Karamba Security Suite, CES 2018, Las Vegas, NV.
CES started as a B2C tradeshow and B2B is now equally important. For the automotive industry, cybersecurity was one of the major areas of interest among OEMs and Tier-1s who came to Las Vegas to learn about attack vectors and prevention. They were already familiar, as you likely are, with our Autonomous Security solution, Carwall. They were keenly interested in Karamba’s new SafeCAN solution which we presented for the first time at CES in 85 private meetings and demos over three days.
One of the many appealing features to OEMs stems from the fact that they are extremely concerned about risks introduced by third party dongles. A well-known example is a white hat hack of a Progressive Insurance dongle. The hacker used the compromised dongle to insert malware to hack a vehicle. Unfortunately for the car manufacturer, all the negative publicity accrued to them, even though the vulnerability was in the Progressive dongle.
Shiva Kumar, a senior member of Jefferies Mobility Technology Investment Banking practice, explains it this way: “Hackers attack the most vulnerable surface and use that as the gateway to attack more valuable things later. Auto OEMs can’t control what devices people insert into their vehicles but acknowledge that those devices are the most vulnerable and are posing increased risks due to connectivity. What they like about SafeCAN is it protects after-market products as OEMs would protect factory-built components. SafeCAN prevents a compromised dongle from downloading malware and affecting vehicle safety and operation.”
It works by authenticating in-car communications to protect vehicles against malicious messages sent by unauthorized Electronic Control Units (ECUs) or via third-party dongles, as in the case of the Progressive hack.
Another important feature of SafeCAN is that it can authenticate the validity of command messages, especially to the safety system, on the CAN bus network with zero network overhead. This is essential because traffic on the CAN network is saturated and there is no bandwidth for modern authentication protocols.
So, the excitement from OEMs is for the first time, they see a way that Karamba Security can ensure that even if third party dongles are hacked, the malware is blocked and their brand is protected, driver safety is intact and potential liability is reduced.
The over-arching concern at CES is that OEMs and the Tier-1s want to make sure that cars are not hacked. They see three critical areas to protect.
One is the ADAS (Advanced Driver Assistance System), a precursor for autonomous driving. We saw heightened demand to protect the car’s “brain” from hackers because if a hacker infiltrates that brain, then the hacker owns the car and can do with the car whatever they want.
The second area is the gateway. If a hacker succeeds in hacking the gateway he has access to all the car’s networks and they can deploy malware on all the ECUs. A hacker can utilize the OTA update to deploy malware instead of a legitimate software update on the ECUs.
The third is telematics because it consolidates with the V2X for external connectivity. It also communicates with the gateway. And they feel those central ECUs must be hardened against hackers.
Karamba’s Carwall hardens those main ECUs in the car and prevents attacks with zero false positives, and with zero-day protection, i.e. protecting against unknown threats of buffer overflow exploits and dropper attacks. The interest level from major OEMs and from autonomous security OEMs was high, as they see the need to prevent the attack – before hackers find ways in – as critical to maintaining consumer safety and ensuring their trust in autonomous driving.
“Hardening cars’ autonomous driving ECUs, as well as gateway and telematics ECUs, is key to preventing cyberattacks before a hacker can infiltrate and affect the cars’ nerve centers,” added Kumar. “As seen at Karamba Security’s demo suite, OEMs are eager to find a preventive cybersecurity solution, which is essential to achieving their aggressive plans for connected cars, and making mass adoption of autonomous driving a reality and not losing consumer trust should cars fall victim to cyberattacks.”
We are pleased to see the enthusiastic reaction to our innovative technologies for automotive cybersecurity. I continue to be highly impressed by the people I meet in the automotive industry. Once perceived as traditional and slow-moving, my experience is far from that. The automotive industry is treating safety very seriously. It is embracing change, alliances, technology and innovative new players like Karamba.