Η FCA προτίθεται να ξεκινήσει να προσφέρει αμοιβή σε χάκερς οι οποίοι θα βρίσκουν αδυναμίες ασφάλειας στα λογισμικά των αυτοκινήτων της. Η εταιρία δήλωσε ότι θα επιβραβεύει τους χάκερς που θα την ειδοποιούν για τυχόν προβλήματα ασφαλείας μέσω της ιστοσελίδας bugcrowd.com, με ποσά που θα κυμαίνονται από 150 έως 1500 δολάρια.
Τον Ιούλιο του 2015, οι Charlie Miller και Chris Valasek, επαγγελματίες χακερς, τάραξαν τα νερά της αυτοκίνησης, όταν εκμεταλλεύθηκαν μια αδυναμία του λογισμικού ενός Jeep Cherokee του 2014. Κατάφεραν να ελέγξουν από απόσταση κάποια συστήματα του αυτοκινήτου την ώρα που το οδηγούσε ένας δημοσιογράφος.
Όπως είναι φυσικό, το γεγονός βγήκε στη δημοσιότητα και λίγες μέρες αργότερα η FCA ανανέωσε το λογισμικό του Cherokee αλλά και των μοντέλων που είχαν στον εξοπλισμό τους το σύστημα ψυχαγωγίας Uconnect με την οθόνη των 8,4 ιντσών. Λύθηκε έτσι το πρόβλημα ασφαλείας που είχε προκύψει.
Ο Titus Melnyk, επικεφαλής του FCA στο σχεδιασμό ασφάλειας των λογισμικών, δήλωσε ότι αυτό το πρόγραμμα επιβράβευσης, θα εστιάσει σε συστήματα που έχουν σχέση με τα αυτοκίνητα του ομίλου όπως είναι το Uconnect. Είπε επίσης ότι, παρόλο που η πρόοδος της εταιρίας είναι συνεχής, αυτή η οργανωμένη προσπάθεια, θα γίνει με σκοπό να δώσει κίνητρα σε ταλαντούχους χάκερς να βοηθήσουν επιπλέον το γκρουπ βρίσκοντας αδυναμίες ασφάλειας. Ο Melnyk σε δηλώσεις του είπε:
Υπάρχουν πολλά πράγματα τα οποία οι πελάτες μας μας έχουν επισημάνει μέσω της εξυπηρέτησης των πελατών που έχουμε και πλήθος από αυτά είχαν ιδιαίτερο ενδιαφέρον για εμάς.
Συμπλήρωσε λέγοντας:
To bugcroud.com είναι ένας εύκολος και επίσημος τρόπος ώστε να επικοινωνεί ο κόσμος με εμάς και να γνωρίζει τι είναι αυτά που μας απασχολούν.
Η Tesla τρέχει ένα πρόγραμμα επιβράβευσης των χακερς που την ειδοποιούν για τυχόν αδυναμίες ασφαλείας στο λογισμικό της και τα ποσά που δίνει κυμαίνονται από 100 έως και 10.000 δολάρια. Σύμφωνα με το bugcrowd.com η εταιρία έχει δώσει τουλάχιστον 132 αμοιβές σε χάκερς.
[learn_more caption=”Δελτίο Τύπου”]
FCA US Launches Bug Bounty Program to Advance Vehicle Cybersecurity
Bugcrowd Selected to Manage FCA US Bug Bounty Program
- FCA US first full-line automaker to offer “bug bounty” financial reward for discovery of potential vehicle cybersecurity vulnerabilities
- Program leverages Bugcrowd to enhance safety and security of FCA US consumers, their vehicles and connected services
- Up to $1,500 bounty paid per bug, depending on impact and severity
July 13, 2016 , Auburn Hills, Mich. – Reflecting the rapidly increasing convergence of connectivity technology and the automotive industry, FCA US LLC today announced the launch of a public bug bounty program on the Bugcrowd platform to enhance the safety and security of its consumers, their vehicles and connected services.
Please click the following links to view videos associated with this news release:
• FCA & Bugcrowd soundbites: https://youtu.be/LEyYDwXJDMc
• Bugcrowd – How it Works: https://youtu.be/-HT0bwStn9I
“There are a lot of people that like to tinker with their vehicles or tinker with IT systems,” said Titus Melnyk, senior manager – security architecture, FCA US LLC. “We want to encourage independent security researchers to reach out to us and share what they’ve found so that we can fix potential vulnerabilities before they’re an issue for our consumers.”
The FCA US bug bounty program (https://bugcrowd.com/fca) leverages Bugcrowd’s crowdsourced community of cybersecurity researchers to promote a public channel for responsible disclosure of potential vulnerabilities. FCA US believes that the program is one of the best ways to address the cybersecurity challenges created by the convergence of technology and the automotive industry. The Bugcrowd program gives FCA US the ability to: identify potential product security vulnerabilities; implement fixes and/or mitigating controls after sufficient testing has occurred; improve the safety and security of FCA US vehicles and connected services; and foster a spirit of transparency and cooperation within the cybersecurity community.
“Exposing or publicizing vulnerabilities for the singular purpose of grabbing headlines or fame does little to protect the consumer,” added Melnyk. “Rather, we want to reward security researchers for the time and effort, which ultimately benefits us all.”
Bugcrowd manages all reward payouts, which are scaled based upon the criticality of the product security vulnerability identified, and the scope of impacted users. A reported vulnerability could earn a bug bounty of $150 to $1,500.
“Automotive cybersafety is real, critical, and here to stay. Car manufacturers have the opportunity to engage the community of hackers that is already at the table and ready to help, and FCA US is the first full-line automaker to optimize that relationship through its paid bounty program,” said Casey Ellis, CEO and founder of Bugcrowd. “The consumer is starting to understand that these days the car is basically a two ton computer. FCA US customers are the real winners of this bounty program; they’re receiving an even safer and more secure product both now and into the future.”
FCA US may make research findings public, based upon the nature of the potential vulnerability identified and the scope of impacted users, if any. Last year, FCA US contacted customers about a potential vulnerability associated with certain radios; provided the software update and permanently closed remote access to the open port on the radio, eliminating the risk of any long-range remote hacking – all before issuing a recall.
“The safety and security of our consumers and their vehicles is our highest priority,” said Sandra Hosler, cybersecurity system responsible, FCA US LLC. “Building on a culture of safety, FCA US has developed a cross-functional team comprised of engineering, safety, regulatory affairs, and connected vehicle specialists who are dedicated to collaboration and engagement with a wide range of industry professionals to build security into our vehicles and products by design.”
About Bugcrowd Inc.
The pioneer and innovator in crowdsourced security testing for the enterprise, Bugcrowd harnesses the power of more than 30,000 security researchers to surface critical software vulnerabilities and level the playing field in cybersecurity. Bugcrowd also provides a range of responsible disclosure and managed service options that allow companies to commission a customized security testing program that fits their specific requirements. Bugcrowd’s proprietary vulnerability disclosure platform is deployed by Tesla Motors, The Western Union Company, Pinterest, Barracuda Networks and Jet.com. Based in San Francisco, Bugcrowd is backed by Blackbird Ventures, Costanoa Venture Capital, Industry Ventures, Paladin Capital Group, Rally Ventures and Salesforce Ventures. Bugcrowd is a trademark of Bugcrowd, Inc. Learn more at www.bugcrowd.com.
About FCA US LLC
FCA US LLC is a North American automaker with a new name and a long history. Headquartered in Auburn Hills, Michigan, FCA US is a member of the Fiat Chrysler Automobiles N.V. (FCA) family of companies. FCA US designs, engineers, manufactures and sells vehicles under the Chrysler, Jeep, Dodge, Ram and FIAT brands, as well as the SRT performance vehicle designation. The company also distributes the Alfa Romeo 4C model and Mopar products. FCA US is building upon the historic foundations of Chrysler, the innovative American automaker first established by Walter P. Chrysler in 1925; and Fiat, founded in Italy in 1899 by pioneering entrepreneurs, including Giovanni Agnelli.
FCA, the seventh-largest automaker in the world based on total annual vehicle sales, is an international automotive group. FCA is listed on the New York Stock Exchange under the symbol “FCAU” and on the Mercato Telematico Azionario under the symbol “FCA.”
[/learn_more]