The Canadian Military Wants to Learn How to Hack Cars
Research focuses on hijacking networks in new-model pickups
The article originally appeared at Motherboard.
The Canadian government is looking for someone who can hack a car, and will pay them hundreds of thousands of dollars to do it.
A procurement request published by Public Works and Government Services states that the Canadian Department of National Defense is looking for a contractor that can “find vulnerabilities and security measures” in vehicles and “develop and demonstrate exploits” for the military.
The vehicle to be hacked is a 2015 pickup truck, the tender states, although the exact make and model are considered sensitive. The contractor’s job will be to analyze every part of the truck and “develop as many exploits as possible.” The contractor will also need to demonstrate that the hacks could actually hurt someone, or result in an attacker gathering information, with exploit source code to be delivered later next year.
The work will use and build upon existing software developed at the Defense Research and Development Canada facility in Valcartier, Quebec. The software, referred to as “CANpy” in the tender, is capable of “data logging” and “interacting with the bus.” While it’s not clear exactly what CANpy will be used for in the research, it sounds a Hell of a lot like the basis for a hacking tool.
It’s not surprising that the Canadian military wants to learn how to hack cars, and potentially prevent others from doing the same to them. While attacks on computers and servers often have few physical consequences — although substantial personal, social and financial ones — when it comes to cars, the tender states, “cyber-attacks are a more important concern” because someone could actually get hurt.
More importantly, the government is already behind the hackers. The tender refers to vulnerabilities in the Controller Area Network (CAN bus) — a vehicle’s internal computer network — as being the main focus of the work. Last year, security researchers Charlie Miller and Chris Valasek exploited the CAN bus in a Jeep hack that resulted in more than one million cars being recalled. Spanish security expert Javier Vazquez-Vidal also built an iPhone-sized device last year that can hijack a CAN bus.
After the tender is awarded, the Canadian military will be hacking cars until March of 2019, and plans to spend $825,000 CAD on the project.