The demand for automotive cybersecurity researchers is outstripping supply as automakers continue to cram more and more computer-based technology into new vehicles.
This offers hackers more and more opportunities to breach systems in vehicles. Stories abound of vehicles being hacked in various scenarios, including one where a tech publication paid hackers to take control of a vehicle while driving.
The list of “definitely hacked” includes Fiat Chrysler, Volkswagen and Delphi Automotive, reports the Hill, the Washington D.C. based website focused on policy and political issues. Add Tesla and others to list as well.
The Hill’s list includes companies sponsoring the “Car Hacking Village” sub-conference, which is part of DEF CON, an influential cybersecurity conference in Las Vegas. The village is attracting more companies who are seeking researchers to help make auto vehicle systems more secure.
“This year it’s definitely bigger in terms of industry support,” said Casey Ellis, founder of Bugcrowd, one of the sponsors of the Car Hacking Village.
(Hyundai closes potential opening for hackers. To see how, Click Here.)
Bugcrowd runs programs to offer researchers rewards for submitting security flaws in products back to the manufacturers for repair. Its clients include Fiat Chrysler. Ellis said the fastest growing sector in programs like his, known as bug bounties, is automotive.
The interest Ellis told The Hill follows comes as the automobile manufacturers recognize dangers of their products being breached — “I like to say cars are two-ton, gas-powered mobile phones,” he said — but are not able to find qualified candidates for the work.
“Hacking cars is hard. It requires specialized equipment and knowledge, not to mention the car. That’s part of the reason [manufacturers] jumped into this. It’s a good way to access talent they would otherwise be unable to hire,” he added.
The gap between the number of needed and trained researchers will only grow, said Ellis predicted. For now, the industry is struggling to meet the needed security experts to work on automobiles specifically.
(Click Here for details about the fed’s plan for V2V technology.)
“We need to move researchers to automobiles,” said Tod Beardsley, director of research at Rapid7, another sponsor of the Car Hacking Village.
Rapid7 recently let researchers use its security testing tool Metasploit on automotive systems. Beardsley believes bringing familiar interfaces to automotive hacking will reduce the amount of learning time for a researcher to take up automobiles.
Ellis is approaching the issue from the other end. Bugcrowd is attempting to train automotive software designers and tweakers in security. Mazda sponsored a “capture the flag” contest in which the winner received a truck.
That competition tests “101 level things someone would need to know to work with cars,” said Ellis, who hopes it will inspire anyone looking to learn a new skill to come to the event.
(New legislation attacks cyber security. Click Here for the details.)
“The automotive industry has adopted security researchers in a big way. We just need more of them,” he said.