Tesla Motors Inc To Award Hackers $1,000 In Bug-Hunting Scheme

Tesla Motors Inc To Award Hackers $1,000 In Bug-Hunting Scheme

Tesla Motors encourages hackers to find security flaws on its website by rewarding them with money

By Ghous Zaman on Jun 6, 2015 at 10:02 am EST

Tesla Motors Inc (NASDAQ:TSLA) will start rewarding hackers through a bug-hunting scheme, which will encourage people to report security problems on Tesla’s website. The program is official on a crowdsourcing company website, Bugcrowd.com which has already reported 22 bugs found so far.

Based on the severity of the security vulnerability, the security researchers will be paid any amount between $25 and $1,000. According to a Forbes report, such bug hunting schemes are a common practice among several tech companies, such as Google Inc (NASDAQ:GOOG), Facebook Inc (NASDAQ:FB), which have previously awarded as much as $22,000 and $33,000 to hackers. Apple Inc. (NASDAQ:AAPL) and AT&T are also amongst several companies which support reporting glitches for an exchange of prizes.

This bug bounty program is not new for Tesla Motors. Previously, the electric vehicle (EV) maker has been unofficially rewarding Hall of Fame perks to people uncovering security flaws. But this time the company wants to put it in a formal process.

"We are committed to working with this community to verify, reproduce, and respond to legitimate reported vulnerabilities. We encourage the community to participate in our responsible reporting process,” stated on Tesla Bugcrowd page.

People who want to participate for this program can report their identified security problems on tesla.com, and then wait for a “reasonable time” to allow the company to manage and fix the problem. The researchers are also asked not to disclose or share the reported glitch on public forums, until the company acknowledges the reported bug. Researchers are also asked to not access and change any of the data not belonging to them.

If hackers have found a security issue with Tesla vehicles, they are asked to report it at vulnerability@teslamotors.com. However the company has not mentioned any reward for this. As pointed out in a Forbes report, the bug bounty program does not yet include finding problems with Tesla vehicles, despite the company being informed about several issues with its EVs previously. Although Tesla Motors has not officially rewarded anyone pointing out security issues in its vehicles, a Chinese company, Qihoo 360, is known to have gotten $10,000 from Tesla for winning an informal hacking challenge.

A few months back, Tesla Motors warned customers not to tinker with internal automotive features of its vehicles to ensure driver safety. For this, Tesla Motors just issued a warning, but other automakers, such as General Motors Company (NYSE:GM), with partnership of Auto Alliance, have found a way to legally challenge anyone who wants to change the code in their own vehicle.

As reported by Forbes, executive partner at Independent Security Evaluators, Ted Harrington proposed the idea for increased collaboration between hackers and auto manufacturers to ensure security of connected cars.

“With lives at stake, auto manufacturers in the era of the connected car should consider robust security assessment a business-critical mandate,” said Mr. Harrington.

comments powered by Disqus