Brent Snavely

Detroit Free Press

One year after Jeep was propelled into the headlines for car hacking concerns, its parent company, Fiat Chrysler Automobiles, is now asking so-called white-hat hackers to take their best shot at breaking into the automaker's software to find vulnerabilities.

If successful, they will get paid.

The Auburn Hills automaker said today it has enlisted the help of San Francisco-based Bugcrowd — a company that manages organized hacking — to create and manage the program.

What you should know about Fiat Chrysler shifters

Dubbed the "Bug Bounty Program," the contest could earn a hacker that finds a security flaw up to $1,500 each time he or she successfully identifies a previously unknown flaw.

Casey Ellis, founder and CEO of Bugcrowd, said the company has about 32,000 researchers who regularly participate in programs to test the security of corporate clients. His firm also works with Tesla Motors and other automakers he said he cannot disclose.

"You compete to find vulnerabilities," Ellis said.

The two companies provided this video, describing how the program works:

The announcement of the program comes as cars become more complex and connected and while automakers are taking more aggressive measures to make sure vehicles cannot be hacked.

FCA is launching the program almost exactly a year after two software engineers described in a Wired magazine article last July how they were able to hack into and take control over a Jeep Cherokee. No regular consumer's Cherokee has ever been known to be hacked.

Still, the Wired story generated global headlines and quickly prompted FCA to recall 1.4 million Jeep Cherokees to fix the software vulnerability discovered by the researchers.

Titus Melnyk, FCA's senior manager of security architecture, said today's announcement with Bugcrowd was unrelated to the anniversary and said it isn't simply designed to generate positive buzz to counter the bad publicity from a year ago.

“We want to encourage independent security researchers to reach out to us and share what they’ve found so that we can fix potential vulnerabilities before it becomes an issue for our consumers," Melnyk said.

Melnyk said the goal is to create a program that allows good hackers to discover vulnerabilities before malicious, or so-called black-hat hackers do.

Ellis said white hat hackers are motivated by a desire to feel like a rebel, while doing good at the same time. Some hackers make the equivalent of a good, full-time salary participating in Bugcrowd programs, Ellis said. Others participate for fun or to try to earn a little extra money.

Cybersecurity began to emerge as a hot topic in the automotive industry about three years ago when a group of manufacturers formed the Information Sharing and Analysis Center, or ISAC. That center is set up to rapidly share information on cybersecurity vulnerabilities across the industry.

Melnyk said FCA and Bugcrowd will share appropriate information, as it is discovered, with ISAC.

Contact Brent Snavely: 313-222-6512 or bsnavely@freepress.com. Follow him on Twitter @BrentSnavely.