Automated & Connected

Karamba Security creates buzz with ThreatHive

It is not often a wise decision to put out honey to attract killer bees, unless of course, one intends to learn about the behavior of killer bees, and prevent them from attacking in the future.

Karamba Security, an Israeli-based world provider of end-to-end automotive cybersecurity prevention solutions, did something like that by attracting internet attacks on test automotive electronic control units (ECUs) connected through its ThreatHive software.

Each demo ECU that Karamba connected through ThreatHive, was subjected to as many as 300,000 attacks per month.

That’s a lot of killer bees to swat.

Karamba Security describes ThreatHive as software solution that harnesses real-world hacking attempts to expose and pinpoint vulnerabilities in the ECU prior to putting an ECU in production. Once identified, these weaknesses can be fixed before such vulnerabilities are exploited in real cars that are out there on the road.

As such, ThreatHive enables a global system of data-generating “honeypots” running continuously, collecting threat data in real-time to identify vehicle security gaps. Engineers can act upon this information before it becomes a problem—and a real car driver is stung by a hacker.

According to data shared with the autonomous and connected vehicle industry by Karamba Security, each of the ECUs it connected to the Internet to demonstrate ThreatHive, was attacked on average 300,000 times per month by 3,500 different hackers.

The killer bees came in different forms, shapes and sizes.

In many cases, attacks were bots swarming for any ECU vulnerabilities in efforts to gain control of an exposed, unprotected, and connected system. In that respect, ThreatHive is designed to be a cyber hacking repellant used to protect OEMs and Tier-1s from deadly hacker bee stings. As such, you put it on before you go outside.

Using ThreatHive, OEMs and tier 1s receive actionable security data to fix security bugs and logical errors before hackers exploit those vulnerabilities in real cars. The data enables engineers to close security gaps long before hackers try to infiltrate the vehicle.

ThreatHive: Real-time threat command center for automated and connected vehicles

World map showing real-time threat command centers for automated and connected vehicles

ThreatHive operates as a threat intelligence command center by deploying "honeypots" globally to identify and track real-world cyberattacks as they exploit vulnerabilities in ECU firmware and infrastructure. By creating shielded replicas of ECUs, ThreatHive can know exactly where malware penetrates and what it does. Image: Karamba Security. 

“As autonomous and connected vehicles become software driven, risks increase that hackers will find ways to take control of the vehicle by compromising ECUs and infiltrating cars to change their speed and direction, said Ami Dotan, Karamba Security’s co-founder and CEO. “The automotive industry needs to take preventative measures… before hackers identify and exploit such vulnerabilities in the car itself.”

To date, Karamba Security has uncovered 11 different types of attacks with ThreatHive. Moreover, each ECU was targeted by a different mode of attack, aiming to exploit different aspects of ECU architecture. In some cases, hackers targeted the ECU Telnet port much like the VW Golf white hat attack of April 2018. Other sting bites included SSH attacks, as happened to Subaru in 2018, and HTTP attacks, as leveled against Tesla in 2017.

Karamba Security Car hacking demo at CES 2019

As luck would have it, our SAE MOBILUS Knowledge Hubs showroom booth at CES 2019 was adjacent to the Karamaba Security booth, a place they called the "Hacker Dojo." As such, we got a first-hand look at Karamba Security's software solutions.

Model display of a city for people to experience threat and security assessment.Karamba Security floor display at CES 2019, Las Vegas, NV. Image: Matt De Reno

Attendees at CES 2019 were invited to participate in a real-time car hacking demo. Participants could hack cars and then prevent cyberattacks launched at the car using Karamba Security's software. The interactive demo included little connected cars zipping around a city model, while a main console showed how hacks to the car could be detected and prevented. The demo provided a rare chance to step inside the mind of a car hacker, a cyber killer bee, if you will—at least before it gets swatted.

Dare we say, this event generated a considerable amount of buzz.

Learn more about Karamba Security by watching the YouTube video below. Discover more information about ThreatHive and other end-to-end cybersecurity solutions from Karamba Security, by clicking the "original article" link after the video.

Learn More: Karamba Security smart cities hacker demo at CES 2019

Learn more

Matt De Reno is SAE MOBILUS web portal manager at SAE International. His interests include automated and connected vehicles, micromobility, smart cities, and automotive cybersecurity.  

Original Article