Tencent helps Toyota fix security vulnerabilities in Lexus NX300

Nikkei -- Nov 04

Toyota Motor has praised Chinese technology company Tencent Holdings for finding vulnerabilities in the computer system of its Lexus NX300 sport utility vehicle, shining a spotlight on "white hat" hackers.

In March, Toyota announced that vulnerabilities in the system had been discovered by Tencent Keen Security Lab, which warned that they could be wirelessly exploited by malicious hackers.

Tencent's cybersecurity research lab, consisting of professionals at finding vulnerabilities in computer systems, has been commended by American electric-vehicle maker Tesla and others.

Toyota said the vulnerabilities could not affect "control steering, braking, or throttle" and involved noncritical parts of the vehicle.

The biggest Japanese automaker maintains that the possibility of exploiting the bugs is low because an extremely sophisticated program is necessary. But Toyota had not been able to find the bugs itself.

The NX300 sold in Japan does not have the vulnerabilities, it said.

The announcement in March followed six months of work by Toyota to get rid of the bugs reported by Tencent.

Although Toyota did not pay a reward to Tencent, it offered to "acknowledge" the Chinese company's technological prowess.

Moves to rely on outside researchers and ethical computer hackers for finding security vulnerabilities in products and systems are increasing among corporations because, as in the case of Toyota, some weaknesses are revealed only through actual attacks.

The trend is attributable to an increase in "bug bounty" programs that pay individuals for finding and reporting bugs, especially those pertaining to security exploits and vulnerabilities. Compensation differs depending on the seriousness of the bugs.