One of the themes of the Cyber Week 2018 conference in Tel Aviv has been how to protect all of our new and emerging technology, not just our computers and smartphones. The number one attack target, based on anecdotal information? The car. Attacks range from hackers taking control of the vehicle while you’re driving to hackers locking down your car until you pay a ransom, and modern vehicles are becoming major targets for such attacks around the globe.
At the conference today, auto security and analytics company C2a Security announced its newly released AutoArmor product, which is focused on protecting onboard auto testing functionalities from cyberattacks.
“The product is Autosar-compliant, implemented as a Complex Device Driver, meaning that it is easily integrated into any computer in the network,” C2a Security CEO Michael Dick told me. “The software provider of an existing component simply needs to link with our software and it will work seamlessly.”
AutoArmor is an automotive cybersecurity solution for connected vehicles and adds important additional infrastructure to C2a’s current suite of products, including its Stamper technology.
How does it work? AutoArmor discovers all the engine control units (ECUs) in the vehicle, aggregates diagnostics and anomalies from these ECUs, and then performs mitigation according to the OEM’s policies.
As this secure infrastructure connects to all ECUs within a vehicle, it gains the ability to perform software updates on remote ECUs and special remote invocations.
AutoArmor works in conjunction with the security monitor, which detects anomalies on the network and sub-networks, securing the entire infrastructure. C2a’s secure onboard tester is delivered by default with an application firewall to make certain that sent messages are valid, and it rejects messages if they are not.
One concern every cybersecurity expert has when it comes to connected cars is the possibility that over-the-air (OTA) updates can be used to compromise vehicles. C2a bears this issue in mind, but the company doesn’t try to alter or adjust any existing OTA security protocols.
“Because the software is bundled with the main software of the particular computer, any mechanism for software update — including OTA — that may be supported will include the latest version of our software as well,” Dick said. “We rely on the existing OTA infrastructure.”
So what’s next for C2a?
“C2a is now in the process of performing proof of concept (POC) projects with several tier one providers to the industry,” Dick said. “After successful completion of these POCs, the next stage is to implement our solutions on the next car platform in development. We also intend to raise A round funding in the next few months.”