Detroit Auto Industry’s First Bug Bounty Launched

Fiat Chrysler has launched the first-ever bug bounty program for an automaker out of Detroit, awarding cash for security researchers and white hat hackers who find vulnerabilities in its vehicles.

Over a year has passed since two security researchers remotely hacked and took control of a Jeep Cherokee, a vehicle manufactured by Fiat Chrysler Automobiles.

Now, the Italian-owned car manufacturer has announced a bug bounty program where it will reward up to $1,500 to security researchers who report vulnerabilities in its vehicles’ software.

The bug bounty program is managed by Bug Crowd, a bug bounty platform backed by venture capital and private equity firms.

Speaking to Wired, the publication which originally reported the Jeep Cherokee hack last year while having its own writer driving the car at the time, Bug Crowd CEO Casey Ellis stated called it a huge move on the automaker’s part to launch the program.

“This is basically creating normalcy around the dialogue between hackers and vehicle manufacturers for the purposes of making vehicles safer,” he stated.

While Fiat Chrysler is  the first carmaker among Detroit’s “Big Three” automobile manufacturers, Tesla has notably paid out bug bounties in the past. The electric car maker has paid up to $10,000 to hackers who have uncovered and reported vulnerabilities and flaws. Tesla also runs its bug bounty program on Bug Crowd.

Fiat Chrysler’s bug bounty program specifically mentions the targets that are to be focused on by the hackers. They are the Uconnect infotainment apps on the Android and iOS platforms, as well as the Eco-Drive driving efficiency applications. However, Ellis confirmed that vulnerabilities that affect target vehicles directly, beyond the software that is involved, are also eligible for rewards.

The increasing focus on cybersecurity in an age when there are an increasing number of internet-connected vehicles can only be a step in the right direction, despite the relatively low bug bounty paid out by Fiat Chrysler.

Ellis added that “several” other car manufacturers are also in conversations with Bug Crowd to implement their own bug bounty programs.

Image credit: Flickr.