Karamba Security has released Autonomous Security for connected and autonomous vehicles, a solution that empowers electronic control units (ECUs) to protect themselves from hackers and which the company claims would have blocked the recent Tesla-type hacks.

Autonomous Security is an extension to the company's Carwall ECU security platform, enabling automotive technology providers to achieve the goals set out in the U.S. Department of Transportation's guidelines for the safe deployment of autonomous cars. Cyberattacks can only infiltrate a car by compromising the externally-connected ECUs controlling infotainment, navigation and OBDII telematics dongles, for example. Karamba Security's Autonomous Security technology allows any car's ECU to protect itself from this threat by automatically locking it down to the ECU's factory settings. The ECU then blocks operations that aren't part of its factory settings, with a negligible performance impact, which prevents hackers from accessing the car's safety systems and commandeering them. This deterministic decision is made locally on the ECU. Autonomous Security doesn't require the ECU to be connected to protect itself, nor does it need anti-malware updates.

The company also unveiled a new capability, in-memory protection, as part of its Autonomous Security suite. With in-memory protection, the ECU autonomously blocks memory-based attacks such as buffer overrun and return oriented programming (ROP).

 
KarambaSecurityApproach Figure 2: Karamba Security's approach is to lock down the ECU to instructions that are known to be good.  

In-memory Autonomous Security blocks common in-memory attacks, such as the Tesla hack demonstrated last week. With its recently announced security upgrade, Tesla has stated that it tried to make it harder for hackers to reprogram other ECUs once they've compromised the externally connected ECU. In effect, Tesla's approach accepts that hackers will penetrate the car's ECU and then tries to minimise the damage, says Karamba, contrasting with in-memory protection which blocks such hacks altogether. Specifically, the attack demonstrated by the researchers would have failed in Teslas or any vehicle protected by Carwall, the company claims.

Since Karamba Security's Autonomous Security works by locking down the ECU to instructions that are known to be good, it does not have to "guess" about a command it may not have seen before, thus avoiding the risk of false alarms, or false positives, inherent in other approaches. False positives can lead to legitimate car commands failing to execute, consequently risking lives.

"The risk of a car hack is lost lives," said Ami Dotan, CEO and co-founder of Karamba Security in a company statement.

"Any security approach that's vulnerable to false positives or delayed decision-making isn't providing sufficient security. ECUs have to be able to protect themselves to prevent intrusions. Karamba's Autonomous Security hardens ECUs with a complete security solution that no one else offers."

Five months after emerging from stealth with its Carwall automated ECU security platform for connected cars, Karamba Security has completed technology proof of concepts with several industry Tier-1 providers and has been experiencing strong demand for its Carwall product suite from car OEMs and Tier-1 providers.

KarambaAutonomousSecurityChart *Figure 2: Growth in vehicle autonomy means there is a growing need to protect vehicle autonomy from malicious code. *

This article was first published by EDN Europe.