I own a car. It’s a 2012 Honda and it’s got some miles on it. It has its share of dings and scratches, and it smells like coffee. The car is only 5 years old, but it’s most likely seen as technologically-challenged in some people’s eyes.
Having the most technology-advanced car is priority number one for most major auto manufacturers. Consumers have come to expect cars with all the bells and whistles when they walk into a dealership. Keyless, self-driving, and advanced computer systems are all in play. But as the gadgetry in vehicles evolves, so does the skill it takes to hack into them.
Case in point: In 2015, a group of hacktivists were able to shut down the engine of a new Jeep while it was being driven. What’s even more striking is that they managed to do it without touching the vehicle. Yes, they hacked into the Jeep but they did it in a controlled setting with the intent to show how easy it can be for some people to bypass a car’s security; using a few well-placed key strokes and some decent Wi-Fi.
Now, if a couple of guys with time on their hands can hack into a car with relative ease, imagine what a domestic or foreign aggressor could do.
That’s where CanBusHack comes in. They're a group of hackers that toils day in day out testing and retesting the weak points in new car technology. CanBusHack hosted a “Car Hackathon” at the recent DefCon convention in Las Vegas. "We're just engaging the [hacking] community," said Robert Leale, of CanBusHack. "The goal is to bring everybody together in one spot, everybody talking, everybody having good conversations, and only good can come out of that I think."
With vulnerabilities in cars and technology pitfalls becoming an increasing reality, events like this one have gotten the attention of major car companies. This year, Mazda offered up a car at DefCon for community hackers. No rules, no conditions – they just wanted the hacking community to come together and attack the car from all sides with Mazda executives taking notes. The goal was to improve the safety and security of future cars.
“It’s a proactive space for us to work collectively with researchers and the experts in the field here, to try to find potential vulnerabilities or opportunities for us to both improve the safety as well as the consumer confidence in our vehicles,” said Tim Barnes of Mazda Cyber Security.
Mazda’s approach may be seen as unusual. Most companies are trying to keep hackers and outside technology experts out of their domain. Is it out of fear of giving away a competitive advantage? Perhaps. But hacktivists say they are prepared to work in tandem with manufacturers to help make car security as tight as can be.
Auto manufacturers are slowly warming up to the idea. But Mazda executives say they’re all in.
“We love hackers because I feel like the industry as a whole needs to do a better job of marrying the hacking community with the engineering community and bringing that separate expertise together in a more collaborative way,” said Jennifer Tisdale of Mazda Cyber Security.