IoT
12/12/2017
04:24 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Karamba Security Launches End-to-End Automotive Authentication with Zero Network Overhead

BLOOMFIELD HILLS, Mich. and HOD HASHARON, Israel — Dec. 12, 2017 – Karamba Security, the world leader in automotive cyberattack prevention, today announced SafeCAN, its new security software that seamlessly protects automotive networks from hacking by authenticating in-vehicle communications with zero network overhead.

Carmakers have been demanding authenticated in-car communications to protect vehicles against malicious messages sent by unauthorized Electronic Control Units (ECUs) or via third-party dongles. Such prevention is essential in light of dongles commonly provided by insurance companies to monitor driver behavior and offer discounted premiums to responsible drivers. Car companies can’t control the data exchange generated by those dongles, creating a new attack vector. A Toyota car model was compromised by researchers through a dongle from Progressive Insurance, for example. 

Solving this problem is made even more difficult because in-car networks, and especially the CAN bus, are saturated and cannot add authentication data, which consumes network throughput. The resulting lack of in-car authentication leaves the car’s safety systems exposed to malicious commands sent due to such dongle-based attacks or hacked over-the-air (OTA) in-vehicle updates. 

“Authenticating car networks is an urgent and important matter that the automotive industry has been coping with for several years,” said Miroslav Pajic, assistant professor in the Department of Electrical and Computer Engineering at Duke University. “Saturated car networks created technological barriers in finding a solution that will authenticate all traffic to and from the car’s safety systems, such as brakes and airbags, exposing them to physical and cyberattacks.”

SafeCAN is the automotive industry’s first cybersecurity solution to offer in-vehicle network authentication with zero network overhead. It can be implemented without overtaxing the car’s internal communications to protect and authenticate CAN bus communications.

Karamba’s latest software product enables automobile manufacturers to seamlessly harden the networks to secure the car’s safety systems. There is no need to change network protocols, or add any additional network packets to ensure the authenticity of source-destination authentication and overall in-vehicle network authentication.

By offering seamless encryption for ECU communication, SafeCAN hardens the network leading to and from the car’s safety systems and ensures that only legitimate commands are received by the car’s safety systems. Commands originating from invalid sources are ignored.

In addition to hardening the car networks against physical attacks, SafeCAN enables secure OTA updates from the cloud to any ECU in the car. OTA products use secure channels from the OEM cloud to the primary ECU, which serves as the OTA’s entry point in the car. However, due to lack of network authentication, attackers may hack the car, impersonate an OTA update and deploy malicious software on safety ECUs. By hardening the network between the OTA primary ECU to the in-vehicle safety systems, target ECUs will not accept changes, unless it was authenticated by SafeCAN.      

This marks the first time that any vendor has offered end-to-end network safety in a pragmatic way that overcomes industry barriers.

“Karamba Security’s SafeCAN addresses the industry’s need to authenticate in-vehicle communication, to protect safety systems against hacks, and to ensure that OTA updates are not used to deploy malware on target ECUs,” said Roger Lanctot, Director Automotive Connected Mobility at Strategy Analytics.

SafeCAN helps automakers and tier-1 providers meet their security goals and comply with regulations such as those set out in the United States by the National Highway Traffic Safety Administration (NHTSA) and U.S. Department of Transportation (DOT)’s newly published federal guidance, Automated Driving Systems (ADS): A Vision for Safety 2.0, as well as the guidelines defined in the SELF DRIVE Act passed by the U.S. House of Representatives. Similar guidelines are emerging worldwide.

“We listened to our OEM customers, and innovated to meet the challenges they identified with the unsolved problem of in-car communication security,” said Ami Dotan, CEO and co-founder of Karamba Security. “Car manufacturers are concerned with physical hacks as well as the use of OTA technology to get secure cloud-to-vehicle communications, but their security ends at the entrance to the car. We cover the last yard, communication to and from safety ECUs, to make sure only legitimate messages from any entry point are accepted throughout the car network, and that safety will not be compromised.”

SafeCAN complements and extends Karamba’s Autonomous Security Carwall product to provide end-to-end in-vehicle security. Carwall hardens externally-connected ECUs by sealing their binaries according to factory settings. This prevents cyberattacks and in-memory attacks from compromising the car ECU’s, while eliminating false positives that risk consumers’ safety.

Together, SafeCAN and Carwall assure car safety by blocking hackers at the gate and by providing secure in-car traffic and authenticated OTA updates.

Karamba will be at CES® 2018 January 9-12, 2018, in Las Vegas, Nev. to showcase its capabilities working with leaders in the global automotive supply chain. From its suite at the Bellagio Hotel, Karamba will conduct joint demonstrations with partners who include Honeywell, IAV, Alpine and FEV to engage with conference-goers on cybersecurity vulnerabilities and how organizations can work together to secure the automotive industry. To schedule a private demo email: [email protected]

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-6345
PUBLISHED: 2019-01-15
The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large. The internal implementation of the function will cause a string to be created with an invalid length, which can then interact poorly with other functions. This affects all s...
CVE-2018-7603
PUBLISHED: 2019-01-15
In Drupal's 3rd party module search auto complete prior to versions 7.x-4.8 there is a Cross Site Scripting vulnerability. This Search Autocomplete module enables you to autocomplete textfield using data from your website (nodes, comments, etc.). The module doesn't sufficiently filter user-entered t...
CVE-2019-3554
PUBLISHED: 2019-01-15
Wangle's AcceptRoutingHandler incorrectly casts a socket when accepting a TLS 1.3 connection, leading to a potential denial of service attack against systems accepting such connections. This affects versions of Wangle prior to v2019.01.14.00
CVE-2019-3557
PUBLISHED: 2019-01-15
The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently. This behavior caused some stream functions, such as stream_get_line, to trigger an out-of-bounds read when operating on such malformed streams. The implementations were...
CVE-2019-0030
PUBLISHED: 2019-01-15
Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.