| Auto industry risks security breaches by underpaying white hat hackers |
Automakers are so worried about vehicle and software security gaps that they are paying hackers to uncover vulnerabilities.
These bug bounty programs reward friendly digital invaders, known as white hat hackers, who look for breaches and notify automakers and suppliers of the problems — although the auto industry pays them considerably less for their efforts than some other sectors do.
Cybersecurity has become a major issue for the industry as cars increasingly rely on software, sensors and computers for operations, infotainment, automated driving and safety systems. Moreover, automakers are loading connectivity and subscription features that add to the digital vulnerabilities.
The number of publicly reported auto cyberattacks jumped 239 percent in 2022 compared with 2018, according to Israeli cybersecurity firm Upstream.
Automakers want to find problems before hostile hackers uncover vulnerabilities they can exploit, which could allow them to gain access to a driver's personal information or even control a car for ransom.
Last year, white hat hackers notified automakers of security gaps in customer files, back-end operations or both in BMW, Ferrari, Ford, Jaguar Land Rover, Mercedes-Benz, Porsche and Toyota systems and models. They also discovered flaws in SiriusXM's telematics service that breached Honda, Hyundai and Nissan vehicles.
Even more consumer data will be exposed in the coming years as automakers expand software-enabled services, said Andrea Amico, founder and CEO of Privacy4Cars, a company that helps dealerships clear personal data from vehicles. Hostile hackers will want that information, he said.
—Karn Dhingra
