- The Washington Times - Wednesday, October 7, 2015

Car hackers are being courted by the Canadian military as part of a government-led initiative to better grasp automobile cybersecurity amid a rash of damning discoveries. 

The research arm of Canada’s Department of National Defense said in a solicitation request made public this week that cybersecurity experts are being sought out in order to help examine and exploit the potential weaknesses that apply to the increasing number of high-tech autos hitting the roads of the great white north.

“Cyberattacks on information technologies like personal computers and servers usually result mostly in immaterial damages like the loss, the alteration or the theft of information or money, and the disruption of operation. In the case of vehicular systems, cyberattacks are a more important concern since the safety of their users or the other users on the road might be at stake,” Defense Research and Development Canada wrote in its request for proposals.

Automobiles produced in 2014 contain upwards of 100 computers running millions of lines of code and capable of transmitting 25 gigabytes of personalized data every hour, the DRDC request reads, and accordingly the government says “There is a need to study the security of automotive vehicles, including understanding their vulnerabilities and assessing the potential mitigation measures.

“The first need, understanding the problem, requires appropriate tools and methodologies. The second need, studying mitigation measures, implies testing existing technologies and studying upcoming regulations and guidelines,” the request reads in part.

Specifically, the DRDC wants to hear from hackers who are interested in using specialized software to take vulnerabilities within a given automobile and develop exploits, which could then be leverage by DRDC in order to assess vehicle security standards and protocols, as well as to develop testing procedures for future models. Hackers have until October 27 to throw their hat in the ring and qualify for a government check worth as much as $620,000 if they can finish their research by March 2019.

SEE ALSO: Peeple, the ‘Yelp for People’ app, rethinks concept in the shadows after instant backlash

While the request explicitly states the research will involve developing “testing procedures that would allow[DRDC] to assess and/or certify the cyber security of an automotive vehicle,” other criteria suggests the Canadian military is looking for hacks that can help inflict damage as well.  

“The [contractor] must demonstrate that the exploits could potentially harm the vehicle and/or the safety of its driver/passengers, or cause any indirect damages like information gathering,” reads a portion of the paperwork. “Of course, this excludes any demonstration that would put the safety of the personnel of the Contractor or any other person at risk. 

The Toronto Star newspaper asked the DRDC for clarification with respect to clarifying whether the research will be used for offensive or purely defensive applications, but did not receive a response as of Wednesday this week.

Security researchers have so far this year demonstrated exploits that have allowed them to compromise vehicles ranging from the Tesla Model S to Jeep Cherokees, and the DRDC acknowledged in its request that these incidents pose a real likelihood of worsening in severity as cars become increasingly computerized.

Indeed, regulators south of the border have expressed the same concerns in recent months, especially after disclosures surfaced earlier this summer concerning vulnerabilities affecting autos made by Fiat Chrysler, the likes of which led the automaker to recall upwards of 1.4 million cars, including select Ram pickups, Dodge Viper sports cars and Jeep Grand Cherokees.

Andy Greenberg, a journalist for WIRED who first reported the Chrysler vulnerability, wrote in July that he experienced the fruits of the exploit firsthand when he got behind the wheel of a car that was soon after commandeered by researchers Charlie Miller and Chris Valasek

“The most disturbing maneuver came when they cut the Jeep’s brakes, leaving me frantically pumping the pedal as the 2-ton SUV slid uncontrollably into a ditch,” he wrote. The same day his article was published, U.S. Sens. Ed Markey and Richard Blumenthal, Democrats from Massachusetts and Connecticut, respectively, proposed legislation that would require the U.S. National Highway Safety and Transportation Administration and the Federal Trade Commission to implement new cybersecurity standards.

Copyright © 2019 The Washington Times, LLC. Click here for reprint permission.

The Washington Times Comment Policy

The Washington Times welcomes your comments on Spot.im, our third-party provider. Please read our Comment Policy before commenting.


Click to Read More and View Comments

Click to Hide