Time to roll out the classics...
General Motors (GM) has opened a bug bounty program to allow hackers to report vulnerabilities in its vehicles. Vulnerability reporting guidelines are stringent; GM agrees not to "pursue claims" against researchers if bug hunters do not harm or violate the privacy of GM or its customers, drop a zero day, or breach criminal law …
Monday 11th January 2016 14:42 GMT Nocroman
Back in the day
Back in my days as a design engineering supervisor. GM used CGS, (corporate Graphics System 3D) which was pretty much an enclosed system for designers to use. All Vendors also used this system.EDS took care of the CGS system. Then it all went to hell when GM bought EDS tried to run it and failed. Then changed systems and went to Uni-graphics 2D.
The problem with hacking and viruses come with the Engineers and their office computers that are not used for design, which engineers put games, and are very non-vigilant about who's looking when they type in their passwords. Add to that fact that some engineers take home some work and do that work on their personal computers which have already been hacked. They make a disk and bring it back to work with the hackers set of instructions for accessing all new computers it finds it's way into.
Corporations need to start using finger prints of their employee's to access their computers. If an employee leaves, then finger print is immediately removed from the system. new employee, add to system. coupled with auto virus and malware scan on every file brought in to the system should eliminate pretty much most of the security breaches. Hackers are stopped as they do not have a valid finger print to access the system.
Monday 11th January 2016 15:25 GMT Teddy the Bear
Security in Cars? What a novel idea!
How on earth have motor manufacturers been so lax as to only be introducing bug bounties in 2015??
The new Astra TV ad (UK) goes on about the 4G hotspot which you can use to stream via the in-car entertainment system. I don't know what sort of testing has been done, but I sincerely hope that some white-hat gets stuck into it sharpish. Motor manufacturers have basically ignored all IT security on cars for years - about time something happened. I just hope it spreads across the industry.