Talking IoV security with cyber security experts in Tel Aviv
Share on Facebook
Share on Twitter
Share on Google+
Share on Reddit
Share on Email

Hacker Chris Roberts (L) talking security with Matan Scharf Photo Credit: Chen Galili

Israel’s Cyber Week highlights how easy it is to hit a moving target

Charismatic and passionate, Matan Scharf energized the audience during the aptly entitled “Cyber in Motion” panel as a part of the 6th Annual International Cybersecurity Conference in Tel Aviv.

Scharf, a cybersecurity specialist and entrepreneur who works as a strategic advisor for the Blavatnik Interdisciplinary Cyber Research Center at Tel Aviv University, moderated the session that highlighted the threat of hacking to transportation.

Despite the fact that everything can and will eventually be hacked, the panel of experts hammered home the point that we are not actively protecting our planes, trains, and automobiles from the threat of attack.

Since the start of the year, it was uncovered how vulnerable Europe’s railway systems really are, with hackers showing how easy it can be to hijack modern trains, ultimately gaining total control of their operating systems in ways that can cause derailments.

IAI's Esti Peshin Photo Credit: Chen Galili

IAI’s Esti Peshin Photo Credit: Chen Galili

“Everything software-based is flawed,” announced Esti Peshin, the director of Cyber Programs at Israeli Aerospace Industries, echoing this general point of consensus that was voiced by all of the panelists. IAI itself is one of the biggest players in the cyber security space.

Peshin applied the theme of lacking cybersecurity in the field of modern air travel. “Aerospace is not yet not sufficiently secure,” she told the audience, explaining that there is a need for a “holistic cyber security approach.”

Airplanes and airports have been hacked before, she explained, and multitudes of cyber environments affect aviation. One example of someone conducting such easy access is security researcher Chris Roberts, who spoke later on topic of “altruistic hacking”; he easily broke into a United Airlines plane’s in-flight entertainment system. He notes that he is now a persona non grata with certain airlines.

While issues with mass transit are pressing, they can feel distant when compared to talk of risks to our own vehicles. It is fair to say that there are far more personal vehicles in use than planes and trains.

Arik Mimran of Qualcomm Israel Photo Credit: Chen Galili

Arik Mimran of Qualcomm Israel Photo Credit: Chen Galili

“Cars are the next hacking targets,” Arik Mimran of Qualcomm Israel calmly told the crowd. Ever since the wireless hacking of a Jeep Cherokee nearly a year ago, there has been a spike in interest surrounding threat to vehicles and growth of companies looking to tackle the issue.

Digital technology has been making its way into our vehicles for years now, but the computer that was introduced in the mid-1990s to manage your onboard diagnostics is a far cry from the heavily wired cars that are on the road today.

In the average car, there are dozens of electronic control units (ECUs) that are essential for directing everything from brakes, to steering, to communications and entertainment. These ECUs can provide hackers with points of entry from which to attack a vehicle.

These attack vectors can come through short-range radio frequencies like Bluetooth, various kinds of smart keys, and even communication monitoring tire pressure. Then there are the long range attacks that can come through WiFi and with the integration of telecom and entertainment systems, many vehicles now come with vulnerable GSM connections.

Mimran detailed how the mere physical exposure of automobiles creates vulnerability. He explains that our other electronic devices are personal; computers are housed within our workplaces and homes, and our mobile devices are in our pockets and purses. But our cars cannot truly come inside.

However it is these far reaching radio signals that significantly raise the threat level to vehicles in ways that were hard to imagine only a few years ago. For a hacker to find your car and perform their attack in person is time consuming and far too expensive for it to be a profitable business model. If you have this kind of concern, then maybe you should be looking for other packages attached to your vehicle as well.

By attacking vehicles over a GSM or in some cases a WiFi connection, hackers have a wide range of targets. They can then threaten drivers by cutting off controls to steering or brakes unless they receive a ransom payment in Bitcoins.

The scenarios are endless and scary.

Startups responding to the threats

The growth of connectivity in cars has opened up new opportunities for Israeli startups, each with their own approach to the problem.

These companies are already receiving recognition for their strong technology. Back in January TowerSec, with their solution for network, hardware, and wireless updates to the vehicle’s systems that are carried out Over The Air (OTA), sold to HARMAN for $75 million.

Two other names that are worth watching out for are Argus and Karamba. Argus teamed up with industry leader Check Point back in January to bring to market their aptly named Intrusion Detection and Protection System (IDPS), which works with both cars that have connectivity capabilities built in from the manufacturer or as a dongle that is installed into the vehicle’s diagnostic port (OBD2).

Karamba focuses on the ECUs, hardening the points that have external exposure, and uses a “whitelist” to decide what should be allowed through the barriers. They have just launched their product this month.

The innovations going on here in the Internet of Vehicles – a close relation to the Internet of Things family – will have a far reaching impact on the advancement of projects in the autonomous car industry.

If people do not believe that they are relatively safe in the vehicles they have now, then they are far less likely to embrace giving up all control to even more advanced systems that are totally dependent on an operating system.

Molly Mintz contributed to the reporting

Share on:Share
Share on Facebook
Share on Twitter
Share on Google+
Share on Reddit
Share on Email
Gabriel Avner

About Gabriel Avner

Gabriel has an unhealthy obsession with new messaging apps, social media and pretty much anything coming out of Apple. An experienced security and conflict consultant, he has written for The Diplomatic Club, the Marine War College, and covers military affairs with TLV1 radio. He mostly enjoys reading articles wherever his ADD leads him to and training Brazilian Jiu Jitsu. EEED 44D4 B8F4 24BE F77E 2DEA 0243 CBD1 3F7C F4B6

More Goodies From Events

Geektime Next, Israel’s biggest startup conference, on June 4

Mark it on your calendars: Geektime Code Elevation, Israel’s largest developers’ conference, on June 5

Save the date: The Geektime Techfest, Israel’s largest technology festival to run June 4-8