Autonomous And Connected Vehicles Experience 300,000 Hacking Attempts Per Month


The company Karamba Security provides automotive cybersecurity solutions for autonomous and connected cars. Its Autonomous Security software products include ThreatHive, Carwall, and SafeCAN.

The Israeli-based company Karamba Security has been attracting internet attacks on automotive electronic control units (ECUs) through its Karamba ThreatHive solution, which harnesses real-world hacking attempts to expose and pinpoint ECU vulnerabilities to be fixed before such vulnerabilities are exploited in real cars.

The company's global system of data-generating runs continuously collecting threat data to identify vehicle security gaps, and according to the data, each of the automotive ECUs exposed by ThreatHive to the internet were attacked on average of 300,000 times per month by 3,500 different hackers, covering 11 different types of attacks.

Each simulated ECU was targeted by a different mode of attack, aiming to exploit different services in the ECU.

For example, attacking the Telnet port - similar to the services targeted on the VW Golf white hat attack in April 2018 - to SSH which targeted a Subaru 2018, and HTTP on Tesla 2017. Attacks were prevalent across geographies and service providers.

Those hackers can be both humans and bots, and were searching for any ECU vulnerabilities that can be exploited in order to gain control of the connected system.

The main sensors of an autonomous vehicle
The main sensors of an autonomous vehicle

According to Karamba Security’s co-founder and CEO Ami Dotan:

"The fact that each connected ECU gets attacked about 300,000 times every month illustrates just how creative and persistent hackers have become."

"As autonomous and connected vehicles become software driven, risks increase that hackers will find ways to take control of the vehicle by compromising ECUs and infiltrating cars to change their speed and direction. The automotive industry needs to take preventative measures and leverage technologies like ThreatHive that expose vulnerabilities for OEMs and tier 1s to address during the production stage, before the hackers identify and exploit such vulnerabilities in the car itself."

Autonomous and connected vehicles can connect to the internet to communicate with each other and the network of connected objects, from traffic lights to junctions, around them. But at the same time, this ability opens a whole range of intrusion possibilities.

When these cars are hacked, the driver may not longer be in control of the vehicle, as hackers that control the system can drive the car remotely: a malicious remote attacker, who can conceal their identity and location, can gain direct control over a compromised vehicle’s throttle, brake and even steering

Knowing that connecting their products to the internet for convenience do have drawbacks, car manufacturers that develop self-driving technology are trying to reduce road accidents, as well as improving the security of their products to prevent them from being remotely accessed by hackers.

However, this is potentially more difficult as those cars have far higher levels of connectivity.

For example, a car with ECUs have sensors to read vehicle speed, engine speed, oxygen and fuel for air-fuel ratio, temperature and several more. But fully autonomous cars have a lot more sensors embedded inside and out, and these cars rely on them to detect anything from the engine's performance to what's in front of them.

What this means, there are many holes that are exposed when the cars connect to the internet, and car manufacturers are trying to patch any security vulnerability they see.

"What is the biggest risk of hacking?" once asked David Barzilai, co-founder of Karamba Security. "In a data center it is loss of data. With the car it is loss of life. The stakes are so much higher."

To understand the weaknesses of a autonomous and connected cars' systems, Karamba Security installed verification software within the car's source code, which allows the company to recognize whether commands issued to the vehicle are genuine.

This is like a "intrusion prevention", or an equivalent of a burglar alarm.