The Defence Research and Development Canada (DRDC) is turning the hackers to exploit its cars to examine how vulnerable they are to hack. The department is offering $825K as a bounty to reward hackers for finding vulnerabilities and developing and proving attacks on Canadia Tire Ice Truck.
On 7th October, a tender notice from the Canadian military was posted on the official website of the Canadian government. Tender says that the Defense Department is waiting for the hackers who can hack a car, find weaknesses and develop and prove attacks on it.
Earlier this year, we’ve seen UK officials fearing on smart/driverless cars’ hack, and vulnerability found in Zubie (a third party car device), which was patched by cyber experts though.
The tender from the Canadian government is not all about discovering vulnerabilities and demonstrating the attacks, though. The tender notice is twofold, hackers who can find the weaknesses in the CAN and computers and proving how they can be hack will get $205K. The remaining $620K is for extra efforts, including patches for the vulnerabilities that can protect the car’s (in fact, Tire Ice Truck of Canada you can say) systems from the hackers.
The hackers will initially be asked to discover as many weaknesses as they can in a trial car’s system, and then develop “hacks” to take benefit of those weaknesses. The hackers will then be requested to develop patches to protect against their hacks.
DRDC noted that trucks built in 2014 and highly connected with other devices, like smartphones, via both wireless and wired connections can be soft targets.
The attackers could access into your vehicle via your wireless connection, it may sound unbelievable. But two researchers from America managed to hack a jeep transmission, dashboard functions, breaks, and steering – via finding the loophole in the jeep’s system, earlier this year.
A global security researcher, Dave Lewis said:
“It is a rather significant game of keep up. The public should be aware that as cars become progressively more technologically advanced that security related events will happen.”
Until now, only one company has shown its interest on the tender notice. Chris Valasek (a person behind Jeep hack) told the CBC that DRDC is asking for a lot of work, but the pay scale is not that much. In American dollars, it is about $475K for “extras” and $157K for “initial tasks”.
On the other hand, Microsoft announced a bug bounty program for its latest version of Windows 10 a few month ago that rewards up to $100K to find out only one vulnerability.
The Defence Research and Development Canada expects the investigation to wrap by 16th of March 2016.
Featured/Top Image: By Youtube.