Current automobiles and even many trucks already have numerous on-board computers that provide an array of functions in cars. These all provide opportunities to malicious hackers to cause mayhem. The safety risk becomes especially critical with autonomous vehicles, where computers run the entire vehicle operation. Forbes is reporting on a cybersecurity company who believe they have a way to thwart hackers using technology it claims is more effective than current techniques.
Karamba Security has offices in the US, Israel and Germany. CEO David Barzilai said, “Autonomous vehicles are becoming quite a monster of software.” Autonomous vehicles contain between 300 million to 500 million lines of software code, compared to a Boeing 787 jet with 15 million and 100 million lines of code in a premium car such as a Mercedes C-class, said Barzilai.
Automakers are treating vehicles as “data centers” sending security updates over the air which aggressive hackers are able to defeat. To counter this vulnerability, Karamba is creating what it calls the “self defending car” by building security into a vehicle’s electronic control unit, or ECU. Instead of relying on periodic security updates, Karamba’s system causes the vehicle to reject commands that do not match software code built into it by the automaker. Any change to factory settings not delivered by the automaker would be practically detected. It also provides a level of confidence, Karamba claim is a flaw in other cybersecurity systems, explaining “the problem with such solutions is that statistics are not always right. Sometimes you get an anomaly that reflects the legitimate configuration leading to false positives, false alerts.” To further explain, hackers are able to fool some cybersecurity systems into processing their commands as legitimate. This is dangerous.
The Karamba system plans will go into production at the end of 2021, but is not at liberty to reveal with which automakers will use it. The 2015 story in Wired magazine, exposed how two hired “hackers” took control of a Jeep Cherokee. The hackers remotely took control of the Cherokee’s air conditioning, windshield wipers, and transmission. Actual automobile cyber-attacks have occurred. In China, hackers brought a small fleet of trucks to a halt, who only released control of the fleet after the company paid a ransom.
Automobile companies, along with the Society of Automotive Engineers (SAE), has established the Automated Vehicle Safety Consortium (AVSC) to research these auto related cyber threats and vulnerabilities. Especially in the development of Level 4 and Level 5 titled, self-driving vehicles. Joining the SAE in the consortium are General Motors Corp., Ford Motor Co. and Toyota Motor Corporation.
The AVSC is in its infancy, yet are developing a set of safety principles for Level 4 and 5 autonomous vehicles, but, “data collection, protection and sharing required to reconstruct certain events,” according to its website.
In all reality, hackers who are determined to defeat a cybersecurity system, will often find ways to do so, often making it very difficult to create a vehicle that is completely invulnerable to such cyber-attacks. Karamba agrees with the difficulty in protecting automobiles, but they say it is not impossible. Hacking requires effort, time and money invested, what you need to do is raise the bar to your device much more complicated than your peer group.”
Wapack Labs is located in New Boston, NH. We are a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or firstname.lastname@example.org