Bloomfield Hills’ Karamba Security, a provider of end-to-end automotive cybersecurity prevention solutions, today announced ThreatHive, which provides automobile OEMs and Tier-1 suppliers a view of actual, online attacks on their engine control units (ECU) during development.
The service offering enhances Karamba’s ECU protection portfolio with Automotive Threat Intelligence, giving the automotive security industry a platform for discovery of security vulnerabilities before ECUs go to market.
“Understanding the different attack vectors used against ECUs has always been a challenge for vehicle OEMs and Tier-1 suppliers. These stakeholders rightfully place a premium on learning how hackers might infiltrate a vehicle’s system before the vehicle goes to production,” says Patrick Daly, an analyst at 451 Research.
“Karamba Security’s offering is focused on providing the specific insights needed to keep connected and autonomous vehicles secure. If OEMs and Tier-1 suppliers can stay a step ahead of hackers, they increase consumer safety and reduce the need for future over-the-air updates to remediate vulnerabilities once vehicles hit production.”
451 Research is a global research and advisory firm based in New York City that generates data-driven insight of technology.
ThreatHive implements a worldwide set of hosted automotive ECUs in simulation of a car-like environment. The ECU software images are automatically monitored to expose automobile attack patterns, tools, and vulnerabilities in the ECU’s operating system, configuration, and code. The real attacks on the ECU during development lifecycle provide actionable insights into security vulnerabilities, including industry software that benefit the automotive security community.
Karamba Security’s offering expedites vulnerabilities discovery, reducing OEMs’ and Tier-1 suppliers’ investment in penetration testing during product acceptance tests. Having a narrow time frame to complete tests like these often limit vulnerabilities that OEMs and Tier-1 suppliers are able to find.
“This new offering expands Karamba’s ECU protection portfolio by providing actionable insights based on security research inputs to secure connected vehicles throughout their lifecycle,” says Ami Dotan, co-founder and CEO of Karamba Security. “Customers need ways to test their products with real-life security scenarios, and our approach identifies and reports cyberattacks today, years, and months before production, when there is enough time to fix those issues. By gaining insights on code vulnerabilities, customers are able to update prevention technologies and fix vulnerabilities before they get into production and not compromise time to market.”
ThreatHive works with Karamba Security’s Carwall, its in-vehicle security software that automatically secures connected cars against cyberattacks by sealing the car’s ECU software.
Karamba Security is headquartered in Bloomfield Hills and has locations in Israel and Germany.