Your car's computers might soon get malware protection

Karamba Security's technology detects and prevents malware from running on a car's computers

Modern cars contain tens of specialized computers that control everything from infotainment functions to steering and brakes. The pressing need to protect these computers from hackers will likely open up a new market for car-related software security products.

Karamba Security, a start-up based in Ann Arbor, Michigan, is one of the companies that has stepped up to answer this demand. The company's anti-malware technology, unveiled Thursday, is designed to protect externally accessible electronic control units (ECUs) found in connected cars.

These controllers, like those that handle handle telematics, infotainment and on-board diagnostics, can be accessed via Wi-Fi, Bluetooth or even the Internet, so they can serve as entry points for hackers into a car's network.

A modern car can have over 100 ECUs talking to each other over a local network called the CAN (Controller Area Network) Bus. The communication protocol used on this network does not have security features like authentication or encryption built in because it is designed for speed.

Unfortunately this means that attackers who gain access to the CAN Bus through a vulnerability in an ECU can send valid commands to other ECUs that will be accepted and executed.

This is what security researchers Charlie Miller and Chris Valasek did last year when they demonstrated an attack against the infotainment system found inside the Jeep Cherokee and other Fiat Chrysler vehicles.

Their exploit, which was executed over the Internet using the mobile data connection installed in a car, gained access to the CAN Bus and sent commands to the car's ECUs in order to remotely disable its brakes or control its steering. The attack forced Chrysler to recall 1.4 million automobiles so they could be patched.

Filtering the CAN Bus traffic by adding a firewall to detect rogue instructions is not practical, because it would introduce unacceptable delays. When a sensor sends a command to an ECU that controls a critical safety function, every millisecond counts.

Karamba's approach is to instead focus on protecting the "gates" -- the externally connected controllers. Its anti-malware technology runs on these ECUs, which are not usually critical, and prevents any code that's not part of the factory settings from running.

Read more: 'Businesses must work harder to be seen as digitally trustworthy in the eyes of their customers'

To achieve this, the technology builds a whitelist of all the binaries, processes, scripts and network behavior that the ECU manufacturer intended the controller to have. Anything that's not on that whitelist is then blocked.

The system can also detect "droppers," the small bits of code or instructions that get executed after a vulnerability is exploited. Their purpose is to install the malware program that can then be used by the hacker to tamper with the car's functions.

When droppers are detected, Karamba's technology alerts the OEM or system supplier, providing a complete audit trail of the source and path of the code so that vulnerabilities can be identified and patched.

Since Karamba's system only allows code that's part of the defined factory settings to run, there's no risk of false positives, and the system doesn't require any updates unless the ECU firmware changes.

Karamba's technology can be integrated into ECUs during their development phase, but can also be retrofitted to existing controllers during a car maintenance or servicing operation. The installation process includes a quality check of the ECU to ensure that it's performing according to specifications.

Last month, the FBI and the National Highway Traffic Safety Administration put out a public service announcement warning about the risk of car hacking. The organizations advised car owners to be careful of what aftermarket devices they connect to their cars, to be aware of who has physical access to their vehicles and especially their diagnostics ports and to keep informed about any software updates or recalls for their car models.

Join the CSO newsletter!

Error: Please check your email address.

Tags automotive ITsecuritymalware

More about CherokeeFBIModern

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lucian Constantin

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place