In the US in March, after white hat hackers repeatedly demonstrated they could successfully exploit security bugs in a connected car’s code to infiltrate its safety systems, the Federal Bureau of Investigation (FBI), Department of Transportation, and the National Highway Traffic Safety Administration issued a Public Safety Alert that highlighted the dangers to new and existing cars on the road.
"As vehicle control systems become increasingly automated with everything controlled by software, the probability of code flaws that can be exploited by bad actors for nefarious purposes increases dramatically," said Sam Abuelsamid, senior analyst, Navigant Research. "Compound this with the growing ubiquity of connected systems including cellular telematics, V2X communications and connected smartphones, and the need to integrate cybersecurity protection systems at multiple levels becomes clear.”
Karamba’s software seals the car’s electronic control units (ECUs) by automatically creating security policies, based on factory settings. In real time, Carwall detects and prevents anything not explicitly allowed to load or run on the ECU, including in-memory attacks.
“Carwall enables car manufacturers to immediately address security bugs in existing or new code and eliminate an attacker’s way into a connected car,” explained Ami Dotan, CEO of Karamba Security. “We give car manufacturers and Tier 1 system developers the tools to detect and seal their code against exploits and detect and stop attackers before they can ever get started.”
Carwall software requires zero developer resources – it is embedded during the ECU’s software build process, so it becomes part of the regular development cycle. As a result, Carwall can be secured and retrofitted to automobiles already on the road as part of software updates completed during a regularly scheduled service visit.