White hat hackers can make over $1,000 bucks a bug.
Not so long ago a 2014 Jeep Cherokee was the victim of a very public hacking exercise. The hackers were working with Wired to show vulnerabilities in the FCA's Uconnect infotainment system. The episode was embarrassing for FCA and presented a real danger for consumers as the hackers stopped the Jeep dead on the freeway. In an attempt to make sure this type of thing never happens again the automaker is working with Bugcrowd to offer rewards for hackers who find flaws in its car’s security systems.
Bugcrowd is a San Francisco-based company that offers crowdsourced cybersecurity testing. On this specific project, hackers will try and find flaws in FCA’s Uconnect website and its Uconnect iOS and Android apps. Remember that the hackers working with Wired were able to take control of the Jeep Cherokee by first exploiting a vulnerability in its Uconnect software. According to FCA the payment for finding flaws will depend on the “criticality of the product security vulnerability identified, and the scope of impacted users.” Even though the company is a bit late with this project we still think it’s a positive first step. After all, white hat hackers (aka good guys) are the ones who discovered and reported the initial issue.
It’s a good idea to get as many of them on the payroll as possible before the black hat hackers (the bad guys) get wise to any loopholes and start causing chaos. It's also smart for FCA to try and stay ahead of lawmakers, especially those in Michigan. State senators there have put together a bill that would severely punish those who hack into cars. The bill is meant as a deterrent, but you have to bet that FCA is hoping a case like this never makes it to court. The publicity would be awful and would cause the government to come down hard on the automaker. Best to get out front of the problem now by paying a few hackers what amounts to chump change to find and report problems.