Automakers warm up to friendly hackers at cyber security conferenceAugust 12, 2019
Car hacking village takes off at DEF CON.
At a conference where hackers can try their hand at picking locks and discover cyber vulnerabilities in a makeshift hospital, they can also endeavour to break into the control units of cars and take over driving functions.
Those efforts at the DEF CON security convention in Las Vegas this weekend are sponsored by carmakers and suppliers that have increasingly recognised the need to collaborate with so-called white hat hackers – cyber experts who specialise in discovering vulnerabilities to help organisations.
Attendees who visited the car hacking site had to escape a vehicle by deciphering the code to open its trunk, control its radio volume and speed, and lock the doors through their computers.
“A big part of it is redefining the term ‘hacker’ away from that of a criminal to make automakers understand that we’re here to make their systems more secure,” said Sam Houston, senior community manager at Bugcrowd, which recruits researchers for so called bug bounty programs at Tesla Inc, Fiat Chrysler Automobiles NV and other automakers.
Volkswagen AG, Fiat Chrysler and suppliers Aptiv PLC and NXP Semiconductors NV were among the sponsors of this year’s car hacking village – as some have done at previous DEF CON conventions.
“Automotive provides a great challenge because the systems are distinct from other security areas,” said Craig Smith, a security researcher who, together with Robert Leale, founded the car hacking village in 2015.
Leale and Smith said they witnessed a steady annual growth in participants.
More connections and technological features in modern vehicles also increasingly attract security professionals from other research areas, said Aaron Cornelius, senior researcher at cyber security company Grimm. Cornelius was supervising a station where participants could try to hack into the control units of a 2012 Ford Focus.
Assaf Harel, chief scientist of Karamba Security, an Israeli company that provides automotive security technology and works with car manufacturers and suppliers including Denso Corp and Alpine Electronics Inc, said the hacking community has opened the auto industry’s eyes.
“Carmakers have been discovering new issues with their traditional architectures thanks to white hat hackers, which highlighted security needs for carmakers and suppliers alike,” said Harel, who operated a station where hackers could try to modify a model traffic light.