Self-driving cars might significantly reduce the number of road deaths, but many security experts fear that autonomous vehicles put us at risk of car hacking. Two security companies, however, are joining forces at CES 2017 to show how hacks on self-driving cars can be prevented.
Karamba Security and FEV will demonstrate how their joint cybersecurity solutions can keep self-driving cars safe from hackers. The demonstration will take place throughout CES inside a private suite at the Bellagio Hotel.
Karamba’s software enables electronic control units (ECUs) to autonomously protect themselves from hackers. It automatically hardens car ECUs, preventing hackers from compromising those ECUs and hacking into the car.
Attackers try to inject malicious messages designed to modify a vehicle’s behavior, either by a local or remote attack. The industry responded by trying to use network anomaly detection systems, also called Intrusion Detection Systems (IDS), that monitor the on-board communication bus (CAN) to detect anomalous messages, which may indicate an on-going attack. The results, however, have been problematic, according to industry experts.
“These systems usually deploy heuristic methods, and hence raise false alarms (false positives) and miss attacks (false negatives),” according to Dr. Andre Weimerskirch, an industry expert in the field of vehicle electrical systems and cybersecurity, most recently with the University of Michigan and now vice president of Cyber Security with Lear Corporation’s E-Systems team.
In his presentation at the October 24 – 26, TU 2016 Automotive Cyber Security Summit in San Francisco, Dr. Weimerskirch stated that as a result, it seems unreasonable to use any heuristic-based prevention in the vehicle in the near future. Since there will always be some false alarms, he argued, and if that were to trigger an active prevention, it might have an impact to safety relevant systems, without any on-going attack. Thus, anomaly detection systems do not replace prevention mechanisms, such as network separation, firewalls, and secure CAN, he concluded.
“Detection is not enough, if the industry is going to put the brakes on hackers targeting connected and autonomous vehicles,” says Ami Dotan, CEO of Karamba Security.