Major automotive cybersecurity companies are making announcements since the beginning of the year starting at CES. The cybersecurity market is growing in leaps and bounds with different approaches to security. Here is a roundup of the latest cybersecurity trends starting from CES this year going through Mobile World Congress to recently expos and shows.
“We’re finally past the denial stage of automotive cybersecurity,” said Roger Lanctot senior analyst at Strategy Analytics who notes that the industry still needs to agree on standards and share information.
“At CES we found that automotive and tech companies are committed to cybersecurity, understand how important it is and welcome cooperation,” said Faye Fancy, executive director Auto-ISAC, who lead a panel on cybersecurity threats and how organizations work together to secure the automotive industry.
The spirit of cooperation was illustrated by automotive cybersercurity partnerships and products.
HARMAN SHIELD Thwarts Traffic Sign Spoofing
HARMAN International, owned by Samsung, showed its new detection feature in the HARMAN SHIELD Solution that thwarts cyber-attacks aimed at the vehicle’s sensors by altering traffic signs, called adversary images.
Adversary images are images that have been manipulated so that the driver recognizes them correctly while a vehicle’s sensor or computer system may misclassify them. These images enable new attacks on autonomous cars and ADAS systems. For instance, if a a road sign shows a different speed limit than the actual speed limit it can cause the vehicle to drive too slowly or too fast.
The technology demonstration showed that an altered speed limit sign which fooled the on-board traffic sign recognition system and could have given wrong information to vehicle systems such as adaptive cruise control was prevented. The spoofed traffic sign was fully detected and reported to HARMAN Cybersecurity Analysis Center thus preventing the attack.
Argus Cyber Security
Argus Connectivity Protection and Argus Lifespan Protection are integrated with Renesas’ R-Car H3 system-on-chip (SoC) advanced driving and infotainment platform as well STMicroelectronics’Telemaco3P automotive telematics connectivity microprocessors. Argus Connectivity Protection prevents malware installation, detects operating system anomalies, isolates suspicious activity and stops attacks from spreading to the in-vehicle network. Argus Lifespan Protection continuously monitors cyber health, provides big data analytics and over-the-air security updates.
Karamba Security was featured in demonstrations and partnerships at CES 2018 and continued to be in the news.
“At CES it was extremely busy. The overall theme was that OEMs wanted to prevent hacks without false positives,” said David Barzilai, executive Chairman and co-founder of Karamba Security, who noted that automakers were fascinated by Karamba’s SafeCAN that can authenticate the CAN network with zero network overhead.
Alpine Electronics announced that is using Karamba Carwall software to protect its automotive infotainment systems against hackers. In a demonstration at the Alpine exhibit, ransomware was injected into an unprotected and protected system. The exploit attempt failed on the protected browser, and a detailed incident report was sent to Karamba’s incident management server.
Karamba Security also demonstrated Karamaba software on Automotive Grade Linux systems, with zero false positives at the Karamba Security Demo Suite .
The big first-time news at CES reported Barzilai was “At CES, Karamba and G+D for the first-time presented secure encrypted Over-the-Air (OTA) updates, end-to-end.”
Brailai notes Karamba Security is current working with with 16 OEMs and Tier 1 suppliers.
IAV Automotive Engineering partnered with Karamba Security, to produce an Automotive Security Defense Center prototype vehicle that showed at CES how attacks can be prevented in a connected vehicle. The prototype constantly monitored the vehicle to detect and avert attacks, analyzed weak points and issues noted by OEMs to close security gaps, and incorporated routine software updates. The demonstration showed how an hack attempt can be prevented.
Honeywell Transportation Systems (TS) and Karamba Security paired TS intrusion detection technology software and security operations centres with Karamba Security’s electronic control unit (ECU) intrusion detection software. They were able to monitor and validate in real-time software commands and data. Honeywell’s intrusion detection software monitored in-vehicle network communications and anomalies, while Karamba Security’s ECU software prevented attacks on any given module. Detected anomalies and prevented attacks were transmitted in either real time or via a scheduled download to Honeywell security operation centres for analysis and remediation.
In a keynote address at the NAIAS, BlackBerry Limited Executive Chairman and CEO, John Chen, unveiled BlackBerry Jarvis a software-as-service cybersecurity product. Jarvis is a cloud-based static binary code scanning solution that identifies vulnerabilities in software used in automobile.
Jarvis is a cloud-based static binary code scanning solution that identifies vulnerabilities in software used in automobiles. Jarvis scans and delivers deep actionable insights in minutes, what would otherwise involve manually scanning that will take large numbers of experts and an impractical amount of time.
NXP’s Secure CAN Transceivers
NXP developed the industry’s first hardware protection for ECUs, NXP’s secure CAN transceiver family. The transceivers are currently in the evaluation phase.
NXP’s pure transceiver based solution for the CAN network which is designed to secure efficiently – no bandwidth overhead, no delays and no processor load. This novel approach complements crypto-based security solutions with an additional layer in a Defense-in-Depth (DiD) concept, or as a standalone option.
- Spoofing prevention on transmit side.
- Spoofing prevention on receive side.
- Tamper protection.
- Flooding prevention and rate limit control.
Infinenon Security Protection
Infineon Technologies AG is adding the OPTIGA Trust X to its OPTIGA Trust family of security protection. This hardware-based security solution provides robust security to the diverse applications in the Internet of Things, ranging from smart homes to drones.
The OPTIGA Trust X offers secured communication and software updates, mutual authentication and much more. Device manufacturers save time and costs thanks to the plug-and-play concept enabling even companies without specialist know-how in the field of security.
Infineon Partners with EB for Cybersecurity
Infineon Technologies AG and Elektrobit Automotive GmbH (EB) are teaming up long term to work closely together on the issue of cybersecurity for vehicles.
The companies offer a perfectly coordinated hardware-software solution that boosts the performance of on-board communication and satisfies current and future security requirements. It is based on the second generation of the multicore microcontroller family AURIX™ (TC3xx) from Infineon and, tailored to it, Elektrobit’s zentur HSM solution.
Blockchain Testing in Porsche
In collaboration with the Berlin-based start-up XAIN, Porsche is currently testing blockchain applications directly in vehicles. This makes the Zuffenhausen-based company the first automobile manufacturer to implement and successfully test blockchain in a car.
Arilou Automotive Ethernet Security Hub
Arilou Information Security Technologies , a supplier of high-end cyber security solutions for the automotive industry, has developed a first-of-its-kind central management technology to enable dynamic and secure control of in-vehicle communication networks. Specifically, Arilou, part of the NNG Group, designed this cyber security tool – the Ethernet Security Hub – as an innovative solution for connected and autonomous vehicles equipped with Ethernet networks.
Continental Response Management from Argus Cyber Security
At Mobile World Congress, Argus Cyber Security announced a collaboration with Ericsson to provide seamless cyber security for the connected automotive ecosystem – across vehicle cloud services, fleets and vehicles. The collaboration involves integrating Argus Security Operation Center with Ericsson’s Connected Vehicle Cloud platform to provide automakers with an additional powerful layer of security that leverages intelligence findings across both platforms. The combined insights equip automakers with actionable intelligence derived from big data analysis across millions of connected vehicles and their cloud services to identify the first signs of an attack campaign and mitigate its damage by immunizing the fleet in hours.
Continental has introduced an incident response management system, which is an additional layer of security that responds immediately if there really is an attack. This was developed with the expertise of the Israeli startup Argus Cyber Security, which Continental acquired last Autumn and has become part of the subsidiary Elektrobit.
You are welcome to subscribe to receive email notification of publication of Connected Car News Cybersecurity, you can also get weekly news summaries or daily emails.