Automotive CybersecurityConnected Vehicle

Fiat Chrysler tackles connected car security with bug bounty program

Published: July 14, 2016 

Fiat Chrysler Automobiles is joining the automotive security team by becoming one of the first automakers to launch a bug bounty program.

In order to overcome software vulnerability and cyber threat in cars and trucks, Fiat Chrysler is hitting the gas on cybersecurity. The Italian-American automotive giant is leaving no stone unturned when it comes to automotive safety and security. Therefore, as part of a new initiative, the company is offering a bounty of $150 to $1,500 to people who spot software bugs and report them so they can be fixed. The size of the reward depends on how critical the bug is and how many vehicles it affects.

FCA US has always made the security of their cars a top priority, standardizing and innovating security features since 1924 and, notably, in 1988 being the first automotive company to make airbags standard. As the attack surface of cars has expanded from just the physical realm to the cyber world, they take a new approach to product security in their commitment to helping keep drivers and passengers safe.

To that end, Fiat Chrysler has turned to Bugcrowd to tap into the collective creativity of our 30,000+ security researchers, as well as those who aren’t yet members of the Bugcrowd community. Bugcrowd is excited to be part of this historic advancement in automotive security and look forward to supporting the Fiat Chrysler bug bounty program both now and into the future.

Titus Melnyk, senior manager of security architecture, Fiat-Chrysler US (FCA US), said:

There are a lot of people that like to tinker with their vehicles or tinker with IT systems. We want to encourage independent security researchers to reach out to us and share what they’ve found so that we can fix it before it becomes an issue for our consumers. Exposing or publicizing vulnerabilities for the singular purpose of grabbing headlines or fame does little to protect the consumer. Rather, we want to reward security researchers for the time and effort, which ultimately benefits us all.


Casey Ellis, CEO and founder of Bugcrowd, said:

Automotive cybersafety is real, critical, and here to stay. Car manufacturers have the opportunity to engage the community of hackers that is already at the table and ready to help, and FCA US is the first full-line automaker to optimize that relationship through its paid bounty program. The consumer is starting to understand that these days the car is basically a two-ton computer. FCA US customers are the real winners of this bounty program; they’re receiving an even safer and more secure product both now and into the future.

The step has been introduced about a year after two ethical hackers were able to control a Jeep Cherokee remotely with a laptop through loopholes in the vehicle’s radio. The hack touched off the recall of 1.4 million vehicles made by FCA including Cherokees in order to patch software holes, which was definitely an eye opener for the automotive industry.

Source: Fiat Chrysler Automobiles


Related Articles