News

New FCA Program Will Reward and Pay Hackers

Bounties pay up to $1,500 USD and focus on Uconnect system

Bounties pay up to $1,500 USD and focus on Uconnect system

Rather than fighting software hackers, Fiat Chrysler Automobiles wants to reward them. FCA today launched a new hacker bounty program that will dole out monetary rewards to anyone who identifies and reports a security weakness in FCA’s software.

FCA is launching the program on crowdsourcing website Bugcrowd (www.bugcrowd.com). According to Bugcrowd’s site, its main purpose is to “bring thousands of good hackers to the fight, helping companies even the odds and find bugs before the bad guys do.” The list of prominent companies also on Bugcrowd includes Tesla Motors, which was the first automaker to offer bounties to hackers.

FCA says it will pay at least $150 USD and up to $1,500 USD for each hack. According to FCA’s page on Bugcrowd, the automaker is asking hackers to focus on vulnerabilities to its Uconnect infotainment system, especially with the way it interacts with iOS and Android personal devices. FCA also includes a long list of hacks that are excluded from the bounty. So far, 83 hackers have joined FCA’s program and four bounties have been rewarded.

Last year, FCA was the target of a software breach when two hackers demonstrated how they were able to control a Jeep Cherokee remotely through its Uconnect system. The hackers were able to manipulate most of the vehicle’s systems, and even went as far as disabling the brakes, transmission, and steering. The hackers were later hired on by Uber to help develop its autonomous driving technology.

Source: Automotive News (Subscription required)