Tesla rewards hackers with bug bounty
Fri 5 Jun 2015
Electric automaker Tesla has officially launched a bug hunting scheme, through which the company will reward hackers between $25 and $1,000 for finding security flaws in its website. A Forbes report explained that the programme is not yet available for its vehicles.
Security experts have praised the company CEO Elon Musk for encouraging opportunities to work with the hacker community to benefit both parties. Although a rough bug bounty programme was already in place, the new initiative has been designed to follow more formal processes.
A statement on the Tesla Bugcrowd page confirmed that it is committed to working alongside benevolent hackers to help create cybersecurity solutions to any flagged issues. It read: “We are committed to working with this community to verify, reproduce, and respond to legitimate reported vulnerabilities. We encourage the community to participate in our responsible reporting process.”
Those contributing in the programme and identify any bugs can report it on tesla.com and should leave “reasonable time” for the company to deal with the flaw before making it public.
The current prize offering at Tesla is shadowed by larger tech groups’ bounty, such as Google and Facebook who have offered rewards reaching up to $33,000.
If a glitch is found in a Tesla vehicle, hackers are urged by the firm to report it at [email protected], but it has not mentioned if it will reward for the discovery of these bugs.
Previously Tesla has been informed of problems by third parties but has never named or rewarded the individuals or groups. One known case however was Qihoo 360, who was awarded $10,000 for winning an informal hacking competition for breaching a vehicle’s system.
Ted Harrington, an executive partner at Independent Security Evaluators, argued that manufacturers should be exploring greater partnerships with the hacker community to secure connected vehicles.
“When it comes to security research, the stakes are the highest when human lives are involved,” he said.
Harrington continued: “Securing the connected car is about more than just protecting data; it is about protecting lives. In that vein, auto manufacturers should be going to extreme lengths to harden their systems against the most sophisticated adversaries.”