Inside a Maryland warehouse last week, Tiffany Rad was teaching a few dozen young people how to break into cars.
It was nothing sinister — Rad is a security professional with a cool job: She hacks into cars full-time for Battelle, a research organization that is deep in the world of national security.
As part of her gig, she was encouraging high-school and college students to tap into the computer systems of four new sedans and hunt for security holes. Their work, she said, inspired research that will keep us all safer down the road.
That Rad’s position exists at all shows the changing nature of computer attacks. Hackers are expanding to the physical realm, as targets such as nuclear power plants, water systems and hospitals come under attack. Events like Battelle’s CyberAuto Challenge, a five-day event held last week, show the need to train security experts in new disciplines.
“Schools don’t teach this type of curriculum — I have computer science students who have never taken electronics,” Rad said in an interview. “This type of program is a safe way to do this type of research.”
As subversive as it sounds, teaching people how to hack into cars may help automakers stay ahead of criminals.
Battelle’s invitation-only gathering attracted students, government experts and even auto-industry professionals, who mingled and put in 12-hour work days at a U.S. Army facility where the event was held.
Only “white-hat” hackers — the opposite of criminal “black hats” — were allowed. The students examined the cars’ communications systems and were taught how to look for weaknesses. They didn’t find any new vulnerabilities, but if they had, they would have been required to notify the manufacturer, according to Battelle.
Earlier research from the University of Washington and the University of California at San Diego has shown serious vulnerabilities in the computer systems of cars. Others have demonstrated that they can steal cars by hijacking the alarm systems.
For the young hackers, part of the event’s appeal was that they didn’t have to buy the cars to fiddle with.
“Normally you don’t get to see this — industry plays around with it, maybe people who are a little more established,” said Luke O’Malley, a 20-year-old MIT student who attended the training sessions. “I won’t look at a car the same way anymore.”
Rad’s car-hacking work is an outgrowth of her earlier research. She was part of a team last year that inspected a correctional institution and found ways that hackers could open and close doors, suppress alarms and manipulate video surveillance feeds, all without stepping foot on the property.
She said she wants her students to think creatively about new types of threats. Few are scarier than the thought of criminals hijacking our cars when we’re driving them.
Her group gives a whole new meaning to “kicking the tires.”