{"id":80070,"date":"2016-08-06T12:45:46","date_gmt":"2016-08-06T16:45:46","guid":{"rendered":"http:\/\/rbachnet.wwwmi3-ss40.a2hosted.com\/index.php\/"},"modified":"2022-07-09T16:58:54","modified_gmt":"2022-07-09T20:58:54","slug":"slam-the-door-on-hackers","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/slam-the-door-on-hackers\/","title":{"rendered":"Slam the Door on Hackers"},"content":{"rendered":"

\"Slam<\/a>Last year two white-hat hackers Charlie Miller and Chris Valasek, remotely compromised<\/strong><\/a> a Jeep Cherokee<\/a><\/strong>. The cybersecurity<\/strong> researchers used\u00a0 existing functionality in the car to take control.\u00a0 They were able to disable the car\u2019s transmission and brakes, while the vehicle was in reverse, and take over the steering wheel.<\/p>\n

\"Karamba<\/a>The Verge<\/a><\/em> reports<\/a> the researchers are back and have compromised their Jeep Cherokee<\/a>, fooling the car into doing dangerous things. <\/strong>Things like turning the steering wheel or activating the parking brake at highway speeds. This year’s attack requires physical access to the car.<\/p>\n

Hackers use the diagnostic port<\/h3>\n

The team used a laptop connected to the OBD II<\/a> engine diagnostic port<\/strong> to control even more vehicle systems. The Verge<\/em> says the researchers were able to update the electronic control unit. This allowed them to take control of the steering at any time. They could turn the steering wheel at any speed, activate the parking brake, or adjust the cruise control settings.<\/p>\n

Electronic control unit<\/h3>\n

Most operations in a car have their own designated electronic control unit<\/strong> (ECU<\/a>) controller. Some ECU’s manage things like a car\u2019s navigation and entertainment systems. Others manage more critical systems<\/strong> like braking and fuel injection.<\/p>\n

\"Radio<\/a>A connected car\u2019s ECUs all operate on one network, self-contained within the vehicle. Tel Aviv start-up Karamba<\/a><\/strong> co-founder David Barzilai, warns. \u201cIf hackers gain access to just one of these controllers, they can get to all of them.<\/em>\u201d<\/p>\n

Harden ECU<\/h3>\n

The Israeli company hopes to sell Carwall<\/a> Detroit automakers. Carwall is a tool that installs anti-hacking technology<\/strong> into chip-bearing auto parts before they hit the assembly line. Rgis could prevent hackers from crashing your new connected car<\/a>. Mr. Barzilai told<\/a> TechCrunch<\/a><\/em> the startup\u2019s technology can head off hackers at the pass. Carwall \u201chardens\u201d the controller<\/strong>s, or small computers, within a vehicle that are externally connected.<\/p>\n

\"Carwell,<\/a>Karamba\u2019s Carwall is installed on the controllers, either as a retrofit or before the controllers are built into new cars. The software locks in the factory settings<\/strong>, and prevents any foreign code or banned behaviors from running on them. This essentially blocks a hackers<\/strong> ability to reach into a car\u2019s CAN Bus, and mess with the car\u2019s critical functions.<\/p>\n

\u201cIf indeed we are successful \u2013 if all hacks are blocked \u2013 then [you] don\u2019t have to worry<\/em>,\u201d said Karamba\u2019s Barzilai. “A hack that crashes your software is bad enough. A hack that crashes your car takes it to a whole new level.<\/em>\u201d<\/p>\n

Karamba\u2019s technology is designed to monitor every bit of code that tries to run on the ECUs and to make sure it comes from legitimate sources<\/strong>. \u201cWe are the gatekeepers,\u201d Mr. Barzilai told<\/a> MiTechNews<\/a><\/em>.<\/p>\n

Out of stealth mode<\/h3>\n

\"monitor<\/a>TechCrunch<\/em> says Karamba has not yet scored a contract with top automotive suppliers that make ECU\u2019s. They are targeting firms like Continental<\/a>, Robert Bosch<\/a>, Delphi Automotive<\/a>, or Panasonic<\/a>. But it has only just emerged from stealth and begun to shop its security software around.<\/p>\n

YL Ventures<\/a> has invested $2.5 million to fund Karamba\u2019s growth, MiTechNews<\/em> reported. Compared with the funding that some Silicon Valley<\/a> security companies pick up, that\u2019s not a huge amount. But it\u2019s enough to move CEO Ami Dotan to Ann Arbor<\/a>, where he\u2019ll start making sales calls.<\/p>\n

Karamba isn’t alone in attacking car security<\/a>. Symantec<\/a> (SYMC<\/a>), the old school antivirus firm is working on auto security within its “internet of things” unit. Symantec recently released a\u00a0 white paper “Building Comprehensive Security into Cars<\/a>,” (PDF) detailing the many electronics and sensors that have to be protected.<\/p>\n

rb-<\/em><\/strong><\/p>\n

\n

Chrysler is doing a small part to reduce connected car hacking. They recently launched a bug bounty program<\/a> with Bugcrowd<\/a> that will pay out as much as $1,500 per bug found. On the other hand, Apple is offering a bug bounty of up to $200,000<\/a> for bugs that won’t kill you.<\/em><\/p>\n

Related articles<\/h6>\n