Why is Uber hiring hackers?
The ride-sharing company has hired the two security researchers who demonstrated how to remotely hack a Jeep Cherokee last month.
Uber driver Karim Amrani sits in his car parked near the San Francisco International Airport parking area in San Francisco, Wednesday, July 15, 2015. Uber has hired the two security researchers who remotely hacked a Jeep Cherokee last month as part of the company's focus on driverless technology and vehicle security.
Jeff Chiu/AP Photo/File
Uber has hired a pair of hackers to work on vehicle security.
Starting next week, Charlie Miller, former security researcher for Twitter, and Chris Valasek, who worked at security firm IOActive, will join the ride-hailing company’s research team for self-driving technology and robotics, Reuters reported Friday.
The decision highlights growing concerns among security experts over wireless security, as cars become increasingly connected and move toward driverless technology.
“I think it goes without saying that if you don’t get security right, automated cars don’t get off the ground,” Woodrow Hartzog, a law professor at Samford University’s Cumberland School of Law and an affiliate scholar at Stanford Law School’s Center for The Internet and Society, told Fortune magazine in 2014. “If we have a mistake with some kind of cybersecurity with a car, we have an immediate physical threat.”
The threat increases with self-driving cars, said Eddie Schwartz, former vice president of global security solutions for Verizon's enterprise subsidiary and now president of digital security firm White Ops.
"For cars to be able to self-drive, they have to be able to negotiate with each other. You can't negotiate something like that without having some security principles behind it,” Mr. Schwartz told The Guardian last year. “So cars have to do basic things that we do with each other, like recognise each other.”
That technology leaves room for potentially millions of underlying security issues, he said.
In 2011, a team of researchers proved that by penetrating vehicle systems via Bluetooth and mobile data. Mr. Miller and Mr. Valasek have also previously hacked into a Ford Escape and Toyota Prius, The Associated Press reported. Last month, Wired chronicled them remotely hacking into and controlling a Jeep Cherokee using a flaw in the vehicle’s connectivity system.
Now the two men are set to take part in Uber’s Advanced Technologies Center, a research lab that the company opened in Pittsburgh earlier this year and has since filled with top scientists and researchers, many from places like Carnegie Mellon University and Google.
The goal, the company said, is “to continue building out a world-class safety and security program at Uber,” which has focused on developing both automated car technology and data security, according to The New York Times.
The potential for breaches is escalating as cars transform into Internet-connected computers. A report from Verizon last November found that 14 car manufacturers accounted for 80 percent of the worldwide auto market, and each one has a connected-car strategy. Security experts say one remote hacking of an Uber vehicle could spell disaster for the ride-hailing company.
The Advanced Technology Center is part of Uber's broader plan to focus on “research and development, primarily in the areas of mapping and vehicle safety and autonomy technology,” according to a company blog post in February.
“I’ve been in security for more than 10 years, and I’ve worked on computers and phones. This time, I wanted to do something that my grandmother would understand. If I tell her, ‘I can hack into your car,’ she understands what that means,” Miller told the Times.
“Also, I drive cars,” he added. “I would like them to be safe.”