Fiat to offer bug bounties following Jeep hack

By

Cash up for grabs for security flaws.

Fiat Chrysler will offer rewards of as much as US$1500 to ethical hackers who tell the auto maker about IT security weaknesses in its vehicles, the company said.

Fiat to offer bug bounties following Jeep hack

Fiat's move comes a year after independent security researchers used a wireless connection to turn off a Jeep Cherokee's engine. The hack alarmed auto makers and regulators, and it led Fiat to recall 1.4 million vehicles to prevent the use of a wireless connection to gain control of the vehicle.

Fiat officials said Bugcrowd, which manages similar programs for a range of companies including Tesla Motors, will manage its bug bounty program.

Auto makers have stepped up efforts to address concerns that vehicles equipped with internet connections could be vulnerable to criminals who could seek to harvest personal data through vehicle systems, or perpetrate other mischief such as disabling a car and demanding a ransom to bring it back to life.

In July 2015, several major auto makers formed an Automotive Information Sharing and Analysis Centre, or Auto-ISAC, to serve as a clearing house for information about cyber threats. The group said in a statement this week its members now account for 99 per cent of light duty vehicles on the road in North America.

Titus Melnyk, Fiat senior manager for security architecture, said Fiat could share information generated by the Bugcrowd program with other automakers through the Auto-ISAC.

"We'll err on the side of what's right for the industry," he said.

General Motors has a program managed by San Francisco cyber security company Hackerone that offers recognition, but not cash, to researchers who identify and share cybersecurity gaps with the company.

The company has also begun hiring outside cyber security experts and has a group of employees that test the company's systems, Jeffrey Massimilla, GM's chief product cybersecurity officer, said.

Massimilla said GM may offer cash bounties to ethical hackers, but said, "If you put up a small bounty you aren't going to get good research."

Got a news tip for our journalists? Share it with us anonymously here.
Tags:
fiathackjeepsecurity

Sponsored Whitepapers

Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt

Events

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack
Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"
International Criminal Court hit by cyber attack

International Criminal Court hit by cyber attack
Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?