Fiat Chrysler Automobiles is reaching out to the freelance community to entice white-hat hackers to aid the automaker in strengthening the cybersecurity protocols of its products and connected services by offering bounties to cybersecurity specialists who can resolve vulnerabilities. The move follows on the heels of a cybersecurity breach that led to a voluntary recall of 1.4 million vehicles by Fiat Chrysler last year.
FCA initiated the recall after security experts working with Wired magazine reported to Chrysler that they had discovered vulnerabilities in the Jeep’s entertainment system. Using the cellular network as its point of ingress, the hackers infiltrated the Jeep’s head-unit in order to manipulate the functions of the various subservient electronic control units within the vehicle. From 10 miles away the hackers were able to turn the radio off and on, run the windshield wipers and even stop the vehicle itself.
Fiat Chrysler’s focus on the future of automation is illustrated by its partnership with Alphabet/Google’s self-driving car project. This is the first time Google has partnered with a major independent automaker, announcing earlier this year their development of autonomously-driving minivans.
Two (or More) Heads are Better than One
In an attempt to learn from its previously exposed security vulnerabilities, Fiat Chrysler has teamed up with Bugcrowd, a service that seeks to discover and redress zero-day vulnerabilities through the use of crowdsourced cybersecurity specialists. In contrast to typical traditional security testing where a single security researcher or team, tests and researches products and service and offers their analysis, through Bugcrowd, companies can gain access to thousands of opinions from a far wider array of professionals than they likely otherwise would.
Bugcrowd’s crowdsourcing model enables FCA to offer payment through a bounty system, allowing the 28,000 tech and security specialists who work with Bugcrowd to bid on the work based on the particulars on the job. Similar to an Uber-style rating system, Bugcrowd researchers must maintain a certain level of proven trust and debugging success in order to maintain their association. This is allows those with the requisite security and data skills to hone and apply those skills by completing work for a variety of different companies while interacting through one central portal. And of course the freelancers additionally benefit from the extra work experience and pay for completed bounties, without being tied down or obligated to any specific company for longer than either party desires.
Fiat Chrysler’s bounty program offers bug fixing jobs with pay ranging from $150-$1500; about average compared to most of the other public bounty programs hosted by Bugcrowd. Cybersecurity skills are increasingly garnering greater demand in the modern economy, with Bugcrowd and a myriad of other headhunting and freelance sites helping to undergird employment in the currently thriving tech economy. A few companies such as Jet.com, Magento, and the innovative electric vehicle and self-driving competitor Tesla Motors even offer rewards ranging up to $10,000 or more. Such respectable payouts should inspire any self-respecting bounty hunter to strap on his mullet or Mandalorian helm and proceed to cyber-squashing some bugs.
To learn the skills to help companies fight vulnerabilities, click here.
Author: Jeffrey Sabranek