When security researchers Charlie Miller and Chris Valasek demonstrated at the Black Hat 2015 conference how they hacked a Jeep remotely, they might as well have inadvertently started an entire new industry for automotive security technology. On June 8, Symantec officially announced its Anomaly Detection for Automotive product, which joins a growing list of technologies and vendors aimed at preventing researchers like Miller and Valasek, or malicious hackers, from attacking cars.
Brian Witten, senior director of IoT Security at Symantec, said his company has been in the machine learning space since 2004 and is now bringing that expertise to the embedded systems of automobiles.
“We already have a product in market in the hands of the top automakers that locks down system modules,” Witten told eWEEK. “The next step is watching the CAN [Controller Area Network] bus.”
Witten noted that there are other vendors in the market looking at car module security. In fact, on June 7, Karamba Security debuted its Carwall platform that is aimed at securing the electronic control unit (ECU) on cars. In contrast, the CAN bus is the main network access gateway used in cars and was the path through which Miller and Valasek were able to exploit the Jeep’s systems in 2015. Witten noted that Symantec’s approach to monitoring the CAN bus makes use of his company’s experience with machine learning to help identify potential attacks.
“Our Anomaly Detection product is trained by watching the vehicle’s systems go through normal operations,” he said. “So anytime a module on the vehicle that is communicating over the CAN bus does something in a way that the automaker hasn’t seen before, the detection product will find it.”
What typically happens with a car’s systems is highly repetitive and deterministic, meaning that outliers really do stand out, Witten said. He added that an attack, like the one performed by Miller and Valasek, will show up in the system as a clear anomaly.
Other Symantec automotive security technologies include the Symantec Embedded Security Critical System Protection product, which helps lock down modules against runtime attacks. In addition, Symantec has code-signing capabilities that it is selling to automotive vendors, to help make sure that authentic and verified code is running.
From a go-to-market perspective, Witten said Symantec is already selling its automotive security technologies to the world’s largest car manufacturers as well their Tier 1 suppliers. Under contracts already signed by Symantec with customers, Witten said 10 million vehicles a year will be protected.
“Some of the security technologies are going into cars now under deals signed within the last 12 months,” he said. “So there aren’t 10 million cars on the road yet with our technology, but our run rate is approximately 10 million vehicles a year.”
While Miller and Valasek’s research was not a malicious attack, Witten noted that car technology attacks are in fact happening in the wild today. The Miller and Valasek research was a remote attack, whereby the two researchers were able to manipulate the car’s systems remotely. Among the real attacks that are occurring are thefts by way of keyless entry and ignition system hacks.
“Keyless entry and ignition attacks are happening at scale,” Witten said.
While Symantec can defend against some types of keyless entry and ignition attacks, Witten said he’s somewhat conservative about making a broad claim that his company’s technology can defend against all of them.
“Lots of keyless entry and ignition systems work differently, and some of them don’t even touch the CAN bus, while some do,” he said. “We haven’t been able to test against a broad range of keyless entry attacks, but we can make very broad claims about our ability to defend against remote control attacks.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.