If automobile aficionados find themselves asking, “Is nothing sacred?” when it comes to cyber-crime and hacking, the obvious answer is “of course not.” The more technology we build into our vehicles, the greater the need for those vehicles to come equipped with security technology to keep them safe from attack.
Karamba Security, a world leader in automotive and enterprise edge cybersecurity, recently announced the signing of a production agreement of its leading Carwall® runtime integrity software, in Alpine infotainment systems.
The platform provides an ECU self-protection against remote code execution (RCE), helping to protect vehicles from cyberattacks.
Protection against cyberattacks is critical in order to safeguard customer safety in the connected and autonomous vehicle era. Such exploits of in-memory vulnerabilities can jeopardize customer safety by controlling a vehicle’s speed and direction. Karamba’s runtime integrity technology provides self-protection against remote code execution, using Control Flow Integrity (CFI).
“This is the first time a production of commercial, embedded, self-protection software is available for automotive ECUs and vehicles,” said Ami Dotan, Karamba co-founder and CEO.
Dotan added that the partnership with Alpine’s product team allowed Karamba to overcome production hurdles (such as automated implementation without delaying time to market) and implement the same security software on Alpine’s various systems.
Karamba’s patented Embedded Runtime Integrity is a state-of-the-art attack detection and prevention software that leverages Control Flow Integrity (CFI) and continuously maintains vendor settings. With Karamba’s technology installed, the infotainment software system detects, prevents, and reports attempted cyberattacks.
On July 3rd a paper published by leading OEMs such as Audi, BMW, Daimler, Fiat-Chrysler and, Volkswagen, indicated the Control Flow Integrity (CFI) as a recommended technology to protect safety systems against cyberattacks. Karamba Carwall is the industry-leading CFI solution, thanks to its seamless implementation and negligible performance impact of less than 5 percent CPU overhead.
“Protecting our customers against cyberattacks is a key mission for Alpine,” said Yasuhiro Ikeuchi, president of Alpine Europe. “We were looking for a solution that can be seamlessly applied to our product without delaying time to market, with negligible performance impact, while providing strong security measures. We have found those qualities in Karamba Security Carwall® and we are excited to team up with this high growth company.”
Karamba is demonstrating with this production deployment a proven ability to automatically prevent exploits of in-memory vulnerabilities in connected machines, without any need for software or hardware changes. This solution makes embedded security reality in the connected vehicles revolution.