Fiat Chrysler Automobiles will begin to reward hackers who expose deficiencies in its car’s software.
Using Bugcrowd, a platform that connects researchers to firms looking to eliminate technical defects, FCA will award hackers up to $1,500 for reporting vulnerabilities in its so-called “bug bounty” program.
“This is really the next level of automotive cyber safety,” Bugcrowd chief executive Casey Ellis said in an interview, when he also called the move “historic” because of Chrysler’s worldwide scale.
The move comes almost a year after security researchers Chris Valasek and Charlie Miller remotely hacked into a 2014 Jeep Grand Cherokee, a vehicle made by Fiat Chrysler, from their keyboards while the vehicle was being driven 70 mph on the highway. Their hack turned the steering wheel, briefly disabled the brakes and shut down the engine.
Now, security advocates are pushing automakers to make their cars digitally safer.
FCA is the third carmaker to use a bug bounty program. Tesla began a program in 2015. The company will pay security researchers up to $10,000 for finding software flaws, and has doled out at least 135 rewards so far, according to Bugcrowd.
In January, General Motors launched a security disclosure program that offers researchers a way to tell the company about problems in its software. The program doesn’t pay out bounties, although in an interview with The Washington Post last year, chief product cybersecurity officer Jeffrey Massimilla suggested some sort of reward system was being considered.
“No organization in the world has an excuse not to do bug bounties at this point,” said Jordan Wiens, founder of software research firm Vector 35. He won 1.25 million frequent flyer miles from United Airlines last year after exposing flaws in a bug bounty program. There are “very few car companies that realize how much trouble they’re in.”
Auto manufacturers in recent years have been racing to dub themselves software companies as the industry looks toward creating interconnected and autonomous vehicles, and as such have been programming modern cars with hundreds of millions of lines of code.
That software controls everything in a vehicle from the radio and climate control consoles, to the power steering system and tire pressure gauges. As drivers steer their cars, for example, they’re not physically turning the wheels, but instead instructing a computer to turn the wheels for them.
And researchers have shown themselves capable of compromising the security of that software and wresting control of the car from an active driver.
Read more of the original article at The Washington Post.
