FCA Will Pay You to Hack its Car Computers

FCA sign
FCA sign | Source: FCA

Fiat Chrysler Automobiles is allowing the computer-savvy to bring out their inner Boba Fett and will become the first major automaker to join with Tesla in offering bounties to hackers who can exploit security breaches in its vehicle software. According to Automotive News, FCA said that it will pay bounties anywhere between $150 to $1,500 to anyone who can hack and “successfully notify the company of security vulnerabilities through a program on bugcrowd.com.”

This comes in response to a wave of concerns that started in July of 2015 when professional hackers Charlie Miller and Chris Valasek took advantage of the cellular vulnerabilities of a 2014 Jeep Cherokee being driven by a journalist and remotely controlled a few systems. Naturally, days after this information became widespread, FCA patched the security hole, thus fixing any vulnerabilities other vehicles equipped with the 8.4-inch Uconnect infotainment system might be susceptible to. But one year later, the risk is still as real as it ever was, so the company is putting more effort into preventative measures.

Dodge Challenger Hellcat race options
Dodge Challenger Hellcat race options | Source: Dodge

Automotive News says that Titus Melnyk, FCA’s senior manager for security architecture, claims that FCA’s bounty program will focus primarily on systems like Uconnect and its owner websites, which is the first thing someone would try to hack. While FCA’s security efforts have presumably been sound since last summer, by outsourcing some of these risks to groups of free-thinking rebels, FCA stands a strong chance of finding gaps in its tech armor that have previously gone undetected.

“There have been a number of things where people have reached out to us through customer care and other contact methods where they highlighted things that were of interest,” Melnyk explained. He went on to explain that the bugcrowd program “is just a nice, official way to make it easier for people to contact us and know what we’re really interested in.”

2016 Dodge Journey
2016 Dodge Journey | Micah Wright/Autos Cheat Sheet

Regardless of whether it be mere customer care or not, tech security breaches are a scary thought especially since modern cars are now computer-controlled to the point where they can be semi-autonomous. So the thought of someone else being able to hack a vehicle while you’re cruising down the interstate is an extremely scary one, and with cyber warfare remaining a legitimate threat, the need to fill the gaps is greater than ever before.

Tesla serves as a prime example of one success story in the war on malicious hackers, with bugcrowd claiming that the electric automaker has paid out at least 132 bounties over the past few years. Its bounty program is a far more lucrative one than FCA’s too, with rewards for successfully exposed tech security threats ranging anywhere from $100 to $10,000.

Dodge interior
Dodge interior | Micah Wright/Autos Cheat Sheet

In addition to fat bounty payouts, hackers also stand the chance of scoring lucrative contracts with large firms in order to help them bolster cyber security operations and expose any blaring vulnerabilities. In the past, several Fortune 500 companies have utilized bounty programs and hackers to expose security threats, with AT&T and United Airlines being two of the most notable names.

“I’m really excited that, by offering a bounty for this, it will drive more people into our program,” Melnyk said. “It gives people an incentive to take good notes and make sure that they can duplicate [any vulnerabilities].” In the meantime, all we can do is wait and see who steps forth to collect a bounty, and more importantly, pray that the good hackers expose any issues well ahead of any malicious individual with the ability to hack a computer-controlled gas pedal.