Uber Hires Two Engineers Who Showed Cars Could Be Hacked


Photo

Charlie Miller, on the screen at left, and Chris Valasek hacked a Jeep Cherokee and put their picture on the navigation screen.

Credit
Whitney Curtis for The New York Times

Uber is continuing its hiring spree of top technical talent by recruiting two respected computer security engineers, Charlie Miller and Chris Valasek.

Mr. Miller and Mr. Valasek will work in Uber’s offices in Pittsburgh, where the company has based its self-driving car and robotics research. In a statement, Uber said the two men would work closely with Joe Sullivan, Uber’s chief security officer, and John Flynn, the chief information security officer, to “continue building out a world-class safety and security program at Uber.”

The hirings, which were earlier reported by Reuters, are the latest talent grab by the ride-hailing start-up, which is valued at more than $50 billion by investors and has raised more than $6 billion in private capital. This year, Uber hired Mr. Sullivan, a respected information security engineer, away from Facebook. And over the last year, the company has also systematically plucked talent from different divisions of Google, such as its mapping and geo units, poaching more than 100 engineers.

Uber, which is based in San Francisco, has made security a top focus this year after a breach of its computer systems in February. The breach potentially exposed the names and driver’s license identification numbers of as many as 50,000 of the company’s drivers.

The potential for breaches is escalating as cars transform into Internet-connected computers. A report from Verizon last November found that 14 car manufacturers accounted for 80 percent of the worldwide auto market, and each one has a connected-car strategy. Security experts say one remote hacking of an Uber vehicle could spell disaster for the ride-hailing company.

Mr. Miller and Mr. Valasek have made car hacking a focus. In August, the two demonstrated at the Black Hat and Def Con hacking conferences a way to control hundreds of thousands of vehicles remotely. Over the Internet, they were able to track down cars by their location, see how fast they were traveling and manipulate their blinkers, lights, windshield wipers, radios and navigation and, in some cases, control their brakes and steering.

Mr. Miller, a former “global network exploitation specialist” for the National Security Agency, most recently worked at Twitter. He was hired there after making a name for himself by exploiting Apple- and Android-powered devices.

Two years ago, he and Mr. Valasek turned their attention to cars, because cars were a more tangible target, they said, and because of the increasing momentum behind Internet-connected vehicles.

“I’ve been in security for more than 10 years, and I’ve worked on computers and phones. This time, I wanted to do something that my grandmother would understand. If I tell her, ‘I can hack into your car,’ she understands what that means,” Mr. Miller said in an interview last month.

“Also, I drive cars,” Mr. Miller added. “I would like them to be safe.”

In 2013, they described how they were able to take control of a Ford and a Toyota by plugging in a diagnostic port that could manipulate the speed and steering of the vehicles. Car manufacturers were not so concerned, given that someone would need physical access to the car to take control, and that just as much harm could be inflicted with a knife to the tires.

So the two instead focused on gaining remote access to cars, and discovered a vulnerability in a hardware chip that connected Fiat Chrysler cars to the Internet. From there, they discovered a way to crawl into another hardware chip that controlled the vehicles’ electronics, as well as its locks, windshield wipers, speedometer, lights and blinkers. Depending on how fast the driver was going, they could even engage and disengage the brakes and steering.

Last month, Fiat Chrysler issued a recall of 1.4 million vehicles after Mr. Miller and Mr. Valasek revealed the vulnerability.

Uber’s Advanced Technology Center, the name of its center in Pittsburgh, works on mapping, vehicle safety and autonomy, according to Uber’s website. The group works on developing safe critical software and hardware systems, analyzes system defects and identifies security problems. The company has said its autonomous car research is in its very early stages, and has said it considers the initiative a long-term bet.



Source link

About admin

Check Also

To Fit Into Silicon Valley, Wear These Wool Shoes

“We’re about the distillation of solutions, the refinement and crafting of forms in a maniacal ...

Leave a Reply

Your email address will not be published. Required fields are marked *