Network Security, Vulnerability Management

Car hackers’ appearance on the ‘Today’ show was important because they were on the ‘Today’ show

Twice during his appearance on Monday morning's 'Today' show on NBC, host Carson Daly turned to security researcher Chris Valasek and said: "I'm glad you guys are on our side."

It may have been the most important sentence anyone uttered during the five-minute segment.

Valasek and Charlie Miller (or, Dr. Miller, as Valasek referenced the legendary iOS white-hat hacker as) were on the program's set to demonstrate how they can compromise the internal computing system of a test Ford Escape to manipulate the car's speedometer and control its steering wheel. The pair will formally present the research on Friday morning at the annual DefCon gathering in Las Vegas.

And while the NBC segment certainly underscored for the mainstream how vulnerable to digital attack network-connected automobiles are – the goal, of course, is to get car manufacturers to take security more seriously – there was another positive consequence.

Anytime white-hat hackers (those dedicated to finding vulnerabilities before the bad guys do) can appear on national TV and be framed in a positive light, never mind be praised by the host – Valasek even looks and dresses like Daly – it will go a long way toward improving a public perception of security researchers that remains in serious need of nursing.

"I think people fear the unknown," Trey Ford, general manager of Black Hat, the hacking conference that will precede DefCon this week, told me recently. "There's this spooky factor. There's a certain taint these guys are smeared with. You're fighting a moniker and a fear of the unknown." 

So it's no surprise the public has sat idly by over the last two years as federal prosecutors prepared overzealous hacking cases under the comically outdated Computer Fraud and Abuse Act (CFAA) against researchers like (now-deceased) Aaron Swartz and (now-jailed) Andrew "Weev" Auernheimer.

And it's also no surprise that some readers' comments on the death last week of Barnaby Jack, 35, who was set to deliver a talk on hacking pacemakers at Black Hat, were laced with a mixture of confusion, ignorance and hate.

Jack is no different than Valasek or Miller. He could have just as easily been on the 'Today' show set. Anyone speaking at Black Hat or DefCon could have too. Cars just happen to be cool.

But know this, people of the world: Security researchers usually have full-time jobs where they get paid to tinker with software, hardware and services. They may proudly consider themselves hackers. They may tend to have big egos and get flashy about their discoveries. And they may occasionally demand to be paid big bucks for finding bugs.

But the end result of their work is almost always consumer advocacy, aka your best interests.

Be happy they're around. Be happy they're motivated much more by good than by greed. Be happy they often catch stuff before the bad guys do. They are your personal watchdogs.

And while, as Errata Security's Robert Graham argues, it may never be possible to transform the term "hacker" into a meaning that is positively embraced by the public, there is no denying that a hang with Carson Daly helps.

[hm-iframe width="520" scrolling="no" height="432" frameborder="0" src="https://outsidelens.scmagazine.com/video/Two-experts-demonstrate-carjack/player?layout=&read_more=1"]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.