security


Hyundai Has Paid Out for Hack Information

Hyundai America President and CEO David L. Zuchowski

Hyundai America President and CEO David L. Zuchowski

In the wake of last week’s Wired.com report where security researchers Charlie Miller and Chris Valasek remotely took control of a 2014 Jeep Cherokee via its telematics system, the auto industry is now on cyber-security high alert. During a regional press preview for the new 2016 Tucson, Hyundai America President and CEO Dave Zuchowski was asked about it. As expected Zuchowski said that the safety and security of customers is always a top priority for the company but then went on to give a surprising response to my follow-up question.

When I asked Zuchowski if Hyundai would follow the lead of technology companies such as Facebook, Microsoft and Google and establish a bounty program for responsible disclosure of security vulnerabilities, he acknowledged that it was under consideration. In addition, he said that while Hyundai doesn’t have a formal program at this time, the company has previously paid researchers on an ad hoc basis for disclosing vulnerabilities. Zuchowski didn’t offer any additional details, but the acknowledgement that the company has gone down this path is a good thing.

I first proposed the idea of a bounty program to OEM contacts back in 2011 and have done it repeatedly since then to no avail and also wrote about it here nearly a year ago.


A new Microsoft security problem? 1

Yesterday Microsoft officially announced their new Zune audio player. This device is intended to compete with the market dominating iPod. They have come up with a 30GB player that is bigger and heavier than a 30GB iPod with a slightly larger screen. It also has a built-in FM radio and can play photos and video’s just like an iPod. zune The one real innovation and probably one of the driving forces behind the extra size and weight is the built-in wifi. Wifi takes a lot of power, so it will be interesting to see what kind of battery life this has, since Micorosft isn’t saying yet. Unfortunately, having wifi built-in doesn’t mean you can sync the device wirelessly, or use wireless headphones. It appears that the only thing you can do with the wireless is share music with friends who have Zunes, assuming any of your friends have a Zune, which may be a stretch. The share is also very limited. You can send any song on your Zune to any other Zune. However, the recipient of the Zune can only listen to the song three times. After three plays or three days, the song goes away. This has the potential to be an interesting feature even given it’s limitations.

However, remember that this is a product from Microsoft, a company notorious for security issues with it’s software products. Imagine that you have a player that can send a song file to any other similar player in the vicinity. How long do expect it will be before, someone devises a virus that can be packaged as an mp3 file that can be sent to all other Zunes in the area that automatically renders the Zune dead or just erases all the files on the device? I expect it will be 1-2 months, 6 months tops. Of course MS could add enough security features to minimize the chances of this. The problem is that this will probably render the sharing feature so cumbersome to use that it will be useless. It would be fun to have a device with built-in wireless. I just don’t trust Microsoft to do it without screwing it up.