Fiat Chrysler is recruiting hackers to help it find and fix vulnerabilities in its vehicles’ software that can leave them vulnerable to theft or having their controls taken over.
Jeep’s corporate parent realized it had a problem on its hands last summer when a pair of cybersecurity pros showed how easy it was to hack a Jeep Cherokee using the SUV’s wi-fi connection. In a scary demonstration, they took over several of the vehicle’s controls — while it was moving — from a remote location. Chrysler created a security patch and issued a recall to address that particular flaw, but the incident showed how easy it was for people to manipulate our increasingly Internet-connected and technology-dependent cars.
Bugcrowd, a company that connects enterprising hackers with companies who need cybersecurity help, announced Wednesday that Fiat Chrysler is using its platform to launch a “bug bounty” program, where freelance hacking experts will be paid from $150 to $1,500 for every security flaw they find and flag for the automaker. Bugcrowd said the payments would be “scaled based upon the criticality of the product security vulnerability.”
“We want to encourage independent security researchers to reach out to us and share what they’ve found so that we can fix potential vulnerabilities before they’re an issue for our consumers,” Fiat Chrysler’s senior manager of security architecture Titus Melnyk said in a statement.