BlackBerry Jarvis Scans for Security Flaws in Autonomous Car Software

The Jarvis software scans complex autonomous car computer code quickly to report security flaws and help developers make corrections that improve passenger safety.

BlackBerry Jarvis Introduction

Enterprise software vendor BlackBerry is jumping into the autonomous vehicle marketplace with a new cyber-security application called Jarvis that aims to tighten security around the complex computing code that controls driver-less vehicles.

BlackBerry Jarvis, which the company says is a "cloud-based, static binary code scanning" application, can be used by automakers to quickly and deeply scan and evaluate the voluminous and critical software code used in autonomous vehicles, cutting such scanning from 30 days down to about seven minutes, according to BlackBerry.

By being able to evaluate large amounts of code from a wide variety of third-party vendors, Jarvis aims to help automakers increase the safety and reliability of their still-in-development autonomous vehicles, according to the company.

After scanning the code and identifying vulnerabilities, Jarvis will also be able to quickly provide "actionable insights" to allow automakers to correct defective code, BlackBerry said in its Jan. 15 announcement at the North American International Automotive Show in Detroit.

"Connected and autonomous vehicles require some of the most complex software ever developed, creating a significant challenge for automakers who must ensure the code complies with industry and manufacturer-specific standards while simultaneously battle-hardening a very large and tempting attack surface for cyber-criminals," John Chen, the executive chairman and CEO of BlackBerry, said in a statement.

"Jarvis is a game-changer for OEMs because for the first time they have a complete, consistent, and near real-time view into the security posture of a vehicle's entire code base along with the insights and deep learning needed to predict and fix vulnerabilities, ensure compliance, and remain a step ahead of bad actors."

Jarvis can be used to evaluate the hundreds of software applications that are used in autonomous vehicles, according to BlackBerry.

Jarvis will be offered to automakers on a pay-as-you-go usage basis and can be customized to meet the needs of individual automakers. The application will be able to scan binary files at every stage of software development, including new software under evaluation as well as existing software already in production. Development teams will gain immediate access to the scanning results through dashboards that also provide specific cautions and advisories, according to BlackBerry.

Jarvis is already being tested with several automakers, including Jaguar Land Rover.

"Jaguar Land Rover and BlackBerry share a common objective in bringing the most intelligent vehicles to reality," Dr. Ralf Speth, the CEO of the carmaker, said in a statement. "In our independent study, Jarvis delivered excellent efficiencies in time-to-market, significantly reducing the time to security assess code from thirty days to seven minutes, Speth’s statement said.

In the future, Jarvis could also be used to help secure critical applications in other industries, including healthcare, industrial automation, aerospace and defense, according to BlackBerry.

IT analysts said Jarvis is intriguing and could be a valuable tool for autonomous vehicle makers.

Charles King, an analyst with Pund-IT, said Jarvis "leverages BlackBerry's longstanding reputation for platform security" and makes sense because the company "has considerably more experience with and interest in security-related issues than most of its mobile platform competitors."

The application's speed in scanning code could also "reduce the drag on automobile operating system and application development by substantially speeding and simplifying testing processes," said King. 

"Overall, this looks like a promising development for Blackberry. It isn't anything like a 'silver bullet' that will provide the company with instant salvation, but it clearly demonstrates that BlackBerry has a role to play and value to offer customers in what most agree will be one of technology's most commercially dynamic markets," King said. 

Another analyst, Dan Olds of Gabriel Consulting Group, said applications like Jarvis are an "example of mission-critical software" for the auto industry because "actual lives would be on the line if the code fails or is exploited." 

Meanwhile, "as automobiles become more automated over time, and as they hold more information about their drivers, they'll become a much more attractive target for hackers," said Olds. "There is absolutely a need for some mechanism, perhaps Blackberry Jarvis, to holistically examine and rigorously test automotive software for weaknesses and security flaws. Blackberry is on the right track in addressing this market."