How These Two Security Companies Aim to Fight the Car-Hacking Threat

Elon Musk, CEO of Tesla Motors Inc., introduces the Model X car at the company's headquarters Tuesday, Sept. 29, 2015.

Elon Musk, CEO of Tesla Motors Inc., introduces the Model X car at the company's headquarters Tuesday, Sept. 29, 2015. Marcio Jose Sanchez/AP

“A huge problem with vehicle security is that once a threat gets into one system, it’s very easy to move horizontally to all the others,” said Ami Dotan, CEO of Karamba Security.

John Breeden II is an award-winning journalist and reviewer with over 20 years of experience covering technology and government. He is currently the CEO of the Tech Writers Bureau, a group that creates technological thought leadership content for organizations of all sizes. Twitter: @LabGuys

Last week, I wrote about the emerging cybersecurity threats to vehicles, including some ways the federal government might be vulnerable to both nuisance and damaging attacks launched at its massive fleet of vehicles.

This is even more troubling following the release of the latest Government Accountability Office vehicle cybersecurity report, which found that many vehicles, especially those built after 2015, could be taken over by remote attackers exploiting millions of lines of unsecured code running inside modern automobiles.

But help is apparently on the way, and security companies as well as car manufacturers are taking the threat seriously.

Two companies, Karamba Security and Symantec, are even launching car-based cybersecurity packages or major updates to their vehicle-based cybersecurity suites this week. I talked with officials from both companies about the scope of the problem, and how their new protections could help secure vehicles.

“A huge problem with vehicle security is that once a threat gets into one system, it’s very easy to move horizontally to all the others,” said Ami Dotan, CEO of Karamba Security. “If you get ahold of just one controller, you get them all.”

That can mean threats entering through something like the in-car entertainment system can quickly take over other systems like those that control the engine, or acceleration, or the brakes. Karamba has identified three Electronic Controller Units hackers can use to make their initial attacks against vehicles, and plans to lock them down with its new Carwall Software.

Dotan explained Carwall locks down the Telematics and Infotainment ECUs, as well as the on-board diagnostics port. Telematics controls the GPS system. Infotainment is used by everything from satellite radios to in-car DVD players. And the OBD port is used by garages to target areas requiring maintenance. By locking down those ports against any unauthorized function calls, Dotan says that Carwall can block attacks before they even get started.

Symantec is taking a different approach with its new Anomaly Detection for Automotive product, which puts an emphasis on securing all of the many internet of things devices that come packed inside a modern vehicle, as well as new features like the ability for some cars to create wireless hotspots.

“There is no silver bullet to protect cars from end to end,” said Symantec Senior Director of IoT Security Brian Witten. “That is why our fourth automotive security product, Anomaly Detection for Automotive, adds the missing component into vehicle cybersecurity: security analytics.”

Anomaly Detection for Automotive works because it is installed by a manufacturer during the year or so a new, unreleased vehicle, is being tested. While the vehicle is going through that testing, the Anomaly Detection system is set to learning mode. It uses a small portion of the car’s CPU and machine learning technology to study every valid function call being made between the various in-vehicle modules.

When the car is eventually released to the public after its year of testing, the Anomaly Detection program is switched from learning to enforcement mode.

“At that point, Anomaly Detection for Automotive knows every valid function and interaction that controller units can make within the vehicle,” Witten said. “If it sees anything new after that, it can block those calls and protect the system.”

Vehicle manufacturers can take different approaches when an anomaly is detected. Some car companies may even program their vehicles to report what they discover back to them for study.

It’s encouraging to see vehicle cybersecurity starting to take a front seat alongside other needed protections. I know many are worried about the safely of their vehicles, and government with its massive fleet of cars and trucks probably should be, too.

The only negative right now is that most of the car-based cybersecurity systems, including both Carwall and Anomaly Detection for Automotive, are aimed at manufacturers. So, they may be able to protect future vehicles that come installed with them, but won’t do much for cars on the road right now. 

Both Symantec and Karamba said an installation dongle might be available to enable individuals to retrofit their cars at some point, but that it was not a focus of their efforts right now. (Editor's note: Karamba officials clarified it is possible to add Carwall to existing vehicles now as part of a car’s regular maintenance, but the effort to do that would need to come from the car manufacturer.)

I think for many people, as well as for government, having a cybersecurity system on a vehicle should be at least as important as something like good gas mileage.

Years ago, everyone reluctantly went through the steps required to protect their personal computers, and now the sad reality is that we may have to do the same thing for our vehicles. The only silver lining is that, for now, the good guys seem to be in the lead, with protection developing ahead of the emerging threats.

NEXT STORY: The New Economics of Cybercrime