Malicious software can take over and ruin a car much in the same way it can a computer. The difference with a vehicle virus is, when one of those attacks you, there’s a distinct possibility you’ll be hurdling down the highway at 70 mph.
Israel-based Karamba Security is looking to address this precise issue with a new car software security system it announced this week.
“Cars are becoming more and more connected, and connected means you open them up to the internet in various ways,” David Barzilai, executive chairman and co-founder of Karamba Security, tells Inverse. “They become targets for hackers, and the idea is it’s not necessarily a point-to-point hack. Hackers for criminal or terror reasons could hack into one model in a metropolitan area and shut down the engines on all of those cars at the same time of the day.”
Today’s cars are some of the most high-tech computers on the planet. They have high-tech media players that can connect to a driver’s phone via bluetooth, wifi, or USB, and the engines that propel them forward are even collecting and transmitting data electronically. More advanced systems now include crash avoidance, automated parallel parking, keyless ignition and locking technology, and sometimes even total autonomy. But, all that added connectivity of a computer brings the same drawback — exposure to viruses.
All of these connected functions of a car are controlled by a network of electronic control units (ECUs), which moderate the various functions in the car that help drivers not crash, play the latest podcast, and just start and stop the engine.
Karamba Security’s software aims to read the factory default settings from a car and ensure that anything not matching those parameters is fought off and blocked from entering. “If it’s foreign it can’t do anything but hack, so we block it,” says Barzilai.
The company has secured $2.5 million in funding to implement this plan, and Barzilai says it hopes to sell to car manufacturers directly so that consumers aren’t worried about keeping up with their car’s security apparatus like they often are with computers.
However, some research would suggest Karamba Security’s method doesn’t cover all the vulnerabilities.
A survey of vehicle vulnerabilities by Charlie Miller and Chris Valasek found that cars are vulnerable in three major categories: remote attack surfaces, cyber-physical features, and in-vehicle network architectures. A McAfee white paper breaks it down into several smaller components, including passive and remote key entry, USBs, and Bluetooth. Ways in can also be found through smartphone connections both to the car and to the ECUs that Karamba Security covers.
But Barzilai believes these ECU’s are ultimately the gateway to all car computer functions, saying, “If you are committed enough, and if you are hardened enough, and you make sure that the entry points to the car are shut, and that no one can go through it, then the engine, the brakes, that airbag system are all safe.”
The FBI is raising awareness about these vulnerabilities, companies are taking note of consumer complaints, and the Senate is considering the Spy Car Act in a new effort to protect against both cars to come and those already on the road. Karamba Security is betting it has the solution for those millions of cars already on the road – but who can really say what vulnerabilities the next million vehicles could present?