Canadian military to study hacking cars | Toronto Star
Canada’s military researchers are turning to hackers to find ways to defend — and exploit — motor vehicle computer systems.
Defence Research and Development Canada (DRDC) plans to hire security consultants to find vulnerabilities in a test vehicle’s computer systems, and to show the military how to defend against such attacks.
“Cyber attacks on information technologies like personal computers and servers usually result mostly in immaterial damages, like the loss, the alteration or the theft of information or money,” a request for proposals published Tuesday reads.
“In the case of vehicular systems, cyber-attacks are a more important concern since the safety of their users or other users on the road might be at stake.”
The total value of the contract is estimated at $620,000.
DRDC, the military’s cutting-edge research agency, said their need is twofold: they have to understand all the different ways a car can be hacked, and they need to develop countermeasures against those hacks.
The consultants will first be asked to find as many vulnerabilities as they can in a test vehicle’s system, and then develop “exploits” to take advantage of those vulnerabilities. The consultants will then be asked to develop countermeasures to defend against their own exploits.
The agency noted that cars built in 2014 can have up to 100 on-board computer systems running 60 million lines of code. Vehicles are also increasingly connected to other devices, like mobile phones, through both wired and wireless connections.
It may sound far-fetched that hackers could break into your car systems through your Wi-Fi connection. But two American security researchers earlier this year managed to control a Jeep Cherokee’s dashboard functions, transmission — even steering and breaks — by exploiting a vulnerability in the vehicle’s entertainment system.
The vulnerability led to the recall of 1.4 million vehicles in the U.S., after it was documented by Wired.
Dave Lewis, a global security advocate with Akamai in Toronto, said that there is “no shortage” of researchers looking into car vulnerabilities.
“It is a rather significant game of keep up,” Lewis said in an email to the Star. “The public should be aware that as cars become progressively more technologically advanced that security related events will happen.”
Lewis said the easiest way to defend against a car’s vulnerabilities is to disconnect it from wireless networks and limit the vehicle to physical interactions only — although he noted that might not be practical for the average person just trying to get from A to B.
So he recommended car owners pay attention to recalls associated with their vehicles’ computer systems, in addition to familiar issues like brake or airbag recalls.
DRDC expects the research to wrap up by March 16, 2016.
The Star requested an interview with DRDC for this article, including requesting clarification as to whether the military will use the research for offensive or purely defensive applications. The agency did not immediately respond to the questions.
Canada’s military researchers are turning to hackers to find ways to defend — and exploit — motor vehicle computer systems.
Defence Research and Development Canada (DRDC) plans to hire security consultants to find vulnerabilities in a test vehicle’s computer systems, and to show the military how to defend against such attacks.
“Cyber attacks on information technologies like personal computers and servers usually result mostly in immaterial damages, like the loss, the alteration or the theft of information or money,” a request for proposals published Tuesday reads.
“In the case of vehicular systems, cyber-attacks are a more important concern since the safety of their users or other users on the road might be at stake.”
The total value of the contract is estimated at $620,000.
DRDC, the military’s cutting-edge research agency, said their need is twofold: they have to understand all the different ways a car can be hacked, and they need to develop countermeasures against those hacks.
The consultants will first be asked to find as many vulnerabilities as they can in a test vehicle’s system, and then develop “exploits” to take advantage of those vulnerabilities. The consultants will then be asked to develop countermeasures to defend against their own exploits.
The agency noted that cars built in 2014 can have up to 100 on-board computer systems running 60 million lines of code. Vehicles are also increasingly connected to other devices, like mobile phones, through both wired and wireless connections.
It may sound far-fetched that hackers could break into your car systems through your Wi-Fi connection. But two American security researchers earlier this year managed to control a Jeep Cherokee’s dashboard functions, transmission — even steering and breaks — by exploiting a vulnerability in the vehicle’s entertainment system.
The vulnerability led to the recall of 1.4 million vehicles in the U.S., after it was documented by Wired.
Dave Lewis, a global security advocate with Akamai in Toronto, said that there is “no shortage” of researchers looking into car vulnerabilities.
“It is a rather significant game of keep up,” Lewis said in an email to the Star. “The public should be aware that as cars become progressively more technologically advanced that security related events will happen.”
Lewis said the easiest way to defend against a car’s vulnerabilities is to disconnect it from wireless networks and limit the vehicle to physical interactions only — although he noted that might not be practical for the average person just trying to get from A to B.
So he recommended car owners pay attention to recalls associated with their vehicles’ computer systems, in addition to familiar issues like brake or airbag recalls.
DRDC expects the research to wrap up by March 16, 2016.
The Star requested an interview with DRDC for this article, including requesting clarification as to whether the military will use the research for offensive or purely defensive applications. The agency did not immediately respond to the questions.