Log in or Register for enhanced features | Forgotten Password?
White Papers | Suppliers | Events | Report Store | Companies | Dining Club | Videos
Automotive Business Review
Return to: ABR Home | Automotive | Parts, Tires and Aftermarket | News Listing

FCA US offers bounties to hackers to find security flaws in vehicles

ABR Staff Writer Published 13 July 2016

North American automaker FCA US has launched a public bug bounty program to advance vehicle cybersecurity.

Bugcrowd has been selected to manage FCA US Bug Bounty Program, which offers financial reward for those who discover potential vehicle cybersecurity vulnerabilities.

The program uses Bugcrowd’s crowdsourced community of cybersecurity researchers to promote a public channel for responsible disclosure of potential vulnerabilities.

FCA said the move is one of the best ways of addressing cybersecurity challenges created by the integration of technology and automotive industry.

With this program, the automaker will gain the ability to identify potential product security vulnerabilities, implement fixes and mitigate controls after ample testing, improve safety and security of its vehicles in US and connected services and hopes to develop an environment of transparency and cooperation from cyber security community.

FCA US security architecture senior manager Titus Melnyk said: “There are a lot of people that like to tinker with their vehicles or tinker with IT systems.

“We want to encourage independent security researchers to reach out to us and share what they’ve found so that we can fix potential vulnerabilities before they’re an issue for our consumers.”

Melnyk added: “Exposing or publicizing vulnerabilities for the singular purpose of grabbing headlines or fame does little to protect the consumer.

“Rather, we want to reward security researchers for the time and effort, which ultimately benefits us all.”

As part of the program, Bugcrowd will offer between $150 to $1500 per bug depending upon the criticality of the product security vulnerability and the scope of impact.

Bugcrowd CEO and founder Casey Ellis said: “Automotive cybersafety is real, critical, and here to stay. Car manufacturers have the opportunity to engage the community of hackers that is already at the table and ready to help, and FCA US is the first full-line automaker to optimize that relationship through its paid bounty program.

“The consumer is starting to understand that these days the car is basically a two ton computer. FCA US customers are the real winners of this bounty program; they're receiving an even safer and more secure product both now and into the future.”