Business & Tech

Fiat-Chrysler Not Only Wants to Be Hacked, It Will Pay $1,500

The automaker, which recalled 1.4 million vehicles over a steering hack, has teamed with a private cybersecurity company to pay bounties.

Beth Dalbey's profile picture
Beth Dalbey, Patch StaffVerified Patch Staff Badge
|

Auburn Hills, MI — If you’ve got a knack for hacking into software, Fiat Chrysler Automobiles wants you to have at it, on the right side of the law and with a lucrative cash incentive.

The Auburn Hills-based automaker said Wednesday it is offering up to $1,500 bounties to white-hat hackers who are able to permeate firewalls and identify potential security issues with their vehicles and software systems.

FCA is not the only automaker looking outside the company for help, but its problems and security issues are some of the most infamous.

Find out what's happening in Rochester-Rochester Hillsfor free with the latest updates from Patch.

NEWSLETTER & REAL-TIME NEWS ALERTS: Get the Top Michigan Headlines from Patch Editor Beth Dalbey

After hackers were able to remotely break into certain Jeep, Dodge and Chrysler vehicles and control their steering wheels from afar last year, the automaker recalled 1.4 million vehicles to fix the defect. FCA also faces a huge class action suit.

Find out what's happening in Rochester-Rochester Hillsfor free with the latest updates from Patch.

The bounties, which range from $150 to $1,500, are offered for each legitimate security flaw uncovered through a program managed by the crowd-sourced cybersecurity company Bugcrowd.

“Bugcrowd will do the initial triage,” Titus Melnyk, FCA US’s senior security manager, said in a YouTube video announcing the program.

“The most important thing is if someone does report a vulnerability to us — that we vet out — we want to reward that person, which is why we’re going with a paid bounty program,” Melnyk said.


The goal isn’t just to identify security threats like the steering hack but also help FCA write better code and demonstrate to the market that it's serious about cybersecurity, Bugcrowd co-founder and CEO Casey Ellis said in the video.

Tesla Pays $10,000 Bounties

Bugcrowd also runs Tesla’s bug bounty program, which offers up to $10,000 to hackers who find credible vulnerabilities.

Another Big Three automaker, General Motors, is working with HackerOne to identify risks that could allow unauthorized access to its vehicles, though it isn’t paying for the information.

Jeff Massimilla, the automaker’s chief product cybersecurity officer, said that “outside of academic research, we are not aware of any successful intrusion through a wireless entry point to obtain control of any GM vehicle or customer data.”

HackerOne is a bug detection program opened to the public by Uber.

Collin Greene, an Uber security engineer who manages the program and was one of the architects of Facebook’s bug bounty program, told Fortune “it’s an exciting way to get people locked in.”

United Airlines has also invited hackers to try to crack firewalls. Depending on the level of the security threat, the “good guy” hackers could get up to 1 million frequent flier miles.

Images: Shutterstock and, above, Getty Images

Get more local news delivered straight to your inbox. Sign up for free Patch newsletters and alerts.

More from Rochester-Rochester Hills