The U.S. Assistant Attorney General for National Security warned that connected cars, which Gartner predicts will represent 250 million vehicles on the road by 2020, “will be the next battlefield.” Connected cars have hundreds to thousands of hidden security bugs (vulnerabilities) that hackers can exploit to infiltrate the vehicle, take control and compromise its safe operation.
“The risks to connected cars are real,” said Richard Wallace, Director of Transportation Systems Analysis at the Center for Automotive Research. “Karamba Security’s automated sealing approach offers the automotive industry a tool to immediately detect and prevent cyberattacks that exploit software bugs in the code of connected cars. Thus, drivers can be confident they will always be in complete control over their vehicles, and manufacturers learn more about the frequency and nature of such attacks.”
In March, after white hat hackers repeatedly demonstrated they could successfully exploit security bugs in a connected car’s code to infiltrate its safety systems, the Federal Bureau of Investigation (FBI), Department of Transportation, and the National Highway Traffic Safety Administration
issued a Public Safety Alert (PSA) that highlighted the dangers to new and existing cars on the road. They warned today’s vehicles are “increasingly vulnerable to remote exploits” that allow a hacker to “manipulate critical vehicle control systems.”
“As vehicle control systems become increasingly automated with everything controlled by software, the probability of code flaws that can be exploited by bad actors for nefarious purposes increases dramatically,” said Sam Abuelsamid, senior analyst, Navigant Research. “Compound this with the growing ubiquity of connected systems including cellular telematics, V2X communications and connected smartphones, and the need to integrate cybersecurity protection systems at multiple levels becomes clear. The full security solution set will ultimately include electronic architectures designed with security in mind, preventing intrusions to cloud-based transportation services and controlling access to in-vehicle ECUs.”
Karamba’s patent-pending software seals the car’s electronic control units (ECUs) by automatically creating security policies, based on factory settings. In real time, Carwall detects and prevents anything not explicitly allowed to load or run on the ECU, including in-memory attacks. There’s no ambiguity and no false alarms, detecting and preventing attackers, who try to exploit vulnerabilities and get into the car’s network.
“Karamba’s Carwall enables car manufacturers to immediately address security bugs in existing or new code and eliminate an attacker’s way into a connected car,” said Ami Dotan, CEO of Karamba Security. “We give car manufacturers and Tier 1 system developers the tools to detect and seal their code against exploits and detect and stop attackers before they can ever get started.”
Carwall software requires zero developer resources — it’s embedded during the ECU’s software build process, so it simply becomes part of the regular development cycle. As a result, Carwall makes it easy to secure and retrofit automobiles on the road today and protect them from cyberattacks; it can easily be part of software updates completed during a regularly scheduled service visit.
Because Carwall is part of the ECU software build, it is always current; Carwall protects the code, as is, sealing it to detect and prevent hackers from taking advantage of any security bugs that might be in the controller’s software. Carwall’s unique approach gives car manufacturers and Tier 1 system providers the confidence ECUs are protected, regardless of any security bugs they may contain, allowing them to keep their product schedules and focus resources on developing new functionality and safety features.
Karamba Security will demonstrate its Carwall solution to Tier 1 suppliers and manufacturers at the world’s largest connected car and auto-mobility conference and
exhibition — TU-Automotive Detroit 2016, June 8-9, Novi, Michigan.
About Karamba Security
Karamba Security is a pioneer in electronic control unit (ECU) endpoint security to protect the connected car. The company seals and secures the connected ECUs within automobiles to detect and protect them from cyberattacks and ensure the car’s safe, ongoing operations.
To learn more, please visit www.karambasecurity.com.