The Canadian military, government and the Department of National Defence is reportedly in search for a contractor who can find vulnerabilities in their vehicle as well as develop and exploit those vulnerabilities in order to gain access to the vehicle.
According to a procurement data published by the Public Works and Government Services of Canada, the officials have planned to pay hundreds of thousands of dollars for this service to the qualified contractor.
For those readers who are not aware of the scenario, during this year’s DefCon and Black Hat USA security conferences a number of hackers and security researchers found vulnerabilities within the on-board system of the vehicles. By exploiting those vulnerabilities, hackers were able to remotely take complete control over the vehicle and manipulate the vehicle’s computerized sensors that control steering, braking, and acceleration too. The vehicle in question was a Jeep Cherokee manufactured by Fiat Chrysler Automobiles.
These serious security vulnerabilities and cyber attacks on public vehicle is the reason why military, government, the Department of National Defence, and the Defence Research and Development Canada are concerned about the security and safety of their vehicle’s automotive systems. Furthermore, if any vulnerability like the one mentioned above exists within their vehicle then it could put the lives of military officials at stake.
The objective published within the tender notice pointed out that the vehicles manufactured during 2014 might consist of more than hundreds of ECUs running millions of lines of codes to control a large number of sensors and actuators. These automotive computers exchange over 25 gigabytes of data an hour with Controller Area Network bus. These data are transmitted over wireless networks to communicate with elements located outside the vehicle such as the entertainment system or GPS.
While the hacking community has managed to find vulnerabilities within those wireless automotive systems and exploited those vulnerabilities to comprise the cyber security of the vehicles. And the military officials believe that hacking vehicles and gaining access to the automotive system are a serious safety concern for both, the people within the vehicle and the other people travelling on the road.
This is the reason why the need to study the vehicle’s automotive system arises. The military officials must need to be aware of the safety and security of the Electronic Control Units (ECUs) used within the vehicle so that they can assess the potential alleviation measures.
The Defence Research and Development Canada Valcartier (DRDC – Valcartier) Research Centre has not specified any detail about their vehicle and kept it private due to the sensitivity. The details would only be disclosed with the finalized and approved workers once the contract has been awarded.
The period of the contract would be from the date of signing the contract until the end of March 2020. Furthermore, the government has planned to offer $205,000 to complete the key responsibilities. However, further funding of up to $620,000 could be provided on request in order to further enhance and secure the automotive system of the vehicle. Additionally, the hired workers must need to work according to the terms outlined in the contract.