Are You A Hacker? FCA Will Pay You To Expose Security Risks

TopSpeed

By Robert Moore

Published Jul 13, 2016

More manufacturers need to get on board with this ASAP

Hackers often get a pretty bad rap, as they are often advertised as bad people who take advantage of security vulnerabilities for their own gain, often stealing personal information or other valuable data. But, not all of them are bad. In fact, there are a number of Fortune 500 companies like AT&T and United Airlines pay "ethical hackers" to expose vulnerabilities within their systems. In the automotive world, the most prominent company that takes this approach is Tesla, who pays anywhere between $100 and $10,000 to anyone who finds and reports any vulnerabilities. Now, FCA is offering up a similar program, albeit with some limitations.

It’s been a year since professional hackers publicly exploited ta cellular vulnerability that allowed them to remotely manipulate a 2015 Jeep Cherokee – something that opened everyone’s eyes to the potential danger of having cars that are increasingly becoming smarter and more connected. To help prevent similar vulnerabilities in the future, FCA is now offering up between $150 and $1,500 to anyone who notifies them of security flaws through a program on bugcrowd.com. There is a stipulation, though, as the company will only pay for vulnerabilities found in its Uconnect system and owner websites.

Titus Melnyk, FCA’s Senior Manage for Security Architecture, said, “There have been a number of things where people have reached out to us through customer care and other contact methods where they highlighted things that were of interest.” He continued, saying that the bugcrowd program is “just a nice, official way to make it easier for people to contact us and know what we’re really interested in.”

So, there you have it. If you’re technologically inclined or a “hacker” help keep FCA cars safe from security risks and make a little money while you’re doing it.

Continue reading for the full story.

Why it matters

I think it's great FCA is finally on board with a program like this. So far, Tesla has paid out at least 132 bounties to hackers – according to bugcrowd – and I have a feeling that FCA will be paying out some bounties pretty soon itself. Security vulnerabilities have been a risk since the internet came into existence, and now that just about every new car worth having has internet connectivity, it’s something manufacturers need to take seriously. It will become increasingly important that manufacturers remain vigilant as our cars continue to evolve. We can only hope that other manufacturers follow the example set forth by Tesla, FCA, and the other Fortune 500 companies that are willing pay for exposed vulnerabilities. Just think, once we perfect self-driving cars, one little vulnerability could turn deadly on a massive scale at the whim of someone with the right know-how. Pretty scary, huh?

Jeep Cherokee

Read our full review on the Jeep Cherokee here.