Tesla’s new bug bounty protects hackers — and your warranty

Good news if you’re into hacking your car, you probably won’t void your warranty. The electric car giant confirmed the move in a tweet this week. Tesla’s product security policy now says that if, through “good-faith security research” you brick your car, the company will reflash the software over-the-air or at a service center. It’s […]

Good news if you’re into hacking your car, you probably won’t void your warranty.

The electric car giant confirmed the move in a tweet this week. Tesla’s product security policy now says that if, through “good-faith security research” you brick your car, the company will reflash the software over-the-air or at a service center.

It’s thanks to an overhaul of the company’s bug bounty program, which guarantees “safe harbor” to car owners who hack their cars, so long as they stay within the bounds of its rules.

It may not sound like much, but security researchers — whose job it is to find bugs and security flaws — say it’s a step in the right direction, and one that reduces the legal liability of hackers who have long argued that US cybersecurity hacking laws are far too restrictive.

The company also said it won’t bring copyright infringement claims of those working within its bug bounty rules, a legal tool used by some companies to stifle the publication of security research.

Tesla said the new bug bounty, which went into effect during the Def Con security conference last month, was in response to researchers who were concerned that hacking their cars might affect their warranty.

Bugcrowd chief technology officer Casey Ellis, which administers Tesla’s bug bounty, tweeted that the move “rings a very loud bell for the legitimacy of good-faith security research.”

Amit Elazari, a Berkeley Law School doctoral candidate and bug bounty legal expert, told TechCrunch that Tesla’s safe harbor move “is aimed to address the murkiness of the current legal landscape” during the past year where security researchers and reporters have faced threats and legal action.

“We have seen other manufacturers, like [tractor maker] John Deere, taking an aggressive approach against researchers, and even users, seeking to test — or even just repair — their equipment,” said Elazari. “I hope this step by Tesla would serve as a benchmark for others to follow, until we establish best practices in the industry and embrace the help of friendly hackers.”.

Tesla follows in the footsteps of other tech giants that have pushed for safe harbor exceptions for security researchers under its bug bounty.

Dropbox was one of the first to change its bounty program to better shield security researchers from legal action, and Mozilla joined months later to better protect bug bounty participants.