Hello our bug hunters!
We would like to thank you for staying with us on the journey of making our cars safer this year!
In the upcoming 2 weeks, due to the holidays, please expect possible delays when sending a new finding to us. Thank you for understanding!
What's up for next year?
We're looking into expanding the scope if this project, we'll keep you in the loop!
The possibility to come and hack on our cars is still open. If you're struggling with not having access to Škoda vehicle, please contact us! This year we had the pleasure of having 2 Bug Hunters visit us and deliver 3 findings! Thank you again for that activity!
I wish you all Happy Holidays and great start of 2025! :)
Anna
Dear colleagues,
We would like to inform you as our core bug hunters, that we're now aiming at opening this program to the public!
All opportunities such as in-vehicle hunting (last update), legal documents and scope are still valid. Feel free to write us at BugBounty@skoda-auto.cz, so we can set a date for your arrival before there's many requests for borrowing our vehicles! :)
There might be changes regarding the program description before we take this step, so please note that.
Looking forward to your next findings!
Anna
We are happy to announce the in-factory hacking option is finally available!
How does it work?
We have prepared some vehicles for you that are ready to be hacked on! Now you just need to come to us and let us pay you for your findings!
The list of vehicles to choose from:
- SUPERB COMBI
- KAROQ (2x)
- ENYAQ (2x)
- KODIAQ NF
- FABIA
- KAMIQ
- SUPERB IV NF
- SUPERB NF
- OCTAVIA
We can’t promise all the vehicles to be available the whole time. They are used for other tests and research too. But we can work together and find a date when all you’d like to try to hack is ready
If you are interested in doing your research on our vehicles, pick the models you would like and reach out to us to our new email address:
BugBounty@skoda-auto.cz
Important info
Place: Our factory is in the heart of Europe – Czechia. The city of Mladá Boleslav is a hometown to Škoda Auto and the in-factory hacking would take place here. The vehicles need to stay inside the factory and cannot be moved.
Duration: The length of your stay depends on our agreement, but we are planning a few days (1-3) for each in-factory hacking action.
Number of researchers: You can come alone but also with some colleagues, we were planning to host up to three people at once, the pre-condition is - all of you need to be part of the official Škoda’s Bug Bounty program.
New agreements to sign: There will be 2 new papers for you to sign when coming here:
First is just a regular Obligation of Secrecy for coming inside to the factory, which needs to be signed only at the first entrance.
Second is the Handover Protocol, which will be signed each time we hand over the vehicle (from us to you, from you to us).
Both of the papers are available to download at the Rules of engagement part of this program, so you can study them in advance.
Feel free to include any questions to these documents to your e-mail when applying.
Please be aware, that your ID will be checked at the entrance to the factory, the T&C of Intigriti still apply as well as the 2 new signed agreements.
Covered costs
On top of the possibility to hack our cars and get paid for your findings, we wanted to make our Bug Bounty program even more interesting!
Therefore, we would first like to invite you for lunches to our great Škoda (Aramark) restaurant, each day you spend in the factory with us. The lunches are covered by us with the premise that you’d like to join us!
On top of that, we can offer you a free entrance to the Škoda Museum, and if interested, guided tours could also be booked for you.
Travel and accommodation costs are not covered by us at this moment.
Last words
By this activity, we would like to extend the hacking possibilities for those that don’t have access to Škoda vehicles. The details of the program, scope, bounties, and everything else stays the same.
Let’s get hacking!
I hope to hear soon from you at BugBounty@skoda-auto.cz! 😊
Anna
Welcome our new batch of researchers!
Since there has been no submissions so far, we would like to motivate you all by offering a 10% bonus on the first finding based on the bounties list.
If there are any issues or remarks with how our program is set up and your experience with it so far, we would love to receive some feedback from you! Please use the link here: Feedback.
Let's get this party started!
Hi all,
We've heard there was some issue with finding the app. To help you, below are the links to AppStore and Google Play, otherwise you can find the app's ID in the Domains section of this program:
AppStore:
ID: 1632202810
https://apps.apple.com/cz/app/my%C5%A1koda/id1632202810
Google Play:
ID: cz.skodaauto.myskoda
https://play.google.com/store/apps/details?id=cz.skodaauto.myskoda&hl=en_US
Hello all,
On behalf of Car Security Incident Team and my colleagues from MyŠkoda App world, we are happy to welcome you to our first Bug Bounty program! In about two weeks, we shall also release the possibility to come hack our vehicles in Mladá Boleslav, so stay tuned! Meanwhile, we are ready for you, let us know if something is not clear from our program's description but most importantly, feel free to start hacking!
Good luck! :)
Anna