Why is Uber hiring hackers?

The ride-sharing company has hired the two security researchers who demonstrated how to remotely hack a Jeep Cherokee last month.

|
Jeff Chiu/AP Photo/File
Uber driver Karim Amrani sits in his car parked near the San Francisco International Airport parking area in San Francisco, Wednesday, July 15, 2015. Uber has hired the two security researchers who remotely hacked a Jeep Cherokee last month as part of the company's focus on driverless technology and vehicle security.

Uber has hired a pair of hackers to work on vehicle security.

Starting next week, Charlie Miller, former security researcher for Twitter, and Chris Valasek, who worked at security firm IOActive, will join the ride-hailing company’s research team for self-driving technology and robotics, Reuters reported Friday.

The decision highlights growing concerns among security experts over wireless security, as cars become increasingly connected and move toward driverless technology.

“I think it goes without saying that if you don’t get security right, automated cars don’t get off the ground,” Woodrow Hartzog, a law professor at Samford University’s Cumberland School of Law and an affiliate scholar at Stanford Law School’s Center for The Internet and Society, told Fortune magazine in 2014. “If we have a mistake with some kind of cybersecurity with a car, we have an immediate physical threat.”

The threat increases with self-driving cars, said Eddie Schwartz, former vice president of global security solutions for Verizon's enterprise subsidiary and now president of digital security firm White Ops.

"For cars to be able to self-drive, they have to be able to negotiate with each other. You can't negotiate something like that without having some security principles behind it,” Mr. Schwartz told The Guardian last year. “So cars have to do basic things that we do with each other, like recognise each other.”

That technology leaves room for potentially millions of underlying security issues, he said.

In 2011, a team of researchers proved that by penetrating vehicle systems via Bluetooth and mobile data. Mr. Miller and Mr. Valasek have also previously hacked into a Ford Escape and Toyota Prius, The Associated Press reported. Last month, Wired chronicled them remotely hacking into and controlling a Jeep Cherokee using a flaw in the vehicle’s connectivity system.

Now the two men are set to take part in Uber’s Advanced Technologies Center, a research lab that the company opened in Pittsburgh earlier this year and has since filled with top scientists and researchers, many from places like Carnegie Mellon University and Google.

The goal, the company said, is “to continue building out a world-class safety and security program at Uber,” which has focused on developing both automated car technology and data security, according to The New York Times.

The potential for breaches is escalating as cars transform into Internet-connected computers. A report from Verizon last November found that 14 car manufacturers accounted for 80 percent of the worldwide auto market, and each one has a connected-car strategy. Security experts say one remote hacking of an Uber vehicle could spell disaster for the ride-hailing company.

The Advanced Technology Center is part of Uber's broader plan to focus on “research and development, primarily in the areas of mapping and vehicle safety and autonomy technology,” according to a company blog post in February.

“I’ve been in security for more than 10 years, and I’ve worked on computers and phones. This time, I wanted to do something that my grandmother would understand. If I tell her, ‘I can hack into your car,’ she understands what that means,” Miller told the Times.

“Also, I drive cars,” he added. “I would like them to be safe.”

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Why is Uber hiring hackers?
Read this article in
https://www.csmonitor.com/USA/USA-Update/2015/0830/Why-is-Uber-hiring-hackers
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe