In a few weeks, after Pokémon Go jumps the shark and we all head back to our homes for nights of solitude, Fiat Chrysler Automobiles will offer another opportunity for high-tech geekery. And a lucrative one, too.
Announced today, the automaker will hand tech-savvy individuals cold, hard cash in return for information on weaknesses in its vehicles’ cybersecurity. Exposing a hidden backdoor that hackers could sneak through will net you up to $1,500.
FCA says the industry-first “bug bounty” program is open to anyone — vehicle owners, IT professionals, IT…enthusiasts? — and is designed to guard the safety of its vehicle systems and connected services. Tips can be sent to the automaker via the Bugcrowd platform. (The automaker explains the process in a YouTube video.)
“Exposing or publicizing vulnerabilities for the singular purpose of grabbing headlines or fame does little to protect the consumer,” stated Titus Melnyk, FCA’s U.S. senior manager of security architecture, in a release. “Rather, we want to reward security researchers for the time and effort, which ultimately benefits us all.”
Bugcrowd manages the reward payout, which varies depending on the seriousness of the weakness discovered. The starting “bug” price is $150. Bugcrowd CEO Casey Ellis said FCA’s program will “engage the community of hackers that is already at the table and ready to help.”
Last year, hackers exposed a weakness in FCA’s Uconnect infotainment system that allowed them to commandeer a Jeep Grand Cherokee as it drove down a Missouri highway. The flaw was so troubling, FCA recalled 1.4 million vehicles to install a software patch.
I’d prefer they lend me a TRACKHAWK so I can beta test.
Technically they should give that money to me for pointing out how bad the ZF shifter was BEFORE they ever implemented it – since AUDI HAD IT FIRST and I recognized it was trash then.
I could have saved Anton Yelchin.
FCA is being cheap. A lot of companies are offering into the low 5 figures for the top reward.
For example, Uber is offering $10,000 for critical bugs and down to $3,000 for medium issues. So, if you’re a professional hacker, where are you going to spend your time?
“will net you up to $1,500.”
Enough to buy a 2014 Dart!
“Up to” is marketingspeak for “less than”.
This just makes it appear that FCA is too cheap to have their own personnel look for the security weaknesses, or that they don’t expect them to find them all.
How much longer will it take for corporations to realize that software isn’t the perfect solution for all problems, real and imagined? Self-driving cars are fatally fallible, vehicles are hackable and can be taken over or stolen in ways not before possible, banks are being robbed over the internet, top secret national security information is being bled all over, emails contain file-encrypting viruses… on the other hand, we can all now enjoy Candy Crush, Twitter, Pokémon Go, Facebook, Ashley Madison, Tinder and TTAC.
RHD, the best security-oriented minds do not work for Fiatsler, nor GM, nor Ford, nor the US gov’t.
My guess would be that the best security-oriented minds work for state-sponsors of terrorism, hacking and cracking, i.e. Russia, China, North Korea, Iran.
But it is a comfort that Israel is on the side of the good guys, with their ability to crack the iPhone and develop worms like StuxNet.
That is pretty low for a zero day exploit. Any significant vulnerability against a vehicle would likely be worth significantly more.
P0kem0n G0 is the bigger virus, it will infiltrate our idiocracy, and may cause more deaths than Autopilot – why? Because business has found that it’s a fantastic way to *physically* lure drones to their business lairs.
So, which car company will actually integrate the P0kem0n G0 app into their nav system?
Stay Tuned…
Now that’s a cry for help if I ever heard one.
So, just to be *wrong* about this: FCA will pay “up to” $1,500 to expose their hidden back door. Damnit Sergio, no means no!