Karamba Security transfers honeypot principle to connected car
Karamba’s service places a network of virtual ECUs online that behave like a real connected car. The images of these ECU’s software are permanently monitored to detect attack patterns and vulnerabilities in the operating system, the configuration and the code of the ECU. Real-world attacks on the ECU during the development process provide the automotive developer community with meaningful insight into security holes in the firmware and all components and libraries used.
“Knowing exactly which attack vectors can be used against ECUs has always been a challenge for vehicle manufacturers and Tier 1 suppliers”, explains Patrick Daly, analyst at 451 Research. “But they need to know how hackers can infiltrate a vehicle’s system before the vehicle goes into series production. Karamba Security’s offering provides exactly this knowledge to secure networked and autonomous vehicles.” If OEMs and Tier 1 suppliers can stay one step ahead of hackers, they increase the safety of drivers and passengers. This also reduces the need for over-the-air updates that would be required to address security gaps once the vehicles go into production.
ThreatHive works like a honeypot, inviting hackers to attack a fake, seemingly insecure network. In reality, the network is a well-monitored structure in which the service provider registers the attacks on the alleged ECUs and analyses their attack methods. This gives the customer valuable insight into the hacker’s actions so he can speed up the detection of security vulnerabilities in the system and develop countermeasures. This reduces the costs that OEMs and Tier 1 suppliers have to incur in penetration tests during the product acceptance process. Another benefit is that the honeypot tests can be active for months and gather intelligence, while the usual pentests take place within a short period of time, which can limit the detection of vulnerabilities.
ThreatHive’s threat analysis results are aggregated and shared anonymously to help vehicle OEMs and Tier 1 suppliers protect their control devices from hackers. This is also part of Karamba Security’s strategic partnership with the US Auto-ISAC consortium.
ThreatHive complements Karamba Security’s Carwall product, a security software that automatically protects ECUs in networked vehicles against cyberattacks.
Karamba Security recently announced that it has been selected by the Automotive Information Sharing & Analysis Center (Auto-ISAC) for its strategic partner program to provide members with analysis of attacks and forensic data of such attacks on ECUs.
Further information www.karambasecurity.com
Related articles:
CAN transceiver provides cyber security without encryption
“Vatican” stops hacker attacks on cars
Continental acquires cybersecurity expert Argus
Industrial infrastructures in the crosshair of malicious hackers