Late last month, researchers from Armis exposed 11 zero-day vulnerabilities in VxWorks, including six that “are critical and enable Remote Code Execution (RCE).” In this post, we examine how this discovery indicates the importance of embedded security that seals devices against attacks and how releasing a patch after the fact isn’t enough.
RCE is one of the most devastating cyber threats and requires the urgent updating of security patches anytime a vulnerability is found that can open the door to such an attack.
Last month, Karamba Security’s Director of PMO, Helen Buchumensky spoke at the German Association of the Automotive Industry (VDA) conference about the importance of cybersecurity in safety critical systems, and why it is crucial that it doesn’t clash with Automotive functional safety requirements. This post is based on her presentation.
Recent cyberattacks launched by the US and other militaries are a reminder of the vulnerabilities that all connected systems have, no matter how sophisticated or highly-classified they are.
A series of recent publications in the US and Europe indicate that the industry - and government - are starting to take note, and realize the importance of embedded security for connected products.
Day 2 of Cyberweek 2019 hosted a fascinating conference on the threats facing IoT devices - and all of us.
There’s an elite class of world cities that stand apart from the rest. Cities like Tokyo, Shanghai, London, New York, and San Francisco, which drive the global economy and chart the course of human progress. There are also cities like Tel Aviv that punch above their weight when it comes to innovation, talent, and the ability and desire to shake things up a bit.
Ford and the Karamba team discussed the importance of cybersecurity as the automated car revolution picks up speed.
Intel has yet to deploy its Control-Flow Enforcement Technology (CET) in its for-market processors, yet another testament to the importance of control flow integrity (CFI) for addressing in-memory cyberattacks.
Karamba Security is among the select group of Israeli hi-tech companies that the alliance has chosen to work with on joint prototyping projects.
It is the latest in a long line of accolades for Karamba Security, which provides embedded, deterministic security for automotive, Industry 4.0, enterprise edge, and IoT connected systems.
A quick look at recent NIST reports on cybersecurity reveals how Karamba’s Carwall and XGuard security suites can help systems and companies meet these federal guidelines for cybersecurity.
This 1983 episode of “Knight Rider” shows an early TV depiction of a remote hack of an autonomous car — and it gets almost everything wrong. Let’s take it step by step.
Imagine your data and the keys to your operating system have been seized in the hands of faceless, nameless hackers who caught you slipping. They’ve named their price and the clock is ticking – pay up or lose all access to your system.
If you have a connected vehicle, then by the time you finish reading this post it may be targeted by more than three dozen attack attempts.
Imagine a home security system that lets burglars in through the front door - and records their every move. Now you have an idea of what Karamba is doing with ThreatHive.
At some point, the most sophisticated, earth-shattering hacking campaign could be launched from your fridge.
Karamba CEO and Co-Founder Ami Dotan explains the decision to expand into the wider world of connected systems – from Industry 4.0 to consumer IoT, and enterprise edge devices.
Answering our Twitter followers’ questions on Automotive Cybersecurity and More.
As we close 2018 let me share a prediction- Karamba Security, and Automotive Cybersecurity in general, are heading towards a great year.
Karamba Security, Mobileye (INTC), and Check Point Software (CHKP) were selected as the three companies invited to present the Israeli high-tech industry in a business-to-businees forum held by the Taiwan External Trade Development Council (TAITRA) this week.
DEFCON is one of the biggest Hacker conferences – a blend of curious, creative, geeks and professionals come to one place with the aim of looking at the things we use every day in a different way and making them act differently than they were designed for.
Are you ready for DefCon 26? We are! If you want to participate in our challenge we recommend you to sign up on time.
CES started as a B2C tradeshow and B2B is now equally important. For the automotive industry, cybersecurity was one of the major areas of interest among OEMs and Tier-1s who came to Las Vegas to learn about attack vectors and prevention.
CAN Bus - Controller Area Network bus - is a high-integrity serial bus system for networking intelligent devices adopted by the automotive industry and, in 1993, it became the international standard known as ISO 11898.
Updated July 22nd, 2018
Raspberry Pi 3 (RPi3) currently uses cortex A53, which contains ARMv8 architecture CPU. However, most available documented builds for RPi3 are based on ARMv7 rather than ARMv8. In this post, I’ll explain how to build an RPi3 ARMv8 using Yocto Project on an Ubuntu machine.
While integrating Karamba protection into a QNX IFS image, I found that I first needed to extract the contents of a ready IFS image in order to inspect the binaries on the build machine for Karamba whitelisting purposes. I needed to know what those binaries would look like in their “final” form, after they’ve been stripped of debug symbols and otherwise modified by the IFS building utility.
Recently, Trend Micro published a technical brief discussing a vulnerability they found in the CAN protocol, which enabled denial of service (DoS) attacks to be invisible to CAN-based intrusion detection solutions. In the technical brief, they recommended that car manufacturers change CAN protocol in their vehicle, in order to make cars immune to such DoS attacks.
An exposition participant for an annual conference event on robotics and new technologies (We’ll call them ICORP) convened with Karamba to create a joint demo presentation.
iBoy is a sci-fi movie set in near-future London. A teen traveling to see his friend after school finds robbers in his friend’s house; he is shot in the head before he can escape.
Asgent, Inc., Sumimoto’s SCSK Corporation, and Karamba Security hosted the Connected Car Security Seminar on Autonomous Security Products in Tokyo, Japan on July 3rd, 2017. The Seminar featured methodologies behind security protection of Autonomous Vehicles focused on Electronic Control Units (ECUs).
While it’s nice to think that all cars go to Car Heaven, in reality they go through a scrap metal recycling process. In order to recycle the remains of your vehicle, you need to get a special permit and find an Authorized Treatment Facility (ATF).
Connected cars increasingly rely on computer processors and upwards of 100 million lines of computer code to operate. With the proliferation of processors and vehicle software the cyberattack surface and sophistication of hacks has grown.
EcoMotion is a community with over 700 affiliated organizations related to the Smart Transportation sector. EcoMotion’s 2017 Main Event presented a showcase of vehicle technology companies and a variety of panels and presentations. Ami Dotan, CEO & Co-Founder of Karamba Security, was invited to participate at the “Cyber for Cars” panel to answer paramount questions that concern the automotive cyber security industry.
In A hacker’s guide to fixing automotive cybersecurity, Charlie Miller puts in perspective which cyber security challenges exist for the automotive industry. The article’s conclusion is that all software -even the most reliable- contains security bugs. Even the ones coming from software mammoths such as Microsoft, Google and Apple. The ramifications of these vulnerabilities in cars, evidently, can be severe.
41000 Woodward Ave
Building East, Suite 350
Bloomfield Hills, MI 48304
Tel: +1 248-574-5171
24 HaNagar Street
Tel: +972 9 88 66 113
Landstr. 264, Munich
Tel: +49 151 1471 6088