GM hires Jeep hackers to join Cruise Automation

Melissa Burden
The Detroit News

To help ensure the cybersecurity of self-driving cars, General Motors Co. has hired two well-known security researchers who hacked into a Jeep SUV.

Charlie Miller and Chris Valasek have been hired by GM subsidiary Cruise Automation, an autonomous vehicle software tech startup GM bought last year, Cruise founder and CEO Kyle Vogt confirmed in a tweet Friday.

A GM spokeswoman said Monday that Miller and Valasek also would be integrated into GM’s cybersecurity team led by Jeffrey Massimilla, chief product cybersecurity officer since 2014. They will work as software engineers.

“Miller and Valasek will be focused on the many challenges related to securing the autonomous vehicle ecosystem,” a GM spokeswoman said in an email. “Our cybersecurity mantra recognizes that in order to prevent the worst, you need to engage the best. We believe we can build more secure systems by bringing on the people who excel at defeating them. Protecting the safety and security of our customers is of utmost importance.”

The security researchers are known for their remote hack of a 2014 Jeep Cherokee that included disabling the SUV’s engine functions and controlling interior features such as air conditioning, locks and the radio.

The hack was detailed in a 2015 Wired magazine article and led to Fiat Chrysler recalling 1.4 million vehicles that were shown to be vulnerable to computer hacking. Owners of Jeeps, Chryslers, Dodges and Rams with vulnerable entertainment systems were sent a flash drive to upgrade vehicle software.

Valasek most recently was security lead at Uber Technologies Inc., according to his personal website. The Pittsburgh resident said on the website that he’s interested in automotive security research and reverse engineering, among other things. Miller most recently worked for Chinese ride-sharing company Didi Chuxing.

All automakers, including GM, have been ramping up cybersecurity efforts as self-driving vehicles inch closer to reality. Some, including Fiat Chrysler, have started to pay outside security experts bounties for their hacking information. Fiat Chrysler last year began to offer up to $1,500 bounties for information through a partnership with Bugcrowd Inc., a crowdsourced security-testing company.

GM in early 2016 bought San Francisco-based startup Cruise Automation to help it with autonomous vehicle software development. The Cruise team has grown from about 40 people in California to more than 100, and GM plans to hire 1,100 over the next five years.

The Detroit automaker has said it is giving Vogt responsibility for operations and financial performance of GM’s autonomous vehicle business.

GM and Cruise are testing more than 50 self-driving Chevrolet Bolt EVs in Metro Detroit, San Francisco and Scottsdale. The company recently built 130 more self-driving Bolt EVs that GM said in June would recently be deployed for testing in the three sites.

(313) 222-2319

Staff Writer Ian Thibodeau contributed.