GM to hire hackers to find bugs in car computers
Detroit Free Press
Highly computerized cars could mean consumers’ data is vulnerable or the driver safety might be endangered if car companies aren’t prepared to cut off any data breach or threat to cybersecurity at the pass.
General Motors is taking no chances. It’s bringing in those exact people who might do the infiltration to help thwart it.
In the upcoming weeks, GM will bring researchers, some of whom are professional computer hackers, to Detroit to offer them a bounty or cash payment for each “bug” they uncover in any of GM vehicles’ computer systems.
“We’ll show them the products, programs and systems for which we plan to establish these bug bounties. Then we’ll put them in a comfortable environment, ply them with pizza and Red Bull or whatever they might need … and turn them loose,” GM’s President Dan Ammann said at the Billington CyberSecurity Summit at Cobo Center in Detroit on Friday.
After that, GM will send these cybersecurity pros home with hardware to continue their research over many weeks, he said. The program, called Bug Bounty, will include about 10 researchers GM has hand-picked.
“They are white-hat researchers who we’ve established relationships with through our coordinated disclosure program,” Jeff Massimila, GM’s vice president of Global CyberSecurity, said.
“White hat” is Internet slang for an ethical computer hacker or computer security expert who specializes in penetration testing or other testing methods to help protect an organization’s information systems.
GM started its coordinated disclosure program two years ago, Mr. Massimila said. He said GM was one of the first automakers to embrace the work of white hat researchers for its products and programs. The coordinated disclosure program was open to anyone, but GM did not pay those researchers for any contributions. Instead, he said, GM built relationships and identified the 10 it would pay to fix the bugs.
GM presently employs about 450 people in the cybersecurity area, Mr. Massimila said. The Bug Bounty program will start before the end of the summer.