Opening up the program!
7/10/2024, 9:37:51 AM (5 months ago)

Dear colleagues,

We would like to inform you as our core bug hunters, that we're now aiming at opening this program to the public!

All opportunities such as in-vehicle hunting (last update), legal documents and scope are still valid. Feel free to write us at BugBounty@skoda-auto.cz, so we can set a date for your arrival before there's many requests for borrowing our vehicles! :)

There might be changes regarding the program description before we take this step, so please note that.

Looking forward to your next findings!

Anna

In-factory hacking option now available!
5/15/2024, 11:25:11 AM (6 months ago)

We are happy to announce the in-factory hacking option is finally available!

How does it work?

We have prepared some vehicles for you that are ready to be hacked on! Now you just need to come to us and let us pay you for your findings!

The list of vehicles to choose from:

  • SUPERB COMBI
  • KAROQ (2x)
  • ENYAQ (2x)
  • KODIAQ NF
  • FABIA
  • KAMIQ
  • SUPERB IV NF
  • SUPERB NF
  • OCTAVIA

We can’t promise all the vehicles to be available the whole time. They are used for other tests and research too. But we can work together and find a date when all you’d like to try to hack is ready

If you are interested in doing your research on our vehicles, pick the models you would like and reach out to us to our new email address:

BugBounty@skoda-auto.cz

Important info

Place: Our factory is in the heart of Europe – Czechia. The city of Mladá Boleslav is a hometown to Škoda Auto and the in-factory hacking would take place here. The vehicles need to stay inside the factory and cannot be moved.

Duration: The length of your stay depends on our agreement, but we are planning a few days (1-3) for each in-factory hacking action.

Number of researchers: You can come alone but also with some colleagues, we were planning to host up to three people at once, the pre-condition is - all of you need to be part of the official Škoda’s Bug Bounty program.

New agreements to sign: There will be 2 new papers for you to sign when coming here:

  1. First is just a regular Obligation of Secrecy for coming inside to the factory, which needs to be signed only at the first entrance.

  2. Second is the Handover Protocol, which will be signed each time we hand over the vehicle (from us to you, from you to us).

Both of the papers are available to download at the Rules of engagement part of this program, so you can study them in advance.

Feel free to include any questions to these documents to your e-mail when applying.

Please be aware, that your ID will be checked at the entrance to the factory, the T&C of Intigriti still apply as well as the 2 new signed agreements.

Covered costs

On top of the possibility to hack our cars and get paid for your findings, we wanted to make our Bug Bounty program even more interesting!

Therefore, we would first like to invite you for lunches to our great Škoda (Aramark) restaurant, each day you spend in the factory with us. The lunches are covered by us with the premise that you’d like to join us!

On top of that, we can offer you a free entrance to the Škoda Museum, and if interested, guided tours could also be booked for you.

Travel and accommodation costs are not covered by us at this moment.

Last words

By this activity, we would like to extend the hacking possibilities for those that don’t have access to Škoda vehicles. The details of the program, scope, bounties, and everything else stays the same.

Let’s get hacking!

I hope to hear soon from you at BugBounty@skoda-auto.cz! 😊

Anna

Welcome and 10% bonus on the first finding!
3/27/2024, 12:43:21 PM (8 months ago)

Welcome our new batch of researchers!

Since there has been no submissions so far, we would like to motivate you all by offering a 10% bonus on the first finding based on the bounties list.

If there are any issues or remarks with how our program is set up and your experience with it so far, we would love to receive some feedback from you! Please use the link here: Feedback.

Let's get this party started!

Links to MyŠkoda App
3/5/2024, 2:30:10 PM (9 months ago)
3/5/2024, 2:30:36 PM

Hi all,

We've heard there was some issue with finding the app. To help you, below are the links to AppStore and Google Play, otherwise you can find the app's ID in the Domains section of this program:

AppStore:
ID: 1632202810
https://apps.apple.com/cz/app/my%C5%A1koda/id1632202810

Google Play:
ID: cz.skodaauto.myskoda
https://play.google.com/store/apps/details?id=cz.skodaauto.myskoda&hl=en_US

Welcome!
3/5/2024, 9:43:52 AM (9 months ago)

Hello all,

On behalf of Car Security Incident Team and my colleagues from MyŠkoda App world, we are happy to welcome you to our first Bug Bounty program! In about two weeks, we shall also release the possibility to come hack our vehicles in Mladá Boleslav, so stay tuned! Meanwhile, we are ready for you, let us know if something is not clear from our program's description but most importantly, feel free to start hacking!

Good luck! :)

Anna