Karamba Security provides cyber-security solutions. In Las Vegas, the Israeli company demonstrated its software, which makes automotive ECUs secure against attacks of hackers.
The demonstration will take place during CES 2017 at FEV’s Bellagio Hotel suite. Karamba’s software enables electronic control units (ECUs) to autonomously protect themselves from hackers. Normally, attackers try to inject malicious messages designed to modify a vehicle’s behavior, either by a local or remote attack. The industry responded by trying to use network anomaly detection systems, also called Intrusion Detection Systems (IDS), that monitor the CAN communication to detect anomalous messages, which may indicate an on-going attack.
The results, however, have been problematic, according to industry experts. “These systems usually deploy heuristic methods, and hence raise false alarms (false positives) and miss attacks (false negatives),” according to Dr. André Weimerskirch, an industry expert in the field of vehicle electrical systems and cyber-security, most recently with the University of Michigan and now vice president of Cyber Security with Lear Corporation’s E-Systems team. In his presentation at Automotive Cyber Security Summit 2016, Dr. Weimerskirch stated that as a result, it seems unreasonable to use any heuristic-based prevention in the vehicle in the near future. Since there will always be some false alarms, he argued, and if that were to trigger an active prevention, it might have an impact to functional-safe systems, without any on-going attack. Thus, anomaly detection systems do not replace prevention mechanisms, such as network separation, firewalls, and secure CAN, he concluded.
In 2016, Karamba Security emerged from stealth to solve this problem. Within three quarters, the company's Autonomous Security product ha been being evaluated with eight different proofs of concept, In the pipeline are dozens of other companies, owing to the advantages Autonomous Security brings to the car industry. The introduced software solution prevents cyber-attacks with zero false positives, and eliminates the risk of safety impacts. Other requirements include no malware updates and automatic policy generation with zero development efforts. “Detection is not enough, if the industry is going to put the brakes on hackers targeting connected and autonomous vehicles,” said Ami Dotan, CEO of Karamba Security. “The market shows strong interest in a solution aimed at prevention, with zero false positives, like Karamba’s Autonomous Security.”
News and reports