August 2016 brought a flurry of autonomous driving announcements from Delphi, nuTonomy, Ford, Velodyne, Volvo, Uber, Quanergy, and others. News about developments and deployment plans for self-driving vehicles came almost daily. A common thread was that the vehicles will be used as part of autonomous mobility on-demand (AMOD) services that require connectivity in addition to onboard sensing to function. However, something equally (if not more) important to implement before deploying any of these vehicles is beefing up the cyber security.
As the automotive world has raced over the last few years to transform itself into a mobility business, cyber security experts of both the white and black hat variety have also been advancing their own capabilities. In parallel with that, we’ve seen the launch of numerous startups focused on securing increasingly sophisticated vehicles from bad actors, including several based in Israel. Among them are Karamba Security, Argus Cyber Security, and TowerSec.
With external connection points through telematics being the obvious starting point for any malicious attacker trying to infiltrate a vehicle, that’s also the first surface that needs to be hardened. “To provide protection, we have to think like hackers,” said David Barzilai, chairman and co-founder of Karamba. “There are two primary ways to hack a system like this, dropping malicious binary code into the electronic control unit [ECU] or in-memory attacks while the system is running.”
The so-called code-dropper approach involves rewriting some of the code that resides in the flash storage of an ECU with malicious code designed to do something never intended by the manufacturer. Karamba has devised an approach to prevent this that is very straightforward for the software engineers at an automaker to implement without having to change any of their own code.
When building binary files that ultimately get loaded into the ECU, the scripts include calls to the Karamba system to automatically include some of that company’s code. Karamba generates hashes (an encrypted alphanumeric string that uniquely represents the contents of a file) of all the factory binary files which are included. If someone tries to reprogram an ECU with a binary that doesn’t match the hash, it will be rejected.
Even if the original programming remains intact, in-memory attacks remain the most common attack vector. Control instructions and data get moved from the static flash storage to dynamic memory in order to run in real time. If an attacker manages to inject deliberately corrupted data into a memory address, it is possible to send the control flow off to an instruction never intended by the designers of the system. This is the sort of attack that can enable someone connecting through a vehicle’s telematics system to take control of safety-critical systems like the throttle, brakes, or steering.
Some security providers use heuristic analysis to look for anomalous behavior in real time and stop the activity. This approach creates rules with weighting and probability to detect anomalies based on previously unknown attacks and is utilized by most computer anti-malware programs. Since the in-vehicle electronics should never be running random unknown programs like a computer or smartphone, Karamba has taken a deterministic approach. During the software build, they analyze and map every possible instruction control flow. In the vehicle, any instruction call that doesn’t match the flow map immediately gets discarded, an approach that should not result in any false positives.
Navigant Research’s Autonomous Vehicles report projects that nearly 5 million autonomous vehicles will be sold in 2025, growing to more than 40 million in 2030. Harnessing the safety benefits of this technology requires every vehicle to be secure and resilient against cyber attacks.