US should pay hackers who find threats, says analyst

CIA Mr Geer develops technology for US security agencies

Related Stories

The US government should pay hackers who indentify significant cybersecurity threats, a respected risk analyst has proposed.

Dan Geer said large bounties would prevent the vulnerabilities from ending up in the hands of criminal gangs or hostile authorities.

Mr Geer, whose tech firm assists the CIA, was referring to previously unknown security flaws, for which a patch is not yet available.

They are often used in cyber-warfare.

Tech news site the Register reported that Mr Geer, who made the suggestion in a keynote address at the Black Hat cybersecurity conference in Las Vegas, said the tactic would only work if there were few vulnerabilities in existence.

"If there are many vulnerabilities, then we've wasted our money," he reportedly said.

Could airport security be hacked?

"But if there are a limited number, by making them not weaponisable have we not contributed to world peace?

"The US can corner the market in this in a way few other countries can."

Mr Geer added that the government should consider paying 10 times more than anyone else would for the vulnerabilities.

Once a patch was found, authorities should make the vulnerabilities public, he advised.

Hotel take-over
Starwood Hotels Jesus Molina was able to hack the network of a Chinese hotel

Other cybersecurity experts unveiled their research at the annual conference.

Jesus Molina explained how he had taken over a hotel in Shenzhen, China, after hacking into the central system via a guest iPad in his room.

Mr Molina said he was able to control the rooms' temperature, lighting and even the hotel doors.

Another cybersecurity professional, Billy Rios, claimed to have found multiple vulnerabilities in the tech used by the US Transportation Security Administration (TSA) in airports.

He said he could gain access to the TSA's X-ray machines, as well as a system that tracks employees' shift changes and the scanners used to detect hazardous materials in luggage or clothing.

"They all have major issues," Mr Rios told the BBC.

However a representative of the company that develops the airport technology, Morpho, denied the devices were vulnerable to attack.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features & Analysis

  • Cerro RicoSatanic mines

    Devil worship in the tunnels of the man-eating mountain


  • Nefertiti MenoeWar of words

    The woman who sparked a row over 'speaking white'


  • Oil pumpPump change

    What would ending the US oil export ban do to petrol prices?


  • Brazilian Scene, Ceara, in 1893Sir Snapshot

    19th Century Brazil seen through the eyes of an Englishman


BBC Future

(Getty Images)

Is it time to leave planet Earth?

How humans could inhabit the solar system Read more...

Programmes

  • Prof Piot, the first person to indentify Ebola virusHARDtalk Watch

    Ebola expert warns travellers could spread the disease further if it is not contained

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.