With vehicles getting increasingly digital, carmakers are warming to White Hat cyber security professionals who scour for vulnerabilities in transportation systems before Black Hat hackers exploit them for commercial or other gains.
In a significant development, carmakers are boost efforts to discover lurking vulnerabilities in their increasingly digital car offerings from helpful and friendly hackers.
At the DEFCON security convention in Las Vegas, carmakers are collaborating with White Hat hackers in order to discover cyber vulnerabilities which can be exploited by blackhat hackers to break into cars and potentially take control of the vehicle’s driving features.
Attendees who visited were placed in a vehicle’s trunk and they had to escape from it by deciphering the code which opens trunk; they also had to control the car’s radio volume and speed, as well as lock its doors by using their computers.
“A big part of it is redefining the term ‘hacker’ away from that of a criminal to make automakers understand that we’re here to make their systems more secure,” said Sam Houston, senior community manager at Bugcrowd, which recruits researchers for so called bug bounty programs at Tesla Inc, Fiat Chrysler Automobiles NV, and other automakers.
Carmakers, including Fiat Chrysler, Volkswagen AG along with carparts suppliers Aptiv PLC and NXP Semiconductors NV were the sponsors of this year’s car hacking village.
Every year, Las Vegas is the home to tens of thousands of cybersecurity enthusiasts who attend DEFCON as well as the preceding corporate Black Hat conference.
This year, at least 25,000 attendees are expected to be at DEFCON events at Las Vegas.
The cyber security conference provides a rare opportunity for professions as well as enthusiasts to learn about security issues, including car hacking.
“Automotive provides a great challenge because the systems are distinct from other security areas,” said Craig Smith, a security researcher who, together with Robert Leale, founded the car hacking village in 2015.
According to Leale and Smith, they have witnessed a steady annual growth in participants.
With more cars increasingly getting more digitalised and complex, professionals and enthusiasts from the cyber security community are focussing their research in this sector, said Aaron Cornelius, senior researcher at cybersecurity company Grimm.
At DEFCON, Cornelius was supervising a station where participants are encouraged to try and hack into the control units of a 2012 Ford Focus.
According to Assaf Harel, chief scientist of Karamba Security, an Israeli startup that provides automotive security technology, the hacking community has opened the eyes of the auto industry.
“Carmakers have been discovering new issues with their traditional architectures thanks to white hat hackers, which highlighted security needs for carmakers and suppliers alike,” said Harel, who operated a station where hackers could try to modify a model traffic light.