FCA US Launches 'Bug Bounty' Program to Advance Vehicle Cybersecurity

FCA US Launches ‘Bug Bounty’ Program to Advance Vehicle Cybersecurity

Automaker is encouraging independent security researchers to find potential vulnerabilities in their connected car technology so they can fix them before they become problems for consumers.

FCA-logoFrom aftermarketNews.com

To address the rapidly increasing convergence between connected technology and the automotive industry, FCA US LLC has announced the launch of a public “bug bounty” program on the Bugcrowd platform to enhance the safety and security of its consumers, their vehicles and connected services.

“There are a lot of people who like to tinker with their vehicles or tinker with IT systems,” said Titus Melnyk, senior manager – security architecture, FCA US LLC. “We want to encourage independent security researchers to reach out to us and share what they’ve found so that we can fix potential vulnerabilities before they’re an issue for our consumers.”

The FCA US bug bounty program leverages Bugcrowd’s crowd-sourced community of cybersecurity researchers to promote a public channel for responsible disclosure of potential vulnerabilities. FCA US said it believes the program is one of the best ways to address the cybersecurity challenges created by the convergence of technology and the automotive industry. The Bugcrowd program gives FCA US the ability to: identify potential product security vulnerabilities; implement fixes and/or mitigate controls after sufficient testing has occurred; improve the safety and security of FCA US vehicles and connected services; and foster a spirit of transparency and cooperation within the cybersecurity community.

“Exposing or publicizing vulnerabilities for the singular purpose of grabbing headlines or fame does little to protect the consumer,” said Melnyk. “Rather, we want to reward security researchers for the time and effort, which ultimately benefits us all.”

Bugcrowd manages all reward payouts, which are scaled based upon the criticality of the product security vulnerability identified, and the scope of impacted users. A reported vulnerability could earn a bug bounty of $150 to $1,500.

“Automotive cybersafety is real, critical and here to stay. Car manufacturers have the opportunity to engage the community of hackers that is already at the table and ready to help, and FCA US is the first full-line automaker to optimize that relationship through its paid bounty program,” said Casey Ellis, CEO and founder of Bugcrowd. “The consumer is starting to understand that these days, the car is basically a two-ton computer. FCA US customers are the real winners of this bounty program; they’re receiving an even safer and more secure product both now and into the future.”

FCA US said it may make research findings public, based upon the nature of the potential vulnerability identified and the scope of impacted users, if any. Last year, FCA US contacted customers about a potential vulnerability associated with certain radios, provided the software update and permanently closed remote access to the open port on the radio, eliminating the risk of any long-range remote hacking – all before issuing a recall.

“The safety and security of our consumers and their vehicles is our highest priority,” said Sandra Hosler, cybersecurity system responsible, FCA US LLC. “Building on a culture of safety, FCA US has developed a cross-functional team comprised of engineering, safety, regulatory affairs and connected vehicle specialists who are dedicated to collaboration and engagement with a wide range of industry professionals to build security into our vehicles and products by design.”

You May Also Like

Auto Care Industry Expected to Grow 5.7% in 2024

The 2025 Auto Care Factbook projects the total light-, medium- and heavy-duty automotive aftermarket to hit $617.3 billion industry in 2027.

The Auto Care Association has released its 2025 Auto Care Factbook and 2025 Auto Care Factbook & Lang Annual, which indicates that, despite challenges such as persistent inflation, the aftermarket demonstrated resilience with total U.S. light duty aftermarket sales growing by 8.6% in 2023 to $392 billion — surpassing the previous year’s projections of 8.1%. Light vehicle growth in 2024 is expected to be at a robust 5.9%, with the total light, medium and heavy duty automotive aftermarket now expected to be a $617.3 billion industry in 2027. 

Association News

The latest association news appearing on bodyshopbusiness.com.

Consolidator Report

Consolidation news from the week of June 10.

Top 5 Stories of the Week

A recap of the top five stories on bodyshopbusiness.com during the week of June 10.

Collision Careers Enhances Web Presence, Debuts New Video

The updated website now includes career path details and downloadable resources for parents, educators and school advisors as well as a new, engaging video.

Other Posts

SUN Collision Brings Back Thank You Thursdays Sweepstakes

SUN Collision is celebrating Automotive Service Professionals Month in June with the return of its “Thank You Thursdays!” sweepstakes.

Snap-on TSS Onsite at SkillsUSA in Atlanta

Snap-on Total Shop Solutions (TSS) products will be on display and included in the competition at the 2024 SkillsUSA National Leadership and Skills Conference June 24-28 at the Georgia World Congress Center in Atlanta. Related Articles – NABC to Host Third Golf Fundraising Event of 2024 – Honda Starts Production on 2025 Honda CR-V Fuel

NABC to Host Third Golf Fundraising Event of 2024

The NABC Changing and Saving Lives Foundation will host the third golf fundraising event of 2024 Sept. 9 at Boone Valley Golf Club in Augusta, Mo.

Honda Starts Production on 2025 Honda CR-V Fuel Cell EV

The all-new CR-V e:FCEV is the first production hydrogen FCEV in the U.S. to combine an all-new U.S.-made fuel cell system with plug-in EV charging capability.