Bug bounties and automotive firewalls: Dealing with the car hacker threat
L33tdawg: They missed out CANsee - The automobile intrusion detection system that Jun Li from Qihoo360 presented in May at #HITB2016AMS
As we have seen in the past couple of years, car hacking is becoming an ever-greater threat. Many of the systems in our vehicles—and the standards to which they were designed—predate the connected car era. And so computerized vehicle systems lack some of the basic kinds of security that we would otherwise expect as default given the ramifications of a hack. The car-hacking problem gained widespread attention in July 2015, when hackers revealed that 1.4 million Chrysler and Dodge vehicles were vulnerable to an exploit—via the car's infotainment system—that could allow a malicious hacker to take over control of the vehicles' throttle, brakes, and even steering.
On Wednesday morning, Fiat Chrysler Automobiles (FCA) announced it has created a bug bounty program, using Bugcrowd's platform to allow the security community to inform it about possible exploits.
"We want to encourage independent security researchers to reach out to us and share what they’ve found so that we can fix potential vulnerabilities before they’re an issue for our consumers," said Titus Melnyk, senior manager of security architecture at FCA. "Exposing or publicizing vulnerabilities for the singular purpose of grabbing headlines or fame does little to protect the consumer. Rather, we want to reward security researchers for the time and effort, which ultimately benefits us all."
