Canadian military is looking for talented car hackers

Oct 10, 2015 14:44 GMT  ·  By

The Canadian Military is offering 637,000 USD for any contractor willing to hack and then improve the defenses of one of its vehicles, a 2015 pickup truck, used by its forces to transport troops and equipment.

On Tuesday, October 6, the Canadian Department of National Defence has put out a public contract notice seeking for security contractors, for which it will be waiting applicants until October 27.

The contractors will be required to hack one of its vehicles, and optionally, at the military's request, provide patches and security fixes for the car.

The notice does not give details about the type of vehicle the hackers/contractors are supposed to break into, but CBC News, a Canadian TV station says it's a 2015 pickup truck whose technical details and specifications are kept private until the research is finished.

According to the official contracting specifications, the hackers will be asked to:  

  • Characterize an automotive vehicle
  • Find vulnerabilities and security measures
  • Develop and demonstrate exploits
  • Conduct Synthesis
  • Identify potential mitigation measures that could prevent the exploit of vulnerabilities on the vehicle
  • Test mitigation measures
  • Develop testbed of some vehicular functions for lab study
  • Develop testing procedures and conduct field trials
  • Assess vehicle security standards and protocols
  • Develop cyber security standard testing procedures

Canadian government is paying for hacking the car and the subsequent security patch

All parties that apply will be paid 158,000 USD (205,000 CAD) for hacking the truck, and an additional 479,000 USD (620,000 CAD) for defensive measures that can be used to mitigate their attacks.

CBC News also contacted Chris Valasek, a security researcher known for hacking a Jeep Cherokee, and then taking full control over the car. Mr. Valasek said the prices offered by the Canadian government are what the security market usually values these types of jobs, but closer to its low end.

Valasek also said that by closely watching over the hacking sessions, the Canadian government could obtain (and pay) for the know-how to perform car hacks itself.