Fiat Chrysler Automobiles will begin to reward hackers who expose deficiencies in its car's software, the company announced Wednesday.
Using BugCrowd, a platform that connects researchers to firms looking to eliminate technical defects, FCA will award hackers up to $1,500 for reporting vulnerabilities in its so-called "bug bounty" program.
"This is really the next level of automotive cyber safety," BugCrowd chief executive Casey Ellis said in an interview, when he also called the move "historic" because of Chrysler's worldwide scale.
The move comes almost a year after security researchers Chris Valasek and Charlie Miller remotely hacked into a 2014 Jeep Grand Cherokee, a vehicle made by Fiat Chrysler, from their keyboards while the vehicle was being driven 70 mph on the highway.
Their hack turned the steering wheel, briefly disabled the brakes and shut down the engine.
Now, security advocates are pushing automakers to make their cars digitally safer.
FCA is the third carmaker to use a bug bounty program.
Tesla began a program in 2015. The company will pay security researchers up to $10,000 for finding software flaws, and has doled out at least 135 rewards so far, according to BugCrowd.
In January, General Motors launched a security disclosure program that offers researchers a way to tell the company about problems in its software.
The program doesn't pay out bounties, although in an interview with The Washington Post last year, chief product cybersecurity officer Jeffrey Massimilla suggested some sort of reward system was being considered.
"No organization in the world has an excuse not to do bug bounties at this point," said Jordan Wiens, founder of software research firm Vector 35. He won 1.25 million frequent flyer miles from United Airlines last year after exposing flaws in a bug bounty program. There are "very few car companies that realize how much trouble they're in."
Auto manufacturers in recent years have been racing to dub themselves software companies as the industry looks toward creating interconnected and autonomous vehicles, and as such have been programming modern cars with hundreds of millions of lines of code.
That software controls everything in a vehicle from the radio and climate control consoles, to the power steering system and tire pressure gauges. As drivers steer their cars, for example, they're not physically turning the wheels, but instead instructing a computer to turn the wheels for them.
And researchers have shown themselves capable of compromising the security of that software and wresting control of the car from an active driver.
"A failure in any part of the system can potentially get you unfettered access to any other part of the system," said Joshua Corman, director of the Cyber Statecraft Initiative at the Atlantic Council think tank and founder of security advocacy website iamthecavalry.org.
The modern car is basically a two-ton rolling computer, Ellis said, and is subject to the same vulnerabilities of a bad guy trying to reach through his keyboard and steal information for an individual or a business.
Bug bounty programs incentivize "white hat" hackers, the good guys, to expose weaknesses before anyone else can get to them. That way, companies can fix the problems before they're exploited.
"A lot of the hackers we have on the platform, they like thinking like a criminal, but they don't necessarily want to be one," Ellis said.
And in cars, problems can be big, easy to spot and dangerous if not addressed. GM received more than 100 defect reports in the first 48 hours of its bug bounty program, according to industry insiders.
Corman created a five-star safety rating , similar to widely accepted crash test ratings, for software safety to give carmakers a baseline for safety standards.
"Where the rubber meets the road in this area is that you have companies that have been making vehicles for 100 years wake up one day and they're software companies and they don't yet have the habits and culture to do it safely," he said. "It's encouraging to see another auto company see they are a software company and start taking that seriously."
The Washington Post
Thu Jul 14 2016
Bug bounty programs incentivize "white hat" hackers, the good guys, to expose weaknesses before anyone else can get to them. (AFP File Photo)
Dua anak Tun M sekali lagi diberi tempoh lanjutan 30 hari bagi isytihar harta
Maklumat harta serta aset Mirzan dan Tan Sri Mokhzani sejak empat dekad lalu perlu dikemukakan dalam tempoh 30 hari kepada SPRM.
AWANI Ringkas: Kes saman fitnah
Ikuti rangkuman berita utama yang menjadi tumpuan sepanjang hari di Astro AWANI menerusi AWANI Ringkas.
AWANI Ringkas: PRK Kuala Kubu Baharu
Ikuti rangkuman berita utama yang menjadi tumpuan sepanjang hari di Astro AWANI menerusi AWANI Ringkas.
Thomas Cup: Zii Jia ketepikan 'kegoyahan' kem perseorangan lelaki negara
Lee Zii Jia tidak mahu terlalu memikirkan situasi kem perseorangan negara yang kurang mantap menjelang aksi pembukaan Kumpulan D saingan Piala Thomas 2024 berdepan Hong Kong, esok.
AirAsia Group bakal disenaraikan di Bursa Malaysia pada September - Tony Fernandes
AirAsia Group Sdn Bhd (AAG) bakal disenaraikan di Bursa Malaysia pada September, mengambil alih status penyenaraian AirAsia X Bhd, kata Ketua Pegawai Eksekutif Capital A Bhd Tan Sri Tony Fernandes.
Sebutan rayuan pendakwaan terhadap Bung Moktar, isteri ditetapkan 29 Julai
Timbalan pendaftar Mahkamah Rayuan Muhammad Noor Firdaus Rosli menetapkan tarikh itu semasa pengurusan kes hari ini dan beliau turut menetapkan pengurusan kes akhir pada 15 Julai.
AWANI 7:45 [26/04/2024] - Wajar tidak dijemput | UM jemput pensyarah Pro-Israel | Rumah terbuka di Kuala Kubu Bharu | Penamaan calon pada Sabtu
#AWANI745 malam ini bersama Irfan Faruqi;
1. PM sindir pensyarah Amerika jemputan UM berkualiti rendah
2. Mahasiswa boikot kuliah, jika VC UM membisu
3. Bersih dakwa Rumah Terbuka Aidilfitri Selangor bercanggah Akta Kesalahan Pilihan Raya
4. SPR selesai persiapan proses penamaan calon PRK DUN Kuala Kubu Baharu
1. PM sindir pensyarah Amerika jemputan UM berkualiti rendah
2. Mahasiswa boikot kuliah, jika VC UM membisu
3. Bersih dakwa Rumah Terbuka Aidilfitri Selangor bercanggah Akta Kesalahan Pilihan Raya
4. SPR selesai persiapan proses penamaan calon PRK DUN Kuala Kubu Baharu
Freedom Flotilla to Gaza: NGO Malaysia gesa kerajaan mohon kebenaran Republik Guinea-Bissau guna bendera
Kumpulan Pertubuhan Bukan Kerajaan (NGO) dari Malaysia menggesa kerajaan untuk membantu memudahkan misi pelayaran misi Break The Siege: Freedom Flotilla to Gaza.
Jangan pilih merengek, sebaliknya berunding bantu rakyat - PM Anwar
Perdana Menteri Datuk Seri Anwar Ibrahim hari ini menempelak pendirian pemimpin yang memilih merengek dan mencaci usaha kerajaan membantu semua kaum, yang hanya merugikan rakyat.
Misi menamatkan kemarau Piala Thomas di Chengdu diteruskan
Menang besar atau balik, itu situasi menanti pasukan badminton lelaki negara yang berhasrat untuk mengukir nama mereka dalam sejarah.