Automotive Cybersecurity: Hacking, Fleet, Keysight & Winner

In automotive cybersecurity news are Toyota’s hacking tool, new fleet protection, new Keysight automotive program,  DENSO, Airlou, Thales and Tata Communications.

PASTA with Special Sauce Shipping

Toyota’s PASTA car-hacking tool is available for order and is expected to ship 2019/12/20 . It was originally introduced at Black Hat Europe in London.

PASTA:Portable Automotive Security Testbed with Adaptability, developed by Toyota InfoTechnology Center, is a platform based on non-proprietary technology, allowing researchers or engineers to freely construct in-vehicle networks. PASTA will contribute to accelerate research, education, and information sharing of vehicle cybersecurity as an open and handy platform which has typical physical attack surfaces. The metal briefcase with components sells  for sells for $28,300, Toyota offers PASTA’s open source specifications on GitHub, including those of the platform itself, CAN (controller area network) ID maps, ECU (engine control unit) program codes, and ECU circuit diagrams for vehicle testing.

The tool is designed for simulated car hacking, simulationg remote operation of a vehicle so that researchers can find and discover system vulnerabilities.

The tools consists of four ECUs as well as LED panels which can be used to run tests or simulate attacks such as injecting malicious ECU messages. The tool also supports binary hacking through the availability of ODBII and RS232C ports.

Argus Fleet Protection

Argus Cyber Security upgraded its stand-alone Fleet Protection backend platform, and is now providing continuous live monitoring of both automotive and commercial aircraft fleets. Argus Fleet Protection, an Automotive and Aviation Security Incident and Event Management (SIEM) system for automotive OEMs, fleet managers, and commercial airlines, detects cyber-attacks and enables deep investigation into various cyber threat scenarios for rapid incident mitigation.

Argus Fleet Protection provides visibility into cyber events of commercial aircraft and vehicles on the road. Working off-board, the solution correlates and aggregates data from multiple data sources and performs cross-fleet analysis to unearth suspicious patterns and emerging threats that would otherwise go amiss.

An out-of-the-box solution, Argus Fleet Protection works stand-alone or can be easily integrated and operated with existing Security Operations Center (SOC) solutions to provide the backbone to automotive and aviation incident management with domain focused feeds. Alternatively, Argus Automotive SIEM can be integrated with Argus world-class Managed Security Service Provider (MSSP) partners, including T-Systems, Singtel, Ericsson, as well as technology partner Check Point Software Technologies to provide a fully functional global automotive security operations center (ASOC).

Keysight Tech New Cybersecurity Program

Keysight Technologies, Inc. announced a new automotive cybersecurity program that enables automotive security professionals at car manufacturers (OEM) and their suppliers (Tier 1) to ensure the safety of their vehicles with proactive protection against cyberattacks throughout the R&D and production process, as well as post sales.

Keysight’s Automotive Cybersecurity Program consists of integrated hardware, software, and services needed by automotive OEMs and Tier 1s to ensure the safety of their vehicles, address the scale and complexity of rapidly changing technology, facilitate time to market, and supplement internal cyber security activities within OEMs and Tier 1 suppliers.

Keysight recognizes that automotive cybersecurity needs to be part of product development from the beginning, throughout the development life cycle, as well as post sales. To address this need, Keysight offers a comprehensive solution that includes the following key elements:

  • Hardware that connects to the device under test (DUT) via all relevant interfaces, e.g. Wi-Fi, cellular, Bluetooth, USB, CAN, and Automotive Ethernet
  • Software that simulates attacks, reports on vulnerabilities (and severity), and offers recommended fixes
  • Device under test (DUT)-specific regression testing that simplifies and accelerates verification of fixes
  • Enterprise-level management of testing, including seamless integration with widely used OEM and Tier 1 enterprise platforms

To ensure proactive prevention, Keysight is also offering a subscription service to an evolving threat database. This subscription provides frequent updates with the latest security attacks, evasion tactics, and examples of live malware. The service also includes frequent application protocol releases along with ongoing software updates and enhancements.

Keysight’s Automotive Cybersecurity Program enables car manufacturers and their suppliers to:

  • Implement and enforce company-wide security standards
  • Establish a company-wide test procedure supporting supplier certification and auditing
  • Achieve repeatability through rigorous regression testing and documented workflows and results
  • Identify potential vulnerabilities from the physical level to the application layer, including wireless and wireline connections
  • Rapidly validate and implement software fixes
  • Stay ahead of hackers by proactively assessing security risks before an attack

DENSO Joins IVADO

DENSO, the world’s second largest mobility supplier, announced  it has become an industry member of the Montréal-based Institute for Data Valorization (IVADO). The Institute fosters collaboration between private and academic researchers to cultivate and expand the expertise of its members in cutting-edge fields like data science, operational research and artificial intelligence (AI). As the automotive industry continues to shift toward emerging areas, such as automated driving, cloud computing and AI, DENSO will leverage IVADO’s research talent and capabilities to enhance its push into deep learning, data mining, cybersecurity, and more.

The announcement supports DENSO’s long-term plan, which is in part focused on expediting company innovation by broadening its research and development (R&D) capabilities outside of Japan. It also comes after DENSO and officials from Québec, Montréal and the Government of Canada announced in January the opening of the company’s Montréal Innovation Lab, its first site in the city. Much like DENSO’s work with IVADO, the lab will concentrate on accelerating innovations in advanced technology like AI for mobility.

Arilou Awarded

Arilou Automotive Cyber-Security Technologies, supplier of high-end cyber-security solutions for the automotive industry, and part of NNG Group, has been awarded Frost & Sullivan’s 2019 Best Practices Award for Technology Innovation.

Receipt of the award builds upon Arilou’s exceptional performance in independent tests from OEM’s and the University of Michigan Transportation Research Institute (UMTRI). Receiving perfect results, in months of tests conducted by UMTRI, Arilou’s are the only solutions to consistently demonstrate best-in-class performance – overcoming millions of analyzed malicious messages to provide 100% detection and prevention with zero false positives.

This accompanies Arilou’s continued development of strategic partnerships with automotive manufacturers and other industry leaders like STMicroelectronics and Alpine Electronics, Inc., and its collaboration with security providers of complementaty solutions, including Upstream Security and Green Hills Software.

Thales Works with Tata Com

Thales, a global leader in digital security, and Tata Communications, a leading global digital infrastructure provider, are working together to develop a secure global IoT connectivity solution. Tata Communications MOVE™ mobility and IoT platform and Thales’s T-Sure warranted digital identity offering is set to unlock the value in data generated by connected devices such as cars and trucks, whilst maintaining the integrity and security of IoT data.

In Tata Communications’ global Cycle of Progress1 survey, 30% of IT decision makers cited security and 25% cited privacy issues as the biggest barriers to IoT adoption. The combined capabilities of Tata Communications and Thales aims to lower these barriers and enable businesses and manufacturers to make the most of the transformational potential of IoT by giving them peace of mind that their critical IoT data is protected against cyber-attacks.

Thales will provide its T-sure warranted digital identity solution to Tata Communications MOVE SIM cards, based on technologies from Gemalto, a Thales company. While Tata Communications MOVE™ encrypts the data in motion (in current use), T-Sure protects the information at rest (archived) on the SIM, therefore safeguarding data both on the network and at the device level. The two companies look to undertake a series of proof-of-concepts with customers to test this solution in action.

Read all Automotive Cybersecurity.

SUBSCRIBE

You are welcome to subscribe to receive email notification of publication of Connected Car News Cybersecurity, you can also get weekly news summaries or daily emails.

 

COMMENT: Let Us Know What You Think