Safer Trucking, Thanks to Control Flow Integrity

Karamba Security | June 10, 2024
protected trucks

How Karamba’s XGuard Protects ECUs from Known and Unknown Vulnerabilities

When the truck manufacturer turned to Karamba Security, there were already one million trucks and buses either on the road or in production. The ECU in question, over 10 years old, was a low-end microprocessor with a legacy Real-Time OS.

Not long before that meeting, vulnerabilities had been reported in the ECU’s firmware; However, the underlying OS and communication stacks could no longer be patched.

The vulnerabilities exposed the vehicles to significant risk of damages and safety issues, such as stopping the vehicle, resetting ECUs, or spoofing J1939 messages, and the OEM needed a solution. They were looking for a control-flow-integrity (CFI) solution that was not only reliable but also ISO/SAE 21434-certified; without the certification it would not be possible to sell the trucks and buses in the EU.

In two iterations, the solution was applied to the firmware binaries via seamless integration , within performance constraints. R&D involvement was minimal, as protection was applied to binaries as part of the build. The OEM verified ISO/SAE 21434 compliance not only for its own processes but also for those of Karamba Security.

XGuard CFI has hardened the firmware, so that in-memory exploit attempts are detected and blocked and a report of each incident is available for the OEM.

Karamba Security partners with manufacturers around the world to bring stronger security to embedded systems, while workflows remain in place and time-to-market is not affected, so that business needs are met.

Read the complete Case Study, using the Download button below.

Read more

Continue the conversation!

Want to learn more?

Contact Us


24 HaNagar Street
Hod Hasharon
Tel: +972 9 88 66 113



41000 Woodward Ave
Building East, Suite 350
Bloomfield Hills, MI 48304
Tel: +1 833 4KARAMBA



Landstr. 264, Munich
Tel: +49 892 1547 7583