Israel’s Cyber Week highlights how easy it is to hit a moving target
Charismatic and passionate, Matan Scharf energized the audience during the aptly entitled “Cyber in Motion” panel as a part of the 6th Annual International Cybersecurity Conference in Tel Aviv.
Scharf, a cybersecurity specialist and entrepreneur who works as a strategic advisor for the Blavatnik Interdisciplinary Cyber Research Center at Tel Aviv University, moderated the session that highlighted the threat of hacking to transportation.
Despite the fact that everything can and will eventually be hacked, the panel of experts hammered home the point that we are not actively protecting our planes, trains, and automobiles from the threat of attack.
Since the start of the year, it was uncovered how vulnerable Europe’s railway systems really are, with hackers showing how easy it can be to hijack modern trains, ultimately gaining total control of their operating systems in ways that can cause derailments.
“Everything software-based is flawed,” announced Esti Peshin, the director of Cyber Programs at Israeli Aerospace Industries, echoing this general point of consensus that was voiced by all of the panelists. IAI itself is one of the biggest players in the cyber security space.
Peshin applied the theme of lacking cybersecurity in the field of modern air travel. “Aerospace is not yet not sufficiently secure,” she told the audience, explaining that there is a need for a “holistic cyber security approach.”
Airplanes and airports have been hacked before, she explained, and multitudes of cyber environments affect aviation. One example of someone conducting such easy access is security researcher Chris Roberts, who spoke later on topic of “altruistic hacking”; he easily broke into a United Airlines plane’s in-flight entertainment system. He notes that he is now a persona non grata with certain airlines.
While issues with mass transit are pressing, they can feel distant when compared to talk of risks to our own vehicles. It is fair to say that there are far more personal vehicles in use than planes and trains.
“Cars are the next hacking targets,” Arik Mimran of Qualcomm Israel calmly told the crowd. Ever since the wireless hacking of a Jeep Cherokee nearly a year ago, there has been a spike in interest surrounding threat to vehicles and growth of companies looking to tackle the issue.
Digital technology has been making its way into our vehicles for years now, but the computer that was introduced in the mid-1990s to manage your onboard diagnostics is a far cry from the heavily wired cars that are on the road today.
In the average car, there are dozens of electronic control units (ECUs) that are essential for directing everything from brakes, to steering, to communications and entertainment. These ECUs can provide hackers with points of entry from which to attack a vehicle.
These attack vectors can come through short-range radio frequencies like Bluetooth, various kinds of smart keys, and even communication monitoring tire pressure. Then there are the long range attacks that can come through WiFi and with the integration of telecom and entertainment systems, many vehicles now come with vulnerable GSM connections.
Mimran detailed how the mere physical exposure of automobiles creates vulnerability. He explains that our other electronic devices are personal; computers are housed within our workplaces and homes, and our mobile devices are in our pockets and purses. But our cars cannot truly come inside.
However it is these far reaching radio signals that significantly raise the threat level to vehicles in ways that were hard to imagine only a few years ago. For a hacker to find your car and perform their attack in person is time consuming and far too expensive for it to be a profitable business model. If you have this kind of concern, then maybe you should be looking for other packages attached to your vehicle as well.
By attacking vehicles over a GSM or in some cases a WiFi connection, hackers have a wide range of targets. They can then threaten drivers by cutting off controls to steering or brakes unless they receive a ransom payment in Bitcoins.
The scenarios are endless and scary.
Startups responding to the threats
The growth of connectivity in cars has opened up new opportunities for Israeli startups, each with their own approach to the problem.
These companies are already receiving recognition for their strong technology. Back in January TowerSec, with their solution for network, hardware, and wireless updates to the vehicle’s systems that are carried out Over The Air (OTA), sold to HARMAN for $75 million.
Two other names that are worth watching out for are Argus and Karamba. Argus teamed up with industry leader Check Point back in January to bring to market their aptly named Intrusion Detection and Protection System (IDPS), which works with both cars that have connectivity capabilities built in from the manufacturer or as a dongle that is installed into the vehicle’s diagnostic port (OBD2).
Karamba focuses on the ECUs, hardening the points that have external exposure, and uses a “whitelist” to decide what should be allowed through the barriers. They have just launched their product this month.
The innovations going on here in the Internet of Vehicles – a close relation to the Internet of Things family – will have a far reaching impact on the advancement of projects in the autonomous car industry.
If people do not believe that they are relatively safe in the vehicles they have now, then they are far less likely to embrace giving up all control to even more advanced systems that are totally dependent on an operating system.
Molly Mintz contributed to the reporting