FCA US has launched a bug bounty program in an effort to expose flaws in its vehicle software.
The bug bounty program, administered by Bugcrowd (a crowd-funding company specialising in cyber security), allows Fiat Chrysler Automobiles US to identify potential security risks, implement fixes and/or mitigate controls and improve the security and safety of its vehicles.
It also has the advantage of establishing a relationship between FCA US and the cybersecurity community.
Titus Melnyk, FCA US’s senior manager of security architecture, explained: “We want to encourage independent security researchers to reach out to us and share what they’ve found so that we can fix potential vulnerabilities before they’re an issue for our consumers.”
The program plans to reward hackers financially, with payouts expected to range between $150 and $1500.
Casey Ellis, CEO and founder of Bugcrowd, added: “Automotive cybersafety is real, critical and here to stay. Car manufacturers have the opportunity to engage the community of hackers that is already at the table and ready to help, and FCA US is the first full-line automaker to optimise that relationship through its paid bounty program.”
Vehicles at risk of cyber hacking are those with an in-built internet connection.
Last year, news broke of two computer programmers who hacked into a Jeep Cherokee’s system and took complete control of the vehicle, exposing severe weaknesses in the vehicle’s security.
The hackers took control of the air-con system, radio and windscreen wipers, before totally shutting down the vehicle’s transmission.