DEFCON is one of the biggest Hacker conferences – a blend of curious, creative, geeks and professionals come to one place with the aim of looking at the things we use every day in a different way and making them act differently than they were designed for. In practice, to make the event even more interesting, besides the lectures there are prize-winning competitions among all the conference’s participants. Every sponsor was asked to create, design, and operate a challenge for the competition, and each challenge had a few levels of difficulty. Every level offered points to the team that solved it. This year Karamba Security sponsored a capture-the-flag challenge, the RiCAN Morty Challenge, in the Car Hacking Village of DEFCON.
Are you ready for DefCon 26? We are! If you want to participate in our challenge we recommend you to sign up on time.
CES started as a B2C tradeshow and B2B is now equally important. For the automotive industry, cybersecurity was one of the major areas of interest among OEMs and Tier-1s who came to Las Vegas to learn about attack vectors and prevention. They were already familiar, as you likely are, with our Autonomous Security solution, Carwall. They were keenly interested in Karamba’s new SafeCAN solution which we presented for the first time at CES in 85 private meetings and demos over three days.
CAN Bus - Controller Area Network bus - is a high-integrity serial bus system for networking intelligent devices adopted by the automotive industry and, in 1993, it became the international standard known as ISO 11898. A modern vehicle may have as many as 70 electronic control units (ECUs) for various subsystems connected to each other via CAN Bus to govern almost every function — from engine timing and traction control to side-mirror adjustment.
Updated July 22nd, 2018
Raspberry Pi 3 (RPi3) currently uses cortex A53, which contains ARMv8 architecture CPU. However, most available documented builds for RPi3 are based on ARMv7 rather than ARMv8. In this post, I’ll explain how to build an RPi3 ARMv8 using Yocto Project on an Ubuntu machine.
While integrating Karamba protection into a QNX IFS image, I found that I first needed to extract the contents of a ready IFS image in order to inspect the binaries on the build machine for Karamba whitelisting purposes. I needed to know what those binaries would look like in their “final” form, after they’ve been stripped of debug symbols and otherwise modified by the IFS building utility.
Recently, Trend Micro published a technical brief discussing a vulnerability they found in the CAN protocol, which enabled denial of service (DoS) attacks to be invisible to CAN-based intrusion detection solutions. In the technical brief, they recommended that car manufacturers change CAN protocol in their vehicle, in order to make cars immune to such DoS attacks.
An exposition participant for an annual conference event on robotics and new technologies (We’ll call them ICORP) convened with Karamba to create a joint demo presentation.
ICORP is an engineering service company that creates demos and custom projects for car manufacturers, 100% electric vehicles, and the self-driving vehicles sector. They also invest their efforts in automotive app integrations.
Karamba specializes in creating cyber security software that prevents cyber-attacks on IoT controllers by seamlessly hardening them according to factory settings, and blocking any deviation from those settings.
iBoy is a sci-fi movie set in near-future London. A teen traveling to see his friend after school finds robbers in his friend’s house; he is shot in the head before he can escape. When he wakes, he discovers that part of his phone has been embedded in his brain, miraculously giving his brain connectivity abilities. He begins to listen to people’s calls and is able to see what they are doing on their smart devices. Later, he learns how to hack into phones, radios, cars, and the whole IoT. With his new abilities, he tries to find out who threatened his friend’s life; in one scene, he hacks into a car, trapping the people inside with the purpose of finding out which one is responsible for hurting his friend.
Asgent, Inc., Sumimoto’s SCSK Corporation, and Karamba Security hosted the Connected Car Security Seminar on Autonomous Security Products in Tokyo, Japan on July 3rd, 2017. The Seminar featured methodologies behind security protection of Autonomous Vehicles focused on Electronic Control Units (ECUs).
While it’s nice to think that all cars go to Car Heaven, in reality they go through a scrap metal recycling process. In order to recycle the remains of your vehicle, you need to get a special permit and find an Authorized Treatment Facility (ATF).
Connected cars increasingly rely on computer processors and upwards of 100 million lines of computer code to operate. With the proliferation of processors and vehicle software the cyberattack surface and sophistication of hacks has grown.
The federal government has ramped up its response with FBI warnings to automakers and consumers to “maintain awareness of potential issues and cybersecurity threats related to connected vehicle technologies in modern vehicles.” The National Highway Traffic Safety Administration has released guidelines to ensure automakers are designing cars to be safe against cyberattacks.
EcoMotion is a community with over 700 affiliated organizations related to the Smart Transportation sector. EcoMotion’s 2017 Main Event presented a showcase of vehicle technology companies and a variety of panels and presentations. Ami Dotan, CEO & Co-Founder of Karamba Security, was invited to participate at the “Cyber for Cars” panel to answer paramount questions that concern the automotive cyber security industry.
In A hacker’s guide to fixing automotive cybersecurity, Charlie Miller puts in perspective which cyber security challenges exist for the automotive industry. The article’s conclusion is that all software -even the most reliable- contains security bugs. Even the ones coming from software mammoths such as Microsoft, Google and Apple. The ramifications of these vulnerabilities in cars, evidently, can be severe.
41000 Woodward Ave
Building East, Suite 350
Bloomfield Hills, MI 48304
Tel: +1 248-574-5171
24 HaNagar Street
Tel: +972 9 88 66 113
Tel: +81 3 6853 7401