Karamba Securityhas announced the availability of Carwall, its in-car security software that automatically secures connected cars against cyberattacks. Carwall software keeps connected cars safe by sealing the cars controller software, so it can immediately detect and prevent cyberattacks from exploiting the car controllers software security bugs.
The US Assistant Attorney General for National Securitywarnedthat connected cars, which Gartner predicts will represent 250 million vehicles on the road by 2020, will be the next battlefield. Connected cars have hundreds to thousands of hidden security bugs (vulnerabilities) that hackers can exploit to infiltrate the vehicle, take control and compromise its safe operation.
The risks to connected cars are real, said Richard Wallace, director of Transportation Systems Analysis at the Center for Automotive Research. Karamba Securitys automated sealing approach offers the automotive industry a tool to immediately detect and prevent cyber attacks that exploit software bugs in the code of connected cars. Thus, drivers can be confident they will always be in complete control over their vehicles, and manufacturers learn more about the frequency and nature of such attacks.
In March, after white hat hackers repeatedly demonstrated they could successfully exploit security bugs in a connected cars code to infiltrate its safety systems, the Federal Bureau of Investigation (FBI), Department of Transportation, and the National Highway Traffic Safety Administration issueda Public Safety Alert(PSA) that highlighted the dangers to new and existing cars on the road. They warned todays vehicles are increasingly vulnerable to remote exploits that allow a hacker to manipulate critical vehicle control systems.
“As vehicle control systems become increasingly automated with everything controlled by software, the probability of code flaws that can be exploited by bad actors for nefarious purposes increases dramatically,” said Sam Abuelsamid, senior analyst, Navigant Research. “Compound this with the growing ubiquity of connected systems including cellular telematics, V2X communications and connected smartphones, and the need to integrate cybersecurity protection systems at multiple levels becomes clear. The full security solution set will ultimately include electronic architectures designed with security in mind, preventing intrusions to cloud-based transportation services and controlling access to in-vehicle ECUs.
Karambas patent-pending software seals the cars electronic control units (ECUs) by automatically creating security policies, based on factory settings. In real time, Carwall detects and prevents anything not explicitly allowed to load or run on the ECU, including in-memory attacks. Theres no ambiguity and no false alarms, detecting and preventing attackers, who try to exploit vulnerabilities and get into the cars network.
Karambas Carwall enables car manufacturers to immediately address security bugs in existing or new code and eliminate an attackers way into a connected car, said Ami Dotan, CEO of Karamba Security. We give car manufacturers and Tier 1 system developers the tools to detect and seal their code against exploits and detect and stop attackers before they can ever get started.
Carwall software requires zero developer resources its embedded during the ECUs software build process, so it simply becomes part of the regular development cycle. As a result, Carwall makes it easy to secure and retrofit automobiles on the road today and protect them from cyberattacks; it can easily be part of software updates completed during a regularly scheduled service visit.
Because Carwall is part of the ECU software build, it is always current; Carwall protects the code, as is, sealing it to detect and prevent hackers from taking advantage of any security bugs that might be in the controllers software. Carwalls unique approach gives car manufacturers and Tier 1 system providers the confidence ECUs are protected, regardless of any security bugs they may contain, allowing them to keep their product schedules and focus resources on developing new functionality and safety features.