Fiat Chrysler to Pay Hackers Who Find Cybersecurity Flaws
July 13 2016 - 1:20AM
Dow Jones News
One year after hackers showed they could control a moving Jeep,
Fiat Chrysler Automobiles NV has a new solution to get computer
whizzes to work more closely with it: pay them.
The Italian-U.S. auto maker is launching a so-called bug bounty
program aimed at compensating hackers between $150 and $1,500 every
time they uncover potential cybersecurity flaws in the vehicles and
alert the company. The auto maker has tapped Bugcrowd Inc., a San
Francisco company that runs bug bounty programs that compensate
hackers willing to work with companies or other organizations to
uncover gaps.
Bugcrowd already runs a program for electric-car maker Tesla
Motors Inc. Tesla also fell victim to a high-profile security hack
last year, when computer-security researchers revealed they had
found a way to effectively power down a Tesla Model S by hacking
the entertainment system. Tesla issues a patch to resolve the
problem.
Fiat Chrysler and the rest of the auto industry were caught off
guard earlier last summer when two researchers demonstrated they
could take control of a moving Jeep Cherokee from a laptop miles
away using the vehicle's wireless communications system. Fiat
Chrysler fixed the security flaw through a vehicle recall and
software patch, but the hack raised new questions about the safety
of the growing pool of internet-connected cars on the road.
Auto makers are packing more electronics and related software in
vehicles to offer buyers better safety gear, communications
capability and seamless connectivity to information available
outside the car's cabin. This development has increased concerns
that cybercriminals will successfully target automobiles with
various threats, including data-stealing schemes or ransomware that
locks individuals out of their car's functions with a demand for
payment in exchange for an encryption key to regain
functionality.
Several car companies, including Fiat Chrysler, have built up
cybersecurity teams that work to safeguard everything from
corporate information technology to the ability of vehicles to
withstand hacking threats. Auto parts suppliers developing much of
the software in cars are subject to security standards that are
getting more stringent.
Although bug bounty programs are increasingly common at American
corporations, the auto sector has been relatively slow in offering
payment schemes for hackers looking to identify vehicle security
flaws. General Motors Co. runs a voluntary hacking disclosure
program on the hackerone.com website where hackers can volunteer
information.
GM is receiving or resolving several cybersecurity reports a
day, according to the site.
Write to John D. Stoll at john.stoll@wsj.com
(END) Dow Jones Newswires
July 13, 2016 01:05 ET (05:05 GMT)
Copyright (c) 2016 Dow Jones & Company, Inc.
Tesla (NASDAQ:TSLA)
Historical Stock Chart
From Mar 2024 to Apr 2024
Tesla (NASDAQ:TSLA)
Historical Stock Chart
From Apr 2023 to Apr 2024