Automotive Cybersecurity News: Hacking, Keysights, Karamba, Research and NOC Tools

In automotive cybersecurity news are Car Hacking Village, KeySight Tech, Karamba Security, BIS Research, RIDDLE & Code and NOC.

Car Hacking Village People

It’s Def Con in Las Vegas and Car Hacking Village is open for hacking. Intrepid Control is enabling hackers to hack a simulated car using VehicleSpy, VividCAN, neoVIFire2, neoOBD2. GRIMM is offering its reverse engineering of the a Ford Focus 2012.

Karamba is hosting a hack a traffic light challenge for simulated rush hour mayhem.

Sponsor of this year’s event include, Volkswagen, Aptiv, and NXP.

The CTF  challenge winner will receive a Car Hacking Village CTF Grand Prize: “Broken-In” 2019 Tesla Model 3.

Topics an discussion and seminars include:

  • How to to clone a Tesla Model S key fob using commercial off-the-shelf hardware.
  • How the LoJack vehicle tracking & recovery device could be compromised and recovery of a stolen vehicle prevented.
  • Flashing a firmware update file for Honda ECUs—using a modern web browser to flash an ECU.
  • A mobile GNSS Spoofing System
  • Hacking the inside of QNX and Android.
  • Exploration of a LIDAR’s operation.

In other automotive cybersecurity news:

KeySight Insight into Latest Expose

Keysight Technologies, Inc. in responded to Consumer Watchdog expose and the reality about the cybersecurity risk in connected vehicles.

Keysight Technologies understands these risks and offers solutions to test and measure connected vehicle technologies, including the newly announced Automotive Cybersecurity Program that validates the resiliency of connected components of a vehicle, individually or as an entirely functioning automobile prior and post deployment.

In addition, security solutions developed by Ixia Solutions Group (ISG), enables Keysight to deliver extensive security validations of the 4G/5G radio access network (RAN) infrastructure that connects vehicles, and the backend data centers that manage business operations. ISG’s visibility solutions deliver an enhanced infrastructure that improves the efficiency of security tool sets in production networks. Keysight provides test and measurement of cybersecurity effectiveness from the ECU level up to the cloud data center.

“Early assessment, prior to production, is essential to enabling our automotive customers to deliver safe and supportable vehicles,” stated Mark Pierpoint, president of Ixia Solutions Group, a Keysight business. “Potential issues identified post production, with the risk of recalls, cost orders of magnitude more to repair than when found during pre-deployment testing, notwithstanding the possible loss of human life. Continued detection and mitigation of cybersecurity threats once vehicles are on the road are equally critical to keep consumers safe. Cybersecurity testing is an essential defense to ensure the design and implementation of a bullet-proof security posture in connected vehicles.”

“Cars today support multiple communication methods, like Bluetooth and USB while a growing number of cars use mobile communication for a variety of services available in the car,” said Tom Goetzl, Automotive & Energy Solutions business general manager for Keysight. “Keysight’s Automotive Cyber security program can test for vulnerabilities on all available communication ports and provides direction to our customers on how to close such vulnerabilities.”

Keysight offers a broad portfolio of solutions to help prevent vehicles from being cyber-hijacked, including:

  • Automotive Cybersecurity Program – to validate and exploit the potential attack surfaces existing in connected vehicles
  • Automotive Gateway Security Test – to validate the zoning and security posture of in-vehicle networks
  • Network Security Test – to validate and stress a network infrastructure and backend data centers
  • Application & Threat Intelligence (ATI) Research Center – to ensure testing that includes the latest application and security strike simulation
  • Visibility for Network Security – to improve the performance of a security architecture with 100% visibility of all traffic on an automotive network.

Karamba,  Cypress Semi & Alpine

Karamba Security, announced a collaboration with Cypress Semiconductor Corp. to enhance security hardening for the automotive industry. Karamba’s embedded cybersecurity solutions for connected systems are used by tier ones and OEMs to protect vehicles and reduce vulnerability exposures.

Karamba and Cypress will leverage the Cypress Semper Flash in-memory compute capabilities for connected systems hardening, using standard flash memory form factors, to reduce cybersecurity risks. Cypress Semper NOR Flash architecture allows users to add advanced cryptographic capabilities to the flash in addition to superior performance and industry-leading functional safety and reliability. With Karamba’s focus on performance excellence, end-to-end security of connected systems is possible with a zero-trust approach to cybersecurity. Karamba’s technology automatically hardens the full image of the connected system and prevents modification of the factory settings.

“Working with one of the industry leaders in embedded systems solutions enables us to add advanced cryptographic capabilities to our runtime integrity solution, leveraging the flash root of trust,” said Ami Dotan, Karamba Security’s co-founder and CEO. “More than ever autonomous vehicles, industrial controllers and the enterprise edge devices need security technology embedded in them, without impacting mission-critical performance. By teaming up with Cypress, we’ve strengthened our commitment to our customers to offer the most advanced cybersecurity solutions.”

“Karamba’s focus on protecting the runtime and software integrity in automotive embedded systems makes this end-to-end collaboration a natural one,” said Sandeep Krishnegowda, director of marketing and applications in the Flash Business Unit at Cypress. “Built-in security speeds up the production of connected systems so they can get to market faster and safer. Our collaboration with Karamba enhances our security offerings, leveraging the unique technology in the Cypress Semper NOR Flash to provide complete and simple solutions for the automotive industry.”

Karamba Security, also announced the signing of a production agreement of its leading Carwall runtime integrity software, in Alpine infotainment systems.

The platform provides an ECU self-protection against remote code execution (RCE), helping to protect vehicles from cyberattacks.

Protection against cyberattacks is critical in order to safeguard customer safety in the connected and autonomous vehicle era. Such exploits of in-memory vulnerabilities can jeopardize customer safety by controlling a vehicle’s speed and direction. Karamba’s runtime integrity technology provides self-protection against remote code execution, using Control Flow Integrity (CFI).

Market Predictions

The global automotive cybersecurity market is projected to grow over $6.03 billion by 2029, according to a new market intelligence report by BIS Research, titled “Global Automotive Cybersecurity Market − Analysis and Forecast, 2019-2029”. The global automotive cybersecurity market is expected to be valued at $1.26 billion in 2019 and is anticipated to grow at a CAGR of 14.25% during the forecast period 2019-2029. The rise in number of connected vehicles, increasing electronic content per vehicle, and rise in cyber threats owing to increase in data and connectivity in the vehicles considerably drive the market growth.

Technological advancements in the automotive industry have resulted in the global adoption of cybersecurity solutions. The changing paradigm of consumers as well as major automotive OEMs, a requirement of robust security mechanisms, and protection of connected vehicles are some of the factors substantiating the growth of automotive cybersecurity market. This gradually leads to the advent of advanced security solutions and services, in order to cater to the growing needs for reliability and safety.

However, the growing complexity among connected and autonomous vehicles and lack of cybersecurity skill sets and awareness within the organization are pressing matters to be looked upon in the current scenario. The increasing demand for security provides immense need for developing advance security solutions and services. Owing to the popularity of these solutions and services, major players including Argus Cyber Security, Harman International, Karamba Security, ARILOU Automotive Cyber Security, and Symantec Corporation, among others are competing with each other to increase their market share.

RIDDLE & CODE DLT Hardware Wallet for Daimler

RIDDLE&CODE, Europe’s leading provider of blockchain interface solutions, provided details and context of its DLT hardware wallet that is powering a Daimler Financial Services-led consortium to provide an open car wallet solution.

Car wallets enable a wide variety of use cases from car-sharing to Autonomous Vehicles. The real-time exchange of secure traffic data between vehicles and smart city environments reduces congestion and lowers insurance premiums. Blockchain-certified data can be used in case of accidents.

RIDDLE&CODE provides Vehicle Identity, trusted data provenance and a settlement layer as part of this DLT consortium. Tom Fürstner, the company’s Founder and CTO, said, “Autonomous cars must behave consistently to be trusted. Cars are already computing devices. A secure identity ensures that the right authorities have approved code executed inside vehicles and the trustworthiness of data exchanged. RIDDLE&CODE secures this with its cryptographic hardware and uses ledgers to turn automobiles into future market places.”

The hardware wallet solution is built around RIDDLE&CODE’s Secure Element 2.0 that provides a protected blockchain identity to vehicles. Merging that with standard Vehicle Identity (e.g. registration) creates unique and secure ledger transactions. Other partners in the Daimler-led Mobility Blockchain Platform include Blockchain Helix for human digital identity solutions, Evan.Network for the Network layer and 51 Nodes for Smart Contracts.

The hardware wallet solution is built around RIDDLE&CODE’s Secure Element 2.0 that provides a protected blockchain identity to vehicles. Merging that with standard Vehicle Identity (e.g. registration) creates unique and secure ledger transactions. Other partners in the Daimler-led Mobility Blockchain Platform include Blockchain Helix for human digital identity solutions, Evan.Network for the Network layer and 51 Nodes for Smart Contracts.

AIAG & NOC Suite of Tools

The Automotive Industry Action Group (AIAG), in partnership with NQC – a global leader in cyberthreat detection – announced the launch of a suite of cybersecurity tools to help automotive suppliers compare their current cybersecurity capabilities to industry best practices. The Supply Safe™: Cyber Safe Bundle includes a one-time third party virtual audit, along with either a basic or advanced enterprise risk assessment. Together, these resources allow suppliers to evaluate their overall cybersecurity efforts and identify the most critical areas for improvement.

The Supply Safe™: Cyber Virtual Audit is a remote threat analysis that searches a supplier provided URL or domain name for known vulnerabilities using a database of more than 53,000 common configuration issues, updated in real time with the latest threats. The audit – which is non-intrusive and will not damage the resource being checked – identifies systemic weaknesses and provides an automated corrective action plan with practical steps the supplier can take to immediately improve its cybersecurity. Real-time signposts guide suppliers on what to do to improve their cyber capabilities, which means they can take action more quickly.

“The frequency, sophistication and virulence of cyberattacks has grown exponentially over the past five years,” says Tanya Bolden, AIAG’s director, supply chain products & services. “These attacks are a clear and present danger to the security of our global supply chain, impacting both direct and indirect suppliers. AIAG remains committed to making resources developed by OEMs available to smaller companies in the automotive supply chain – companies that may not have the budget or expertise to proactively protect themselves along with their customers’ and suppliers’ data.”

The Cyber Risk Assessment questionnaire, both the basic and advanced version, is based on AIAG’s CS-1 document – the Cyber Security 3rd Party Information Security guideline – which is the collaborative work of automotive volunteers facilitated by AIAG. This new risk assessment defines the minimum security requirements needed to support the secure exchange of information within the automotive supply chain.

“The consequences of a cybersecurity breach are extremely alarming, with 60% of small companies failing to recover,” explains Charles Morrison, NQC managing director. “With only 14% of smaller enterprises rating their ability to defend against a cyberattack as effective, automotive suppliers should be strongly encouraged to make use of the Cyber Safe Bundle. We are very pleased to bring our expertise to this collaboration with AIAG and we are confident this suite of tools will provide much needed protection to suppliers across the industry.”

AIAG sponsored member companies can access the self-assessment and one-time virtual audit at no charge. Non-members may access the self-assessment and a one-time virtual audit for a nominal fee. Additional virtual audits can be customized and/or provided in cadence of the supplier’s choosing for an additional fee as well.

Read all Automotive Cybersecurity.


You are welcome to subscribe to receive email notification of publication of Connected Car News Cybersecurity, you can also get weekly news summaries or daily emails.