Built-in protection against cyber hijackers

With the advent of connected cars and the development of autonomous vehicles automotive companies are paying more attention to preventing hackers from getting into vehicle systems.

In November 2016 Samsung Electronics announced the acquisition of Harman International Industries for $8 billion, a transaction which will immediately give Samsung a significant presence in the large and rapidly growing market for connected technologies for automotive.

Supporting the initiative is Israeli company ProtectivX, one of the leaders in the field of protection from cyber criminals and cyber terrorism. Its anti-hacking platform and certificate program has applications in automotive, autonomous vehicles, medical devices, the Internet of Things (IoT), avionics, smart-cities, smart-homes, automated factories, and many other applications.

ProtectivX is fine-tuning a device which sits on a vehicles’ internal CAN-BUS and monitors all electronic control units (ECUs) for unusual behavior. ECUs may include the infotainment system, vision safety devices, cruise control, electronic keys, and remote engine starters. The ProtectivX device continuously scans the CAN BUS, and shields them from external threats says a company release.

“Technology has created a window of opportunities for hackers – ProtectivX is the technology to close that window,” says Ziv Hadad, CEO of ProtectivX. “If it has not been certified safe by ProtectivX, then it’s not protected from the outside”. Ziv adds, “our system and certification program will allow us to better indentify, understand and protect more devices in various industries from being hacked!

Following successful pilot tests, the ProtectivX team has been asked by manufactures in IoT, medtech, and factory automation to create a test-bed and certificate program to help ensure their products are protected against hackers. The ProtectivX system sits in the background, monitoring all activity from every connected devices. The patent-pending technology and proprietary algorithms maintain a database of all connected hardware and expected activity. The ProtectivX system looks for any unusual or suspicious activity and immediately provides alerts. At the same time the potential hack is isolated and neutralized.

“With interfaces to smartphones, vehicle-connected-to-everything (V2X) and ever-more powerful navigation, infotainment and Advanced Driver Assistance Systems (ADAS) technologies, vehicles are becoming exposed to external software like never before. As a result, the car is now an attractive target to a new generation of hackers, fraudsters, terrorists and other cyber criminals. In fact, protecting IoT networks – whether in automotive or other applications – is important not only for intercepting attacks, but also for protecting the privacy of people. Network vulnerabilities could be used for purposes such as tracking driver/user behavior, stealing private information, collecting intelligence, and more,” says ProtectivX.

According to Business Insider, over 380 million connected cars will be on the road by 2021. Research and Markets estimate that by the end of 2020 the market of cyber security for cars in North America and Europe will exceed $6 Billion and $5 billion, respectively. Considering the Internet of Things (IoT) in general, Markets and Markets predict that the cyber security market for IoT will grow from $6.9 Billion (USD) in 2015 to over $28 Billion by 2020.

With this in mind, ProtectivX is expanding its R&D team to expedite the development of its platform technology. The company is hiring engineers and cyber security experts, focusing on elite IDF technology unit veterans. ProtectivX works with OEMs to help identify where the weak point of entry is located in their products and where the greatest security threat exists to users. Automotive Industries (AI) asked Hadad what are the competitive advantages of the company’s cyber secu­rity technology.

Hadad: ProtectivX creates a digital fingerprint of the device or system (e.g. vehicle) to be protected based on its unique hardware and software characteristics. One important advantage is that hackers cannot fake the authenticity of the device even if they capture data packets. So our strategy is not to contain attacks but rather to eliminate the ability of hackers to access critical system or networks in the first place.

AI: Most cyber security approaches are based on one or more of the following: identity management and access control, malware detection, pattern analysis and identifying anomalies, deception, diversion and other tactics. Is ProtectivX’s approach different?

Hadad: Once added to our service ProtectivX simply blocks any incoming/outgoing communication unless initiated by the legitimate authenticated user. This approach is very different. It is based on the physical components of the system we wish to protect, combined with the unique characteristics of the software that is running on it and the specific user who is authorized to operate it. So, in fact, we create an invisible shield that protects the system from hacking no matter what vector is used for the attempt.

AI: Is this suitable for use in the automotive industry?

Hadad: Yes. There are multiple ways to implement our technology in a variety of network architectures. For some applications, vehicles for example, we include a hardware component which is installed on the CAN BUS. It works alongside our Cloud service to continuously protect the vehicle from outside threats regardless of Wi-Fi or other connectivity.

AI: Tell us about how ProtectivX provides cyber security to automotive platforms, especially in light of the recent entry of Samsung to the connected vehicle market.

Hadad: The development of autonomous vehicles is a multidisciplinary business. Therefore, we believe that mega-acquisitions like the one recently made by Samsung, and alliances between industry giants like Mobileye, Intel and BMW are almost imperative for the successful delivery of robust solutions to the future in this field. One thing seems to be missing, and this is the integration of cyber security solutions as a critical safety component in self-driving cars. We believe that cyber technology has to be embedded in next generation cars, just like airbags and safety belts are built-in safety systems in today’s cars. ProtectivX introduces a new cyber security concept, which fits perfectly well with the challenges and technology advancements in this field.

AI: With OEMs is ProtectivX part of the initial R&D or are you called in after?

Hadad: One of the great things about ProtectivX is that its implementation requires very little adjustment to the existing car network infrastructure. This means that car manufacturers could still use most of their existing ECUs that communicate over the CAN BUS. This translates into a huge cost saving. We welcome partnership opportunities with OEM and car manufacturers, and can come in at any stage of development, whether R&D or later.

AI: Is cyber security a threat today? Autonomous cars are still a futuristic dream.

Hadad: True, but the future isn’t that far away. As we speak, I was just notified that the Tesla model S was hacked into via a mobile device. So, cyber security is indeed a real and present threat. Google and Tesla might be the biggest names chasing self-driving cars, but most auto brands and other tech heavyweights are also investing heavily in autonomous vehicle technologies. Cyber threats are a big deal, also in the context of connected vehicles. According to a recent market research, the market of cyber security of cars in Europe alone will reach $5.2 billion by the end of 2020. To us at ProtectivX it is clear that there is a fast growing need for cyber solutions in automotive. Our mission is to make future transportation safer