Car Hacking Researchers will have to shell out $100000 for every instance of their car hacking exploit
Ethical hacking is considered to be the foundation of a good security system. How will a entity know the weaknesses it has unless a friendly third party gives the entity a thorough check. The same is the case with the modern day smart car. If such a smart car is hacked by malicious actors it can wreak havoc including causing fatalities, so isnt it better for security researchers/white hackers to subject it to vigourous hack tests?
No, the politicians in United States dont think so. If all things go according to these politicians, accessing an automobile’s computer systems or data without authorization may soon result in a six-figure fine in the US.
According to a draft bill (pdf) proposed by the House Energy and Commerce Committee on Wednesday, the authorities can impose a civil penalty of up to $100,000 to any person who accesses “without authorization, an electronic control unit or critical system of a motor vehicle, or other system containing driving data for such motor vehicle, either wirelessly or through a wired connection.”
The penalty would be applicable multiple times for each system accessed which means that if a researcher tries pentesting on multiple cars he/she would have to pay multiple fines.
While the proposed legislation is clear about the penalty part, it is unclear who would need to grant “authorization” or what “access” even constitutes, based on the text of the bill. An interpretation that determined that authorization could only be granted by the manufacturer would have wide-ranging implications for tinkerers, researchers, and mechanics alike. Presumably, this interpretation could mean that a car owner can’t access her own driving data without permission from the manufacturer. Another possibility is that a non-dealership mechanic would need clearance to use certain diagnostic equipment on a car.
The proposal to fine hackers for carjacking comes researchers have found security vulnerabilities in smart car computer systems. In July, two researchers revealed they were able to hijack a Jeep Cherokee wirelessly. In August, another researcher, Samy Kamkar was able to unlock and start OnStar equipped vehicles from GM.
The bill also calls for the creation of national standards and guidelines on securing the technology and data in automobiles.