How Karamba’s XGuard Protects ECUs from Known and Unknown Vulnerabilities
When the truck manufacturer turned to Karamba Security, there were already one million trucks and buses either on the road or in production. The ECU in question, over 10 years old, was a low-end microprocessor with a legacy Real-Time OS.
Not long before that meeting, vulnerabilities had been reported in the ECU’s firmware; However, the underlying OS and communication stacks could no longer be patched.
The vulnerabilities exposed the vehicles to significant risk of damages and safety issues, such as stopping the vehicle, resetting ECUs, or spoofing J1939 messages, and the OEM needed a solution. They were looking for a control-flow-integrity (CFI) solution that was not only reliable but also ISO/SAE 21434-certified; without the certification it would not be possible to sell the trucks and buses in the EU.
In two iterations, the solution was applied to the firmware binaries via seamless integration , within performance constraints. R&D involvement was minimal, as protection was applied to binaries as part of the build. The OEM verified ISO/SAE 21434 compliance not only for its own processes but also for those of Karamba Security.
XGuard CFI has hardened the firmware, so that in-memory exploit attempts are detected and blocked and a report of each incident is available for the OEM.
Karamba Security partners with manufacturers around the world to bring stronger security to embedded systems, while workflows remain in place and time-to-market is not affected, so that business needs are met.
Read the complete Case Study, using the Download button below.
