Automakers warm up to friendly hackers at cybersecurity conference

79

At a conference where hackers can try picking locks and discover cyber vulnerabilities in a makeshift hospital, they can also endeavour to break into control units of cars and take over driving functions.
Those efforts at the DEF CON security convention in Las Vegas are sponsored by carmakers and suppliers who increasingly recognise the need to collaborate with white hat hackers – cyber experts who specialise in discovering vulnerabilities to help organisations.
Attendees visiting the car hacking site had to escape a vehicle by deciphering the code to open its trunk, control its radio volume and speed and lock doors through their computers.
“A big part of it is redefining the term ‘hacker’ away from criminal to make automakers understand we are here to make their systems more secure,” said Sam Houston, senior community manager at Bugcrowd, which recruits researchers for so-called bug bounty programmes at Tesla Inc,Fiat Chrysler Automobiles NV and other automakers.
Volkswagen, Fiat Chrysler and suppliers Aptiv PLC and NXP Semiconductors NV were among sponsors of this year’s car hacking village – as some did at previous DEF CON conventions.
Known for its sprawling resorts and casinos, Las Vegas once a year becomes the gathering place for thousands of cybersecurity enthusiasts who attend DEF CON and the preceding corporate Black Hat conference.
Weaving through revellers at Blackjack tables and beauty salons promising non-surgical face lifts, DEF CON expects at least 25,000 attendees by the end of the weekend.
At DEF CON, the largely male participants are not registered by name to protect privacy and attendees pay cash to receive a blinking badge featuring an exposed circuit board allowing them to complete tasks.
The conference provides an opportunity for enthusiasts to learn about car hacking, a resource-intense research field requiring specialised knowledge and preparation.
“Automotive provides a great challenge because systems are distinct from other security areas,” said Craig Smith, a security researcher who, together with Robert Leale, founded the car hacking village in 2015.
Leale and Smith said they witnessed a steady annual growth in participants.
More connections and technological features in modern vehicles increasingly attract security professionals from other research areas, said Aaron Cornelius, senior researcher at cybersecurity company Grimm. Cornelius was supervising a station where participants could hack into the control units of a 2012 Ford Focus.
Assaf Harel, chief scientist of Karamba Security, an Israeli company providing automotive security technology and working with car manufacturers and suppliers including Denso Corp and Alpine Electronics Inc said the hacking community opened the auto industry’s eyes.
“Carmakers have been discovering new issues with their traditional architectures thanks to white hat hackers, which highlighted security needs for carmakers and suppliers alike,” said Harel, who operated a station where hackers could modify a model traffic light.