the first mile in secured connected vehicle · towersec proprietary. the contents shall not be...
TRANSCRIPT
TowerSec proprietary. The contents shall not be copied, reproduced, changed or communicated to another - either in whole or in part.
The first mile in secured connected vehicle
Cyber Maryland 2015
Anuja Sonalker, Ph.D
© TOWERSEC 2
Founded in 2012, TowerSec brings together Detroit’s automotive industry's knowledge with Israeli Cyber Security experience.
Offices Ann Arbor, Michigan, Annapolis Junction, Maryland, Berlin, Germany and an R&D center in Tel-Aviv, Israel
TOWERSEC Overview
Providing security solution to protect vehicles and related on-board components against hacking and intrusions.
BUSINESS PROFILE
PRODUCTS Ready to embed software solution for integration into ECUs, Smart Gateways and other CAN related systems
ORGANIZATION
ECUSHIELD TCUSHIELD
Designed to be integrated in Telematics devices, IVIs, dongles and other after-market OBDII related products.
© TOWERSEC 6© TOWERSEC 6Trojan Car |
Cyber attacks on cars today are rare– Requires a lot of time– Special resources – Specialized knowledge
Civilian connected-cars = higher payoff– Insurance Fraud, Warranty Fraud– Safety hazards & Terrorism
Law enforcement vehicles have a much higher payoff– Law and order situation out-of-control
Is the problem REAL and PRACTICAL?
© TOWERSEC 7© TOWERSEC 7Trojan Car |
Telematics compromiseIn-cab electronics hacking– Radio– Cell phone– OBD-II– GPS spoofing
Remote Start!
Typical cyber attacks on vehicles
© TOWERSEC 8© TOWERSEC 8Trojan Car |
Sensor input compromise– Camera– Radar, LIDAR
Loss of Critical control – Braking and acceleration– Air bag control– Adaptive safety systems
Typical cyber attacks on vehicles
© TOWERSEC 9TOWERSEC Introduction |
Vehicle brands hacked in the public domain
o Fordo GM o BMWo Mercedeso Chrysler/FCA
o Toyotao VWo Teslao Audio Corvette
© TOWERSEC 11
How You Would Protect• Intrusion Detection or Prevention:
– Employ at least a passive detection technology
• Vulnerability management: – Regular maintenance, patching of known and exposed vulnerabilities
© TOWERSEC 12
• Penetration testing:– Routine pen testing of IT systems, software, vehicles, telematics units, major sensors
• By Design: – Future Systems design– Complexity management through SEP
How You Would Protect
© TOWERSEC 13
• Balance Risk, Asset and Threat likelihood• Cover high bandwidth attack surfaces• Long term secure designs• Detection/monitoring systems have a place
Where should prevention resources be invested?
TowerSec proprietary. The contents shall not be copied, reproduced, changed or communicated to another - either in whole or in part.
For Safe and Secure Drive
www.tower-sec.com | [email protected]