Posted on August 9, 2016
Fiat Chrysler Using Good Hackers to Eliminate Security Vulnerabilities
When an automobile manufacturer steps up to the plate to root out car hackers by hiring white-hat hackers to fight them, it's no small deal. That's exactly what Fiat Chrysler Automobiles is doing by getting the assistance of a tech firm based in San Francisco, Bugcrowd, to manage some organized hacking with a view to finding automotive software vulnerabilities.
The "Bug Bounty Program" is a contest being managed by Bugcrowd to try and find security flaws in the software in cars. This should come as a relief to Toronto drivers who, above all, want to be sure that your cars can never be stolen through a vulnerability in their internal computers. Essentially, the contest is a race to find ways that cars can be hacked into so that those weaknesses can be fixed. The ultimate goal is to eliminate all risk of successful car hacking in the future. This comes at a time when cars have become more complex as well as connected, causing automakers to make concerted efforts to secure them.
Fiat Chrysler's senior manager of security architecture, Titus Melnyk, says "we want to encourage independent security researchers to reach out to us and share what they've found so that we can fix potential vulnerabilities before it becomes an issue for our consumers." He indicated that the goal is to encourage good hackers to find security vulnerabilities before malicious bad hackers do.
Who doesn’t love a good hacker who can help? Good hackers, or "white hat hackers" are hackers with a cause, or rebels who want to do good in other words. It's a bonus for consumers to have them around, since hacking isn't really taught at school. It's just what some super-intelligent tech people have taught themselves to do, which is a good thing.
Not only has FCA initiated this white hacking program to discover automotive vulnerabilities, it will also share whatever they or Bugcrowd participants find. This is good news for car owners everywhere.
Watch how CBC describes the difference between “black-hat hackers” and “white-hat hackers” here: