Uber has hired two engineers who recently showed cars could be hacked.
The ride sharing company is continuing its hiring spree of top technical talent by recruiting two respected computer security engineers, Charlie Miller and Chris Valasek, the New York Times reported. Miller and Valasek hit the headlines in July after demonstrating a way to hack into a Jeep Cherokee’s Uconnect system to control critical components, including the engine and brakes. The hack prompted Jeep maker FCA to recall 1.4m vehicles and regulatory scrutiny of both the automaker and radio supplier Harman. Miller reportedly last week resigned from Twitter.
The Times said Miller and Valasek would work in Uber’s offices in Pittsburgh, where the company has based its self-driving car and robotics research. In a statement cited by the newspaper, Uber said the two men would work closely with Joe Sullivan, Uber’s chief security officer, and John Flynn, the chief information security officer, to “continue building out a world-class safety and security program at Uber”.
The New York Times noted the hirings were the latest talent grab by the ride-hailing start-up, which is valued at over US$50bn by investors and has raised more than $6bn in private capital. This year, Uber hired Sullivan, a respected information security engineer, away from Facebook. And over the last year, the company has also systematically recruited from different divisions of Google, such as its mapping and geo units, poaching more than 100 engineers.
The report also noted Uber, based in San Francisco, has made security a top focus this year after a breach of its computer systems in February. The breach potentially exposed the names and driver’s licence identification numbers of as many as 50,000 of the company’s drivers.
The NYT also cited a report from Verizon last November found that 14 car manufacturers accounted for 80% of the worldwide auto market, and each had a connected-car strategy. Security experts have said one remote hacking of an Uber vehicle could spell disaster for the ride-hailing company.
Miller and Valasek last month demonstrated – at the Black Hat and Def Con hacking conferences – a way to control hundreds of thousands of vehicles remotely, the report added. Over the Internet, they were able to track down cars by their location, see how fast they were traveling and manipulate their turn indicators, lights, wipers, radios and navigation and, in some cases, also control brakes and steering.
Miller is a former “global network exploitation specialist” for the US government's National Security Agency and was recruited by Twitter after making a name for himself by exploiting Apple- and Android-powered devices, the New York Times added.
Two years ago, he and Valasek turned their attention to cars, because cars were a more tangible target, they said, and because of the increasing momentum behind internet-connected vehicles.