Revenge of the Nerds: OEMs Pay Hackers Less Than Most Other Industries
Most readers will remember Dennis Nedry from the first Jurassic Park movie, a computer subcontractor who brought down the entire park for numerous reasons – most of which had to do with money. In other words, John Hammond seemed to have “spared no expense” except for Nedry's services, and therefore Nedry ruined the entire project.
A new report suggests that some car companies may be acting in a similar manner – at least when it comes to the amount of cash they’re paying computer experts to find bugs in their code.
Seeing Ghosts: Self-driving Cars Aren't Immune From Hackers
Autonomous vehicles “feel” the road ahead with a variety of sensors, with data received sent through the vehicle’s brain to stimulate a response. Brake action, for example. It’s technology that’s far from perfected, yet self-driving trials continue on America’s streets, growing in number as companies chase that elusive driver-free buck.
In one tragic case, a tech company (that’s since had a come-to-Jesus moment regarding public safety) decided to dumb down its fleet’s responsiveness to cut down on “false positives” — perceived obstacles that would send the vehicle screeching to a stop, despite the obstacle only being a windblown plastic bag — with fatal implications. On the other side of the coin, Tesla drivers continue to plow into the backs and sides of large trucks that their Level 2 self-driving technology failed to register.
Because all things can be hacked, researchers now say there’s a way to trick autonomous vehicles into seeing what’s not there.
Wrecked Cars Are Now a Treasure Trove of Personal Information
As cars grow more dependent upon computer-controlled driving aids and automakers implement permanent internet connectivity, we’ve grown increasingly concerned with how automakers handle their customer’s data.
It sounds conspiratorial, but there’s a series of events to hang the tinfoil hat on. In 2017, General Motors announced it had successfully monitored the listening habits of 90,000 motorists in a study aimed at improving marketing insights. It also rejiggered OnStar and introduced the Marketplace app for seamless in-car purchasing options. Our take was that it was as impressive as it was ominous — and GM is only leading the charge into a what analysts believe will eventually become a multi-billion dollar industry.
Naturally, this led to privacy concerns over how automakers will protect customer data on future models. But we might want to start worrying about the cars we have now. A couple of white-hat hackers (those are the good ones) recently probed the internal computer networks of wrecked and salvaged Teslas and found a mother lode of personal information waiting inside.
Hackers Digitally Invade Tesla Model 3, Winning One
Computer experts successfully broke a Tesla Model 3 at the “Pwn2Own” hacking event held recently in Vancouver. However, Tesla Motors isn’t biting its nails over someone finding vulnerabilities in its system, as it was privy to the plan. The automaker has operated a “bug bounty program” for the past 4 years, rewarding anyone who can pull it off — going so far as saying it wouldn’t void a vehicle’s warranty if a customer successfully hacked it in “good faith.” It even offered a maximum reward of $15,000 (USD) last year.
Meanwhile, the group that managed to break the Model 3 in Canada this month received more than a sack of cash from the automaker.
Uber Paid Hackers to Delete the Stolen Data of 57 Million People
In the midst of Uber Technologies’ corporate restructuring and cultivation of a squeaky-clean new image, the ride-hailing company was apparently hiding a dark secret. Striving for transparency, the company has now confessed that hackers stole the personal information of 57 million customers and drivers in October of 2016.
The coverup, apparently conducted by the firm’s chief security officer and another staff member, involved over $100,000 in payments to the hackers in the hopes to keep them quiet. The data lost included names, email addresses, and phone numbers of around 50 million Uber riders across the globe. Another 7 million drivers were also subjected to the digital attack, with over half a million of those losing their driver’s license numbers.
Yes, Your Autopilot-Equipped Tesla Will Film a Crash
It’s common knowledge that Tesla vehicles store and transmit data back to the company’s Fremont, California home base, but a hacker working on a wrecked Model S just discovered something startling.
In an interview published by Inverse (h/t to Hybrid Cars), North Carolina computer programmer Jason Hughes claims that Tesla’s Autopilot system actually records video. While working on a center display unit from a wrecked Model S, Hughes found footage of the vehicle’s crash.
100 Million Volkswagen Group Vehicles Can Be Unlocked With a Cheap Hacking Device
Two decades’ worth of Volkswagen Group vehicles are vulnerable to a simple, cheap hack that can unlock their doors.
A research paper released this week (first reported by Wired) describes how multiple Volkswagen, Audi, Seat and Skoda models built since 1995 can be unlocked using a handmade radio that copies key fob signals.
Hackers Burrow Into a Jeep Again - Will FCA Give Them $1,500?
The same two guys who brought you last year’s remote hacking of a Jeep Cherokee on a Missouri highway (and resulting 1.4 million vehicle recall) are at it again.
This time, Charlie Miller and Chris Valasek entered the same Cherokee’s electronic brain, bypassing security software to gain control over key driving functions, according to Wired.
Security Experts Say Fiat Chrysler's 'Bug Bounty' Reward Isn't Big Enough
Fiat Chrysler Automobiles will give you up to $1,500 to find weaknesses in its vehicles’ security, but cybersecurity experts want the automaker to pony up more dough.
After the company announced its industry-first “bug bounty” program on July 13, many professional hackers say FCA’s reward isn’t enough to attract real talent in the search for software breaches, Forbes reports.
Fiat Chrysler Will Give You Cash to Find Cyber Threats
In a few weeks, after Pokémon Go jumps the shark and we all head back to our homes for nights of solitude, Fiat Chrysler Automobiles will offer another opportunity for high-tech geekery. And a lucrative one, too.
Announced today, the automaker will hand tech-savvy individuals cold, hard cash in return for information on weaknesses in its vehicles’ cybersecurity. Exposing a hidden backdoor that hackers could sneak through will net you up to $1,500.
Jeep and Ram Owners in Houston Targeted by Laptop-Wielding Thieves
It looks like car thieves in Houston have found a way to break into (and make off with) Jeep and Ram vehicles without using a slim jim, crowbar or screwdriver.
Surveillance video from a Houston garage shows a Jeep Wrangler being methodically commandeered by a man using a laptop and tablet. After last year’s remote-control Grand Cherokee incident, this is another hacker-related headache for Fiat Chrysler Automobiles.
Stupidity, Laziness Are Connected Car Security's Weak Links
My email address is firstname.lastname@example.org, and this XKCD comic is a very real part of my life. Others confuse me for all sorts of other Wallachs out there in the world. I’ve been invited to bachelorette parties in New York, received electronic court filings from Florida, and recently I got something new: an email welcoming me to my new Lexus that invited me to take part in exclusive consumer surveys.
Of course, I didn’t recently purchase a Lexus, and there was no “hey, wrong email address” button anywhere to be found. So what did I do? I “forgot” my password, logged in to someone else’s Lexus account, and figured out who actually owned the Lexus. After all, they’d probably want to know.
Life in Prison for Car Hacking? Michigan Takes the First Steps
Relax, Your Car Will Soon Be Safe From Revenge-Driven Extortionist Hackers
Apparently, it’s Technology Tuesday here at TTAC, so we can bring you news of a device that will kick your deeply held fears to the curb.
Vehicle hacking has been an issue ever since a Jeep Cherokee had its steering, transmission and brakes commandeered last summer, and an Israeli firm is now offering protection against keyboard warriors, according to CNBC (via Business Insider).
Apparently All Cars Can Be Hacked Now: Insurance Dongle Edition
Hackers say they may be able to control any vehicle with a telematics-enabled sensor — including a popular sensor that insurance companies use for consumers — plugged into the car’s diagnostic port, according to Wired report (via The Verge).
In recent weeks, several hacks have surfaced — Chrysler, General Motors and Telsa — related to specific automakers. According to the report, the On-Board Diagnostic system hack could apply to any make or model fitted with an insurance or tracking dongle. The University of California San Diego researchers say they’ll present their findings at the Usenix conference Tuesday.
And, um, there’s no easy way to put this, but … it doesn’t appear that it would be all that hard to find cars with the dongles at the moment.