ArrowArtboardCreated with Sketch.Title ChevronTitle ChevronEye IconIcon FacebookIcon LinkedinIcon Mail ContactPath LayerIcon MailPositive ArrowIcon PrintSite TitleTitle ChevronIcon Twitter
Technology

Google pays $1.5m to white hat hackers, Toyota says 'thanks'

Reluctance to compensate those who find flaws reflects Japan Inc.’s vulnerability

Unlike black hat hackers who attack systems for gain and to cause damage, white hat hackers seek to discover vulnerabilities in order to strengthen defenses.   © Reuters

TOKYO -- Companies such as Google and Apple are offering "white hat" hackers rewards of a million dollars or more to find flaws in their systems, while Japanese businesses including Toyota Motor provide only a polite "thank you" despite the growing role software plays in all aspects of industry.

Japan's shortcomings in cybersecurity have been well publicized. A malicious actor could shut down ventilation systems for entire buildings through old, insecure management systems, several hackers told Nikkei. ATMs at most regional banks have the potential to be accessed through outside computers as well.

"We could even change deposit balances," one hacker said.

More companies now regard generous rewards to white hats, or ethical hackers, as being cheaper in the long run than risking a cyberattack that damages their brands. But Japan remains far behind the curve.

Toyota gives its thanks to outside hackers who discover bugs on its website -- but not in its vehicles. The automaker offers no monetary rewards. Technology companies such as  NEC and Fujitsu have no rewards schemes for white hat hackers at all.

"Culturally, Japanese companies don't like to admit that they have problems," a source familiar with the issue said.

Many U.S. and European companies aggressively court white hat collaborators. Google said at the end of November that it would pay as much as $1.5 million to hackers who find remote-control vulnerabilities for Android devices, up from a cap of $200,000. The new figure is the highest ever promised publicly by a corporation.

Apple bolstered its bounty to $1 million from $200,000. Tesla and Fiat Chrysler Automobiles offer $15,000 and $7,500, respectively, while Starbucks has a cap of $4,000. Asian companies are part of the trend as well, with Singaporean ride-hailing app Grab offering $10,000.

The average reward for discovering cyber vulnerabilities has jumped 70% worldwide in two years to $3,380 in 2018, according to U.S.-based HackerOne.

Sponsored Content

About Sponsored Content This content was commissioned by Nikkei's Global Business Bureau.

You have {{numberArticlesLeft}} free article{{numberArticlesLeft-plural}} left this monthThis is your last free article this month

Stay ahead with our exclusives on Asia;
the most dynamic market in the world.

Stay ahead with our exclusives on Asia

Get trusted insights from experts within Asia itself.

Get trusted insights from experts
within Asia itself.

Get Unlimited access

You have {{numberArticlesLeft}} free article{{numberArticlesLeft-plural}} left this month

This is your last free article this month

Stay ahead with our exclusives on Asia; the most
dynamic market in the world
.

Get trusted insights from experts
within Asia itself.

Try 3 months for $9

Offer ends July 31st

Your trial period has expired

You need a subscription to...

  • Read all stories with unlimited access
  • Use our mobile and tablet apps
See all offers and subscribe

Your full access to the Nikkei Asian Review has expired

You need a subscription to:

  • Read all stories with unlimited access
  • Use our mobile and tablet apps
See all offers
NAR on print phone, device, and tablet media