Monday, January 11, 2016

General Motors Encouraging People to Hack Its Cars

GM Renaissance Center headquarters in Detroit
-The increasing presence of connected tech in modern cars is forcing automakers to deal with problems they’ve never experienced before, like cybersecurity. This summer, car hacking came to the fore with a report in Wired about two cybersecurity researchers who managed to remotely hack a Jeep Cherokee. Now, GM is encouraging this sort of cybersecurity research.

It quietly began a bug-bounty program last week that encourages independent hackers to report any cybersecurity flaws found in GM cars.

Bug-bounty programs are set up by tech companies for cybersecurity researchers to report bugs found in exchange for some sort of reward. These programs encourage the work of so-called “white-hat” hackers, who hack for the greater good, rather than personal profit. Currently, Tesla Motors is the only other automaker with such a program, offering hackers $100 to $10,000 for reported bugs.

GM’s program isn’t quite as full-fledged as Tesla’s, but GM’s chief cybersecurity officer Jeff Massamilla told Ars Technica that GM will consider rewarding cybersecurity researchers. Think of this as a trial run before GM decides to do something more full blown.

Before the existence of this program, it was much more difficult to report bugs to GM. When hacker Samy Kamkar found a major vulnerability in OnStar last summer, he mentioned in an interview for Mashable that it was easy to work with GM in disclosing his findings, but hard to find the right person to work with.





A bug-bounty program, even in its nascent stages, makes it much easier for white-hat hackers to disclose bugs to GM. If other automakers are serious about cybersecurity, they’d be wise to consider following in GM’s and Tesla’s footsteps.

This story originally appeared on Road & Track via Ars Technica.


from Car and Driver Blog http://blog.caranddriver.com/general-motors-encouraging-people-to-hack-its-cars/


No comments:

Post a Comment