General Motors Asks Hackers to Hack Their Cars

January 11, 2016, 3:00 PM UTC
A customer talks with a sales person near a Chevrolet truck on display in the showroom of a General Motors Co. dealership in Peoria, Illinois, U.S.
Photograph by Daniel Acker—Bloomberg via Getty Images

By the end of this year, General Motors will have more than 12 million connected cars on the road around the world. That’s a potentially huge cybersecurity hole if hackers ever found and chose to exploit any systems connected to the Internet.

Meanwhile, earlier this month General Motors quietly launched a program to connect the company with white hat hackers. Hackers who find security bugs or vulnerabilities can inform GM through a secure website portal hosted by HackerOne, a venture-backed security startup based in San Francisco.

The new portal is accessible through GM and from HackerOne’s directory.

“We’re putting a lot of technology into our cars,” says GM cybersecurity chief Jeff Massimilla. “There’s a responsibility obviously to put an appropriate level of security with those technologies.”

For now, white hat hackers (or researchers as they’re sometimes called) who notify GM of a potential security flaw will not be rewarded, but that could change, Massimilla says.

SIGN UP: Get Data Sheet, Fortune’s daily newsletter about the business of technology.

There are multiple entry points for hackers to gain remote access to a connected car, including through in-car entertainment, navigation, and advanced driver assistance systems.

White hat hackers Charlie Miller and Chris Valesek (now security lead at Uber Advanced Technologies Center) demonstrated in 2015 just how easy it is to hack a vehicle when they remotely took control of a Jeep Cherokee. The Jeep Cherokee hacking not only showed the weaknesses behind the SUV’s digital defenses, but also raised questions about what, if anything, other connected car manufacturers are doing to protect their vehicles.

A week later, hacker Samy Kamkar posted a video on YouTube that described a security flaw found in a mobile app for General Motors’ OnStar vehicle communications system. Kamkar built a device that could intercept communications between the OnStar RemoteLink mobile app and the OnStar service, allowing him to locate, unlock, and remote-start vehicles. The device could also give an attacker a car’s location, make, and model, as well as the power to unlock and remote-start the car.

GM fixed the problem after Kamkar reached out to the automaker.

WATCH IT: General Motors CEO Mary Barra talks about rebuilding consumer trust

“There wasn’t one single event that prompted this action,”Massimilla says. “We have been maturing our cybersecurity program within GM for sometime now. And as we’ve matured, we have had some interaction with researchers.”

GM’s contact with researchers has been positive so far, Massimilla added. “We just wanted to make it easier to interact with them.” GM isn’t the first major automaker to launch such a program. The considerably smaller all-electric automaker Tesla Motors has a bug bounty program, which issues rewards between $1,000 and $10,000.

Read More

Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward