Cybersecurity concept protects vehicle fleets against hacker attacks

December 12, 2019 //By Christoph Hammerschmidt
Security concept protects vehicle fleets against hacker attacks
In the wake of increasing connectivity, the electronic systems of cars are increasingly becoming the focus of malicious hackers. The problem is exacerbated by the fact that cyber security must be guaranteed not only at the time of delivery, but throughout the entire life of the vehicle. The Israeli security specialist Karamba Security now has presented a concept for the comprehensive protection of entire vehicle fleets. An interesting aspect here is that it can be applied not only to vehicles, but generally to many types of networked embedded systems.

For the development phase of devices and components, a new software called VCode from Karamba Security offers manufacturers security validation. This ensures that the product software can be checked for security gaps and logical errors during the design and development phase and that it complies with current compliance guidelines. By integrating security testing into the continuous deployment process, companies save time and money on penetration testing at the end of the development cycle and on any costly post-test adjustments, the vendor claims.

VCode improves the protection of networked products by allowing developers to take security measures during the development process. Customers - in this case the developers of ADAS and other vehicle systems at automotive OEMs and tier ones - want to be informed about potential security vulnerabilities in their products and expect them to be addressed according to risk levels and compliance standards," said Tal Ben David, co-founder and VP R&D at Karamba. "In the complex, multi-tiered supply chain of software development, it is critical that all stakeholders work together on safety issues. VCode verification accelerates the entire development process and ensures improved security for automotive networked systems and ECUs".

In addition, Karamba is now launching another product, the XGuard Monitor, to complement and extend its existing XGuard Runtime Integrity software. It is an embedded Intrusion Detection System (IDS) - a software agent that continuously monitors embedded systems for potential threats. The agent reports suspicious activities at both device and fleet level to the respective company's cloud or backend systems, thus creating the greatest possible transparency. The system benefits from integration and runtime analysis at the binary code level. XGuard Monitor is thus able to detect data manipulation and so-called "low and slow" attacks. This is a hacker method in which external data packets can be introduced into systems because the security system considers them to be legitimate traffic due to their low data rate and size.


Vous êtes certain ?

Si vous désactivez les cookies, vous ne pouvez plus naviguer sur le site.

Vous allez être rediriger vers Google.