems, or perpetrate other mischief such as disabling a car and demanding a ransom to bring it back to life.

In July 2015, several major auto makers formed an Automotive Information Sharing and Analysis Centre, or Auto-ISAC, to serve as a clearing house for information about cyber threats. The group said in a statement this week its members now account for 99 per cent of light duty vehicles on the road in North America.

Titus Melnyk, Fiat senior manager for security architecture, said Fiat could share information generated by the Bugcrowd program with other automakers through the Auto-ISAC.

"We'll err on the side of what's right for the industry," he said.

General Motors has a program managed by San Francisco cyber security company Hackerone that offers recognition, but not cash, to researchers who identify and share cybersecurity gaps with the company.

The company has also begun hiring outside cyber security experts and has a group of employees that test the company's systems, Jeffrey Massimilla, GM's chief product cybersecurity officer, said.

Massimilla said GM may offer cash bounties to ethical hackers, but said, "If you put up a small bounty you aren't going to get good research."

Got a news tip for our journalists? Share it with us anonymously here.

Most Read Articles

Log In

  |  Forgot your password?