Canadian military seeks hackers to build exploits and defences against connected car cyberattacks

Canada's military is concerned the advent of connected cars with state-of-the-art computer systems and internet access will see a rise in cyberattacks, and is now looking to hire hackers to help them understand all the ways a car can be hijacked.

Defence Research and Development Canada (DRDC), the Canadian military's research agency, published an official request for interested companies to submit proposals on improving cyber security in automotive systems on Tuesday 6 October, according to the Toronto Star.

"Cyberattacks on information technologies like personal computers and servers usually result mostly in immaterial damages, like the loss, the alteration or the theft of information or money," DRDC wrote in the proposal. "In the case of vehicular systems, cyberattacks are a more important concern since the safety of their users or other users on the road might be at stake."

Up to 100 computers in connected cars today

The researchers stress a car produced in 2014 now includes up to 100 computers – also known as Electronic Control Units (ECU) – running 60 million source lines of code, 145 actuators and 75 sensors. The ECUs exchange up to 25GB of data every hour, but since the car has wireless communication capabilities, this opens up a whole new ballpark of trouble.

The contract up for offer is estimated to be worth CA$620,000 (£311,506, $476,685) and will require the chosen security contractor to be able to exploit and improve software developed by the DRDC that was coded in Python and works on Linux.

"In the last three years, the hacking community has demonstrated many times the possibility to compromise the cybersecurity of cars," the DRDC wrote. "There is a need to study the security of automotive vehicles, including understanding their vulnerabilities and assessing the potential mitigation measures.

"The first need, understanding the problem, requires appropriate tools and methodologies. The second need, studying mitigation measures, implies testing existing technologies and studying upcoming regulations and guidelines."

Hackers can kill engines and hijack steering wheels remotely

There have been several high-profile stories in the media about security researchers demonstrating how easily they can hack into a variety of connected cars.

In particular, Wired's Andy Greenberg allowed hackers Charlie Miller and Chris Valasek to hack into a Ford Escape and a Toyota Prius as the writer drove them around a car park in 2013, deliberately disabling the brakes, commandeering the steering wheel and honking the horn.

Then in July, the same hacking duo deliberately slowed Greenberg's Jeep Cherokee down to a crawl in the middle of a busy motorway by toying with the vehicle's transmission. As part of the carefully staged demonstration, they were able to hijack the car's digital display to show a picture of themselves and mess with dashboard functions, air conditioning and window wipers.