
Security concept protects vehicle fleets against hacker attacks
For the development phase of devices and components, a new software called VCode from Karamba Security offers manufacturers security validation. This ensures that the product software can be checked for security gaps and logical errors during the design and development phase and that it complies with current compliance guidelines. By integrating security testing into the continuous deployment process, companies save time and money on penetration testing at the end of the development cycle and on any costly post-test adjustments, the vendor claims.
VCode improves the protection of networked products by allowing developers to take security measures during the development process. Customers – in this case the developers of ADAS and other vehicle systems at automotive OEMs and tier ones – want to be informed about potential security vulnerabilities in their products and expect them to be addressed according to risk levels and compliance standards,” said Tal Ben David, co-founder and VP R&D at Karamba. “In the complex, multi-tiered supply chain of software development, it is critical that all stakeholders work together on safety issues. VCode verification accelerates the entire development process and ensures improved security for automotive networked systems and ECUs”.
In addition, Karamba is now launching another product, the XGuard Monitor, to complement and extend its existing XGuard Runtime Integrity software. It is an embedded Intrusion Detection System (IDS) – a software agent that continuously monitors embedded systems for potential threats. The agent reports suspicious activities at both device and fleet level to the respective company’s cloud or backend systems, thus creating the greatest possible transparency. The system benefits from integration and runtime analysis at the binary code level. XGuard Monitor is thus able to detect data manipulation and so-called “low and slow” attacks. This is a hacker method in which external data packets can be introduced into systems because the security system considers them to be legitimate traffic due to their low data rate and size.
Because the software is active throughout the entire life cycle and remains connected to the backend, the system can guarantee embedded security throughout the entire life cycle of devices. The solutions presented can be integrated into the development process without significantly affecting hardware resources such as CPU, flash or memory memory, Karamba promises. Currently, eleven real-time operating systems (RTOS) and six types of CPU architectures are supported. In addition to its product portfolio, Karamba Security offers a variety of cyber security services, including TARA analysis according to ISO 21434 and penetration tests for the validation phase of products.
With the expansion of its portfolio, the security specialist is also reacting to the increased security situation in the areas of industry 4.0, consumer IoT and medicine that has arisen as a result of networking these systems. “All these areas are looking for security solutions that can be seamlessly integrated into the life cycle of networked devices,” said Ami Dotan, co-founder and CEO of Karamba Security.
More information: https://www.karambasecurity.com/
Related articles:
Karamba, ST partner to secure automotive telematics
Vehicle E/E-Architecture: Reduce to the Max
Automotive cybersecurity report reveals exposure points, hacker tools
