TEL AVIV—You never have to wait long before hearing the angry blare of a car horn here. Israel’s largest city is notorious for its traffic jams, with 700,000 cars cramming on to the cross-town Ayalon Highway each day.
Here, and on the much larger urban byways of Moscow, Bogota, Shanghai, or any global city where car congestion has risen in the new century, vehicles are increasingly connected to the Internet. And while some research indicates that connected technology might solve urban traffic woes—imagine networks of autonomous vehicles, outfitted with sensors that interact with traffic lights—it wouldn’t take much effort in the nearer future, some theorize, for a car network hack to grind urban traffic to a halt.
That’s the scenario Karamba Security is trying to prevent. Representatives of the cybersecurity startup, which has offices here and in Silicon Valley, say Karamba’s technology can secure the systems of older vehicles—a significant problem, given that today’s cars and trucks are designed to stay on the roads for twice as many miles as those of the 1970s.
Karamba’s secret lies in how its award-winning products, Carwall and SafeCAN, respectively protect cars’ electronic control units, or ECUs, and controller area networks, or CAN buses, which are notorious weak spots in car computer security.
READ MORE ON CONNECTED CARS
Hackable software in the driver’s seat: The current state of connected car security
How Uber drives a fine line on security and privacy
How to protect what your car knows about you (opinion)
Uber, self-driving cars, and the high cost of connectivity (opinion)
When taking Uber or Lyft, is your ride-sharing data buckled up?
If the CAN bus is the central nervous system of the car, the ECUs are the nodes to which the CAN bus’ bundle of nerves connect. And on the other side of those nodes are the car’s various systems, from those connected to the gas pedal and turn signals to those running infotainment and GPS navigation. The ECU and CAN bus are “not easily user-changeable,” David Barzilai, Karamba’s chairman and co-founder, says from the company’s headquarters here. But without protection, they can be hacked.
CAN buses are important technology and big business. They power radars, drones, and prosthetics—electronics that could result in catastrophe, if they suddenly failed or were hacked. About 1.8 billion CAN bus interfaces were sold in 2016, and the overall data bus market is expected to be worth $19.47 billion by 2021.
Car hacking became front-page news in 2015, when two hackers exploited a CAN bus vulnerability in a Jeep Cherokee. They hopped from the car’s Sprint wireless Internet chip to the factory-installed Harman Kardon entertainment system, which connects to its own ECU, and then to the CAN bus, which gave them access to the car’s entertainment system, steering wheel, windshield wipers, and brakes. Following a Wired story about the hack, Jeep manufacturer Chrysler recalled 1.4 million vehicles.
Protecting external-facing systems is no trivial task, Barzilai says, because factory settings can change from vehicle to vehicle and manufacturer to manufacturer. Carmakers themselves don’t even have all the ECU factory settings in one place, he explains, so Karamba figured out how to reverse-engineer them and embed them back into the ECUs.
“Then the ECU starts protecting itself deterministically,” Barzilai says. “There [are] no false positives because it’s not heuristic, it’s not based on statistical modeling. If I didn’t see it in factory, it’s going to be prevented.”
The electronic brain of connected cars may be simple, but that simplicity lends itself to reliability, and reliable is what you want when dealing with multiton SUVs hurtling down the road at 70 miles per hour.
Similar to the struggle to secure connected medical devices, many cybersecurity experts believe that protecting connected cars will mean protecting consumers’ lives. But as the automotive industry continues to embrace cars that are increasingly computer-controlled and even autonomous, the chances for hacking cars only grows greater, security experts worry.
How Karamba’s technology works
Because Carwall essentially whitelists tasks the devices connected to the CAN bus can complete, it prevents some of the most common hacking techniques from being used to attack a car’s computer systems, Barzilai argues.
“So that means that if we harden it, according to factory settings, and we prevent any change to those factory settings (not delivered by the car manufacturer), in a sense, we deterministically prevented hackers,” he says.
Barzilai says Carwall works like this: Whenever software wants to run, Karamba converts the software code into a “hash value,” an electronic fingerprint of the software. It then compares that value to the key that Karamba creates automatically in the factory.
“You don’t want any delays in deploying the airbags.”—Tim Brom, senior security researcher, Grimm
“If it’s the same key, we know it’s kosher; we let it go,” he says. “But if there’s a difference in the keys, it means that that binary’s new; we didn’t see it in the factory; it’s a dropper,” or the beginning stages of a malware attack, he says. And Carwall blocks it.
Carwall also blocks attacks that exploit what Barzilai calls “common developer mistakes” known as in-memory attacks, which don’t require malware to succeed. These attacks most often rely on a buffer overflow attack, which forces the computer to save data to parts of its memory where it shouldn’t be saved. Using these kinds of attacks, China’s Keen Labs hacked a Tesla in 2017, forcing it to stop.
Carwall also logs attacks against the car’s ECUs. This ultimately makes it harder for an attack to succeed, and easier for car manufacturers to see how attackers are trying to access the car’s systems.
Like most technologies, Karamba’s technology does come with some caveats. While it is designed to detect and prevent hacks of the car’s computer controllers, it must be installed by the car system manufacturer or the car manufacturer itself. That means that unless the manufacturers update their controller software, the millions of cars that are still on the road with traditional ECU and CAN bus installations almost certainly will remain vulnerable.
“There [are] no false positives because it’s not heuristic, it’s not based on statistical modeling. If I didn’t see it in factory, it’s going to be prevented.”—David Barzilai, chairman and co-founder, Karamba
Car security experts are most concerned about Karamba’s claim that its technology can protect ECUs and the CAN bus without slowing down the computer systems that depend on it, says Tim Brom, a senior security researcher and car-hacking expert at cybersecurity research company Grimm: “You don’t want any delays in deploying the airbags.”
Adding security features should make the electronic messages larger and therefore slower. Broadly speaking, the devices on a CAN bus lack the more advanced features of Intel or ARM chips to prevent the kinds of basic computer attacks that Barzilai describes, Brom says. It’s “open season” on cars, he says, with effective hacks only about as complex as they were “in 1994.”
“There’s no authentication, no authorization. I can plug any device into the bus and do as I wish. What [SafeCAN] claims to do is add authentication. It would definitely improve the situation,” if it works as advertised, Brom says. But he cautions that Karamba’s claims are “really bold.”
Although Grimm’s cybersecurity consultancy includes connected-car security, Brom says Karamba is not a client.
Regardless of whether the solution to car security vulnerabilities is a third-party solution like Karamba, newer car computer technology like Automotive Ethernet, or both, Brom says there’s no doubt that something needs to change before cars become fully autonomous.
“How we interact with cars is going to change massively over the next 20 years. My own kids may not even learn how to drive,” he says. “But something has to be done about the CAN bus,” or “cars will become even more vulnerable to hackers.”