ArrowArtboardCreated with Sketch.Title ChevronTitle ChevronIcon FacebookIcon LinkedinIcon Mail ContactPath LayerIcon MailPositive ArrowIcon PrintIcon Twitter
Technology

Tencent helps Toyota fix security vulnerabilities in Lexus NX300

Intensifying cyberattacks put 'white hat' hackers in the spotlight

Researchers at Tencent Keen Security Lab discovered vulnerabilities in the computer system of Toyota Motor's Lexus NX300 sport utility vehicle. (Photo courtesy of  Toyota)

TOKYO -- Toyota Motor has praised Chinese technology company Tencent Holdings for finding vulnerabilities in the computer system of its Lexus NX300 sport utility vehicle, shining a spotlight on "white hat" hackers.

In March, Toyota announced that vulnerabilities in the system had been discovered by Tencent Keen Security Lab, which warned that they could be wirelessly exploited by malicious hackers.

Tencent's cybersecurity research lab, consisting of professionals at finding vulnerabilities in computer systems, has been commended by American electric-vehicle maker Tesla and others.

Toyota said the vulnerabilities could not affect "control steering, braking, or throttle" and involved noncritical parts of the vehicle.

The biggest Japanese automaker maintains that the possibility of exploiting the bugs is low because an extremely sophisticated program is necessary. But Toyota had not been able to find the bugs itself.

The NX300 sold in Japan does not have the vulnerabilities, it said.

The announcement in March followed six months of work by Toyota to get rid of the bugs reported by Tencent.

Although Toyota did not pay a reward to Tencent, it offered to "acknowledge" the Chinese company's technological prowess.

Moves to rely on outside researchers and ethical computer hackers for finding security vulnerabilities in products and systems are increasing among corporations because, as in the case of Toyota, some weaknesses are revealed only through actual attacks.

The trend is attributable to an increase in "bug bounty" programs that pay individuals for finding and reporting bugs, especially those pertaining to security exploits and vulnerabilities. Compensation differs depending on the seriousness of the bugs.

Bounty programs have been introduced by many companies and government agencies. Google bumped up its top reward to $1.5 million for reporting operating-system bugs last year. Starbucks coffee in the U.S. asked hackers to discover bugs in its customer-information system and others. The U.S. Department of Defense paid $290,000 to hackers in a campaign to solicit cyberattacks on the U.S. Air Force in October and November 2019.

In 2019, leading bug bounty platform HackerOne paid a total of $40 million to white hat hackers.

Japanese companies are also introducing bounty programs. Sony Interactive Entertainment in June announced the launch of a program to pay up to $50,000 to individuals who discover and report security vulnerabilities in the PlayStation 4 console. SIE has since paid a total of $280,000.

SIE previously sought support from white hat hackers in a closed-door manner but has started the program to gather reports on a broader basis.

Nintendo and Line, a messaging app operator, have increased their bounties.

Businesses are seeking support from some 600,000 hackers registered with HackerOne.

More than 70% of IT engineers in Japan work for Fujitsu, NEC and other IT companies, according to Information-Technology Promotion Agency, Japan, an independent administrative body.

In the U.S., less than 40% of IT engineers are regularly employed, and many of the rest hop from company to company, marketing themselves for high pay by finding security glitches.

In 2019, Santiago Lopez, a 19-year-old Argentine, became a bug-bounty millionaire. The self-taught hacker, with four years of experience, has discovered over 1,600 bugs for Twitter and other corporations and earned more than $1 million in bounties from them.

New kinds of malware and information on corporate security vulnerabilities sell for tens of dollars apiece on dark websites. Concern about the frequent occurrence of increasingly sophisticated cyberattacks is growing beyond business sectors.

Self-driving technology, among others, requires deep knowledge of IT and hardware. And with more medical equipment connected to the internet, cyberattacks on hospitals are increasing sharply.

Seeing cyberattacks from different viewpoints is effective in finding security vulnerabilities to forestall them. The role of ethical hackers will likely keep growing.

Additional reporting by Nikkei staff writers Akinobu Iwasawa, Tadatsugu Shimazu, Yoshihiro Hara, and Go Sakurai in Tokyo.

Sponsored Content

About Sponsored Content This content was commissioned by Nikkei's Global Business Bureau.

You have {{numberArticlesLeft}} free article{{numberArticlesLeft-plural}} left this monthThis is your last free article this month

Stay ahead with our exclusives on Asia;
the most dynamic market in the world.

Stay ahead with our exclusives on Asia

Get trusted insights from experts within Asia itself.

Get trusted insights from experts
within Asia itself.

Try 1 month for $0.99

You have {{numberArticlesLeft}} free article{{numberArticlesLeft-plural}} left this month

This is your last free article this month

Stay ahead with our exclusives on Asia; the most
dynamic market in the world
.

Get trusted insights from experts
within Asia itself.

Try 3 months for $9

Offer ends October 31st

Your trial period has expired

You need a subscription to...

  • Read all stories with unlimited access
  • Use our mobile and tablet apps
See all offers and subscribe

Your full access to Nikkei Asia has expired

You need a subscription to:

  • Read all stories with unlimited access
  • Use our mobile and tablet apps
See all offers
NAR on print phone, device, and tablet media

Nikkei Asian Review, now known as Nikkei Asia, will be the voice of the Asian Century.

Celebrate our next chapter
Free access for everyone - Sep. 30

Find out more