FCA and Tesla, manufacturers are interested in hackers ethical


The rise of the car connected to the Internet has advantages, but also disadvantages. In the same way that the owner or the manufacturer can control some functions remotely, it is also likely that a person less well-meaning attempt to access without permission. Depending on the level of access they have, it will be a problem of greater or less severity.

The thieves have traditionally used machine tools to access the cars today use a lot of electronics, and in the future they will all with computers, just not even need to be near. The best way to avoid that something like this can happen is shutting down any form of unauthorized access, and for that the manufacturers need outside help.

During the development of any solution of software, if you follow the precepts of the engineering, you have to test all the use cases so that there is no situation in which a system may have unexpected behavior, or fail. Unfortunately, design a system 100% safe is not simple to anything that has a bit of complexity.


Web Page of Bugcrowd, in which-figure FCA as a client (customer)

that is why we tend to delegate it to personnel external to the company to verify the robustness of the system, and try, and if problems are found, they are remedied. When this is entrusted to consultants or audit firms, the more likely it is that the customer pays by the hour and not by results. But there is a more cost effective solution.

last year, Tesla offered rewards of up to $ 1,000 to those who encountered failures in their systems, until a few hackers got to have access to some features of the Model S through a port to the local network (Ethernet) within the car itself. He could not storm the car from the outside, you had to be physically inside, but found no vulnerabilities. The manufacturer covered up those holes.

Tesla ended up offering up to $ 10,000 for anyone who found fault

We have another precedent, that of two hackers that were able to intervene remotely a 2014 Jeep Cherokee, and while I was a journalist from Wired on board, we did all sorts of capers without be on board. This discovery prompted a call to review millions of units to plug the security hole, since it could not be done all remotely. Getting there cost the hackers many hours of work, an outside company would have charged you a price of gold.

today, both Tesla as Fiat Chrysler Automobiles are customers of Bugcrowd, a company specialized in finding failures of safety through the hacking ethical. In other words, the customer will not retaliate if there is an access to your systems, and you will pay for the discovery, but does not have to pay for the effort it takes to get there. Up to 27.000 hackers can participate in the rewards program.

of course, those in charge of the audits does not give clues to the hackers, or tell them that they have to strain for this or that site, should be sought the life, just as you would a cracker. Will have to do many tests, hitting walls, digital, reverse engineering, and do the trial and error method your religion. So they managed to circumvent the protection of the Mitsubishi Outlander PHEV.

right Now the Tesla Model S is one of the hottest cars to test hackers than there are in the market, because when we discover a security hole, the manufacturer can update thousands of cars in very little time with updates via the Internet. And part of that armor is due to the hackers you managed to find any subterfuge to enter.

The theory of computer security says that no system is infallible or impregnable, except that it is completely unplugged and the physical access is impossible. The access may be complicate everything that you want, such as in the walls of medieval castles, but strength is always a weak point.

FCA will offer between 150 and us $ 1,500 reward

Progressively more manufacturers will be pointing to this trend, and will pay to those who contribute to make it more rocky and rugged systems, Web pages, cars, etc, The bad thing about this is that you will enter the same vicious circle of updates that are already suffering from the computers, consoles or mobile phones.

in The end, the client can end up thinking-and not without a certain reason – that the product that you purchased is a piece of shit, full of bugs, incomplete, and needs to be continually patched. On the other hand, we’re not going to be able to cite many examples of computer system that have come out in version “1.0” and have not needed any kind of improvement or correction. As this is the same thing.