Thursday, August 13, 2015

Israeli experts: ‘We could’ve halted Jeep hack’

More than 150 blue-and-white companies are developing advanced security and vision systems that will prevent hack attacks on vehicles.
By Viva Sarah Press, Israel 21C

The terrifying car hacking scenario in the US now in headlines everywhere – showing two guys using a laptop and a mobile phone to seize control of a Jeep Cherokee’s engine, brakes, windshield wipers
and radio — shocked drivers the world over.

But Israeli security experts have been warning about – and preparing solutions for – this probable situation for four years.

Israel’s well-known cybersecurity expertise extends to the connected-car arena as well. More than 150 blue-and-white companies are developing advanced security and vision systems for these vehicles.

TowerSec and Argus Cyber Security both claim their solutions to automotive cybersecurity threats can protect against every hacking attack.


“Hacking is a very real threat today and will be more so in the future as autonomous vehicles evolve and new technologies become part of the Internet of Things,” says TowerSec CEO Saar Dickman, yet the most recent case was not a typical “white hackers and researchers act.”

When testing a car’s hack-ability, security experts and researchers usually collaborate with a car manufacturer and help fix any vulnerabilities found, Dickman explains. In this case, two American security experts and a journalist – known for comparable previous feats — set up the hack and then released a YouTube video of their success without telling Jeep of their plan.

This was a splashy way to raise awareness about the vulnerability of connected cars, but stirs up unnecessary fears, Israeli cybersecurity firms say.

“I can tell you from inside the industry that the manufacturers are putting in huge amounts of resources to take care of [security vulnerabilities] very fast,” TowerSec’s Dickman tells ISRAEL21c. “It’s a matter of evolution. Like in every developing technology there are early adapters, early attackers and early protectors.”

In 2014, ISRAEL21c produced a radio show on automobile technologies and the specter of car hacking. Dickman, who took part in the program, explains that not all cyber-protection for vehicles is made public and that automakers and suppliers are attentive to cybersecurity threats and to ensuring all the security and safety technologies work in sync to protect vehicles and passengers.

“While we cannot comment on specific attacks on vehicles and devices by hackers, we can say our goal, as well as the goal of our customers, is to ensure vehicles are safe and secure,” says Dickman. “That is a complex process. We must be sure all the technologies work together to best protect the vehicle.”

Dickman says his company’s automotive cybersecurity solution, recently listed in the 2015 Red Herring Top 100 North America, “can prevent 100 percent – not 99% — of attacks. This is not a commercial. We are working with manufacturers. We know how to prevent attacks.”

Tel Aviv-based Argus Cyber Security, founded by veterans of IDF Intelligence Unit 8200, has made its own headlines for its exclusive security methods to keep connectivity technology safe from threats such as the unauthorized access seen in the Jeep video.

“Argus solutions could have played a pivotal role in successfully preventing such attacks from affecting a vehicle’s systems,” Argus VP marketing Yoni Heilbronn tells ISRAEL21c.

“The projects we are already working on with the automotive industry demonstrate that significant efforts are already being made to mitigate the clear cyber risk to passengers’ safety and privacy.”

The American public has become vociferous about the security and privacy vulnerabilities of connected cars.

A Dallas-based trial attorney recently filed a class-action lawsuit against Toyota, Ford and General Motors for failing to address a defect that allows cars to be hacked and control wrested from the driver.

US Senators Edward J. Markey (D-Mass.) and Richard Blumenthal (D-Conn.), members of the Commerce, Science and Transportation Committee, introduced legislation on July 21 that would direct the National Highway Traffic Safety Administration and the Federal Trade Commission to establish federal standards to secure cars and protect drivers’ privacy. The Security and Privacy in Your Car (SPY Car) Act also establishes a rating system — or “cyber dashboard”— that informs consumers about how well the vehicle protects drivers’ security and privacy beyond those minimum standards.

“Argus solutions are ready-to-embed and provide car manufacturers with a real-time cyber dashboard, providing them with real-time overview of their fleet’s cyber health and with the ability to detect new threats and quickly respond to cyber attacks,” says Heilbronn.

“We invested years of research and engineering effort in developing this product,” says Dickman of TowerSec, a company founded in 2012 by a team of Israeli cybersecurity experts and Detroit-based automotive experts. “It detects and prevents cyber threats on vehicles in real time and can be integrated into existing and future vehicles with no redesign.”

So, can Israeli cyber security experts keep the connected car world safe?

“Definitely,” says Dickman.