After Johan Postema bought his Tesla Model S in 2013, he decided to connect it to his laptop just for kicks. After poking around in Tesla's software code, he discovered a number of software bugs and ended up corresponding regularly with Tesla Motors about vulnerabilities he found and potential fixes.
"I didn't know what to expect," said Postema, an IT contractor based in the Netherlands. "I like to figure out how things work, and a Tesla was a very fun object to work on."
Postema's tinkering was just the beginning of what has become an industry practice relying on strangers around the world to identify and report software vulnerabilities in vehicles. Since mid-2015, automakers such as Tesla, General Motors and Fiat Chrysler Automobiles have launched "bug bounty" programs, inviting coders to find and report vulnerabilities in their vehicle software.
Both Tesla and FCA -- which run their campaigns on Bugcrowd, an online hacking community -- offer monetary rewards to hackers who find weaknesses that lead to software repairs. GM's program is hosted on bug bounty site HackerOne, but it does not offer financial rewards. Ride-hailing company Uber also has a program, which rewards $5,000 for bugs that could result in defacing the webpage and $10,000 for discovering malicious bugs that could take over Uber accounts.
Hackers who participate in these programs must agree to nondisclosure terms to not publicize the vulnerabilities they found.
As of Sept. 23, Tesla has issued 151 rewards and FCA has issued 45, according to Bugcrowd. GM has resolved 267 reports submitted by participants in its campaign, according to its HackerOne page.
Tesla's open-reporting system "protect[s] our systems against vulnerabilities by constantly stress-testing, validating, and updating our safeguards," a company spokeswoman said in a statement. Spokespeople from GM and FCA did not respond to requests for comment.
Postema's involvement with automotive cybersecurity was purely a coincidence of owning a Tesla, he said. "I'm not really interested in hacking cars specifically. If it's a car, it's a car; if it's a lightbulb, it's a lightbulb."