Bach Seat

Last year two white-hat hackers Charlie Miller and Chris Valasek, remotely compromised a Jeep Cherokee. The cybersecurity researchers used  existing functionality in the car to take control.  They were able to disable the car’s transmission and brakes, while the vehicle was in reverse, and take over the steering wheel.

The Verge reports the researchers are back and have compromised their Jeep Cherokee, fooling the car into doing dangerous things. Things like turning the steering wheel or activating the parking brake at highway speeds. This year’s attack requires physical access to the car.

Hackers use the diagnostic port

The team used a laptop connected to the OBD II engine diagnostic port to control even more vehicle systems. The Verge says the researchers were able to update the electronic control unit. This allowed them to take control of the steering at any time. They could turn the steering wheel at any speed, activate the parking brake, or adjust the cruise control settings.

Electronic control unit

Most operations in a car have their own designated electronic control unit (ECU) controller. Some ECU’s manage things like a car’s navigation and entertainment systems. Others manage more critical systems like braking and fuel injection.

A connected car’s ECUs all operate on one network, self-contained within the vehicle. Tel Aviv start-up Karamba co-founder David Barzilai, warns. “If hackers gain access to just one of these controllers, they can get to all of them.”

Harden ECU

The Israeli company hopes to sell Carwall Detroit automakers. Carwall is a tool that installs anti-hacking technology into chip-bearing auto parts before they hit the assembly line. Rgis could prevent hackers from crashing your new connected car. Mr. Barzilai told TechCrunch the startup’s technology can head off hackers at the pass. Carwall “hardens” the controllers, or small computers, within a vehicle that are externally connected.

Karamba’s Carwall is installed on the controllers, either as a retrofit or before the controllers are built into new cars. The software locks in the factory settings, and prevents any foreign code or banned behaviors from running on them. This essentially blocks a hackers ability to reach into a car’s CAN Bus, and mess with the car’s critical functions.

“If indeed we are successful – if all hacks are blocked – then [you] don’t have to worry,” said Karamba’s Barzilai. “A hack that crashes your software is bad enough. A hack that crashes your car takes it to a whole new level.”

Karamba’s technology is designed to monitor every bit of code that tries to run on the ECUs and to make sure it comes from legitimate sources. “We are the gatekeepers,” Mr. Barzilai told MiTechNews.

Out of stealth mode

TechCrunch says Karamba has not yet scored a contract with top automotive suppliers that make ECU’s. They are targeting firms like Continental, Robert Bosch, Delphi Automotive, or Panasonic. But it has only just emerged from stealth and begun to shop its security software around.

YL Ventures has invested $2.5 million to fund Karamba’s growth, MiTechNews reported. Compared with the funding that some Silicon Valley security companies pick up, that’s not a huge amount. But it’s enough to move CEO Ami Dotan to Ann Arbor, where he’ll start making sales calls.

Karamba isn’t alone in attacking car security. Symantec (SYMC), the old school antivirus firm is working on auto security within its “internet of things” unit. Symantec recently released a  white paper “Building Comprehensive Security into Cars,” (PDF) detailing the many electronics and sensors that have to be protected.

rb-