Cybersecurity specialists are finding that there are fundamental differences between protecting vehicles from hackers and computers and mobile devices from attack. The good news is that there is technology that provides greater protection for vehicles than mobile devices and computers.
One of the biggest advantages for the auto industry is that systems are not user changeable, while mobile phones, laptops or servers are. Even over-the-air updates utilize the car manufacturer’s trusted channels. That means that car should always operate according to its factory settings. When hackers attack, they inject malicious messages designed to modify a vehicle’s behavior away from the factory settings. Hackers attack by targeting the car’s externally connected ECUs, like infotainment, telematics, or gateway controllers The industry has responded by using network anomaly detection systems (or Intrusion Detection Systems (IDS)) that monitor the on-board communication bus (CAN) to detect potential attacks. The results have been problematic, according to industry experts. “These systems usually deploy heuristic methods, and hence raise false alarms (false positives) and miss attacks (false negatives),” according to Dr. André Weimerskirch, vice president of Cybersecurity with Lear Corporation’s E-Systems team. False alarms may, however, trigger responses, which could affect safety. “Anomaly detection systems, therefore, do not replace prevention mechanisms, such as network separation, firewalls, and secure CAN”, he says.
Rooted in Israel and Detroit, Karamba Security has responded to the challenges with “Autonomous Security,” cybersecurity software designed specifically for the auto industry. Karamba software “hardens” the car against hackers trying to take control of the car’s safety systems, such as brakes and airbags.
“We give car manufacturers and Tier-1 system developers the tools to seal their code and to stop attackers before they can ever get started,” says Ami Dotan, CEO and co-founder, Karamba Security. Karamba’s autonomous security software is embedded during the ECU software build process as part of the regular development cycle.
Automotive Industries (AI) spoke with Dotan.
AI: Can you describe your approach and how it’s so effective?
Dotan: Karamba Security’s technology team has worked extensively with industry leaders on similar technologies for hardening endpoints in the computer industry to help prevent malware on laptops, servers and browsers. The effectiveness of this approach was limited by the open and changeable nature of those devices. On the other hand, such hardening technologies are highly suitable for cars, which are not user changeable. Any change to factory settings – unless provided by the car company – is indicative of a hack.
AI: What is Karamba’s cybersecurity solution?
Dotan: It is a software solution, designed to address the industry’s constraints, and here’s why:
- The car industry cannot accept false positives, as they may create safety issues (i.e. a false alarm may block airbags from deploying in a crash). Karamba’s autonomous security product automatically generates factory settings-based policy, which prevents cyberattacks with zero false positives.
- Unlike PCs, cars are not regularly updated. Even with OTA, the industry doesn’t expect cars to be updated on a daily basis – as are anti-virus solutions – to address newly discovered malware. Karamba’s software doesn’t require any update at all, and it doesn’t need to keep track of new malware signatures. • Time-to-market is an issue for a tiered industry, such as the automotive sector. Karamba’s software generates the policy automatically and is embedded automatically into the ECU. No developer know-how is required, and there are no production delays.
AI: What work are you doing with OEMs and Tier-1 suppliers?
Dotan: We can’t disclose the names of the automotive manufacturers and Tier-1s that we are working with. I can only say that the message of prevention with zero false positives is very compelling to them. They usually test the product after it is embedded into their ECU of choice. Then they run thorough tests on the ECUs that are protected by Karamba’s software to ensure that it prevents attacks of many sorts, and that there are zero false positives and zero false negatives.
Automotive Industries then asked David Barzilai, Executive Chairman and co-founder of Karamba Security, what are the biggest threats facing connected and autonomous vehicles.
Barzilai: Hackers are looking for newly-connected platforms. If they use a car’s points of connectivity to control the vehicle, the biggest threat is loss of control, which can result in loss of lives. In platforms that are regularly updated – like laptops, servers and mobile phones – vendors continuously search for newly-reported malware, neutralize them and send malware remedies to their already deployed cybersecurity solutions. However, the danger is that the relatively infrequent update cycles in the automotive industry may give hackers more time when they start hacking into connected and autonomous cars.
AI: Why are Karamba’s cybersecurity solutions a good answer to these challenges?
Barzilai: Karamba has taken the approach that the programming of cars is not user changeable. Car software can be changed only by authorized vendors. Should a change to factory settings be introduced to the car by someone, who is not the car’s vendor, then it must be a hacker. Karamba’s software automatically hardens the car’s connected ECUs according to factory settings and prevents the hacker from compromising the ECU to take control of the car.
AI: Tell us a little about CES 2017 and the technologies Karamba showcased.
Barzilai: The focus of the demo of real-life hacking attempts was to sharply distinguish Karamba’s ECU hardening approach from that of intrusion detection systems that monitor the onboard communication bus (CAN). In particular, we showed how Karamba and FEV eliminate the risks of false positives or false negatives. The response from OEMs and Tier-1s was overwhelmingly positive, and we were booked with back-to-back demos and presentations throughout the show.