Israeli Tech Firm Prepares to Fight ‘Rising Number’ of Wireless Car Hackings
The company uses the Cloud to monitor connected cars for irregular software sequences.
An unfortunate side-effect of the increased amount of software in modern cars is the possibility of car hacking. Cybersecurity is a problem other industries are learning to grapple with, and Israeli tech firm Upstream hopes to give automakers the tools to do so as well.
The much-publicized hacking of a Jeep Cherokee by cybersecurity researchers Charlie Miller and Chris Valasek stoked fears of cars being taken over by remote control, but Upstream vice president of product Dan Sahar thinks that hackers are more likely to use ransomware to render vehicles or related systems inoperable, and then demand payment.
"Our product is like an early warning detection [system] against hackers," Sahar told The Drive. Sahar said the need for his company's services is increasing due to the number of cars on the road with data connections, which enable features like remote locking/unlocking or engine start, services like General Motors' OnStar and vehicle-to-vehicle (V2V) communications systems.
To stop hackers, Upstream monitors massive amounts of data being sent to and from connected cars, and searches for "abnormalities" that might indicate a hack in progress, Sahar explained. These might be an unfamiliar message or sequence of messages not observed during the software's normal operation.
Upstream merely observes these abnormalities and alerts the automaker when it detects a potential problem. It's then up to the automaker to deal with any fallout from the hack and find a way to prevent it from happening again in the future. Upstream currently monitors 1 million vehicles globally, and expects that number to "grow substantially" within the next year, Sahar said.
"This approach is unique among the handful of companies focusing specifically on automotive cybersecurity," Sahar said. The advantage of a cloud-based monitoring system is that it can be implemented immediately for vehicles already on the road. No special in-vehicle hardware or software is required. Sahar is also skeptical of security systems that work from inside the car.
"Very few cars currently have built-in countermeasures against hacking," added Sahar. He could only think of Tesla electric cars and an unnamed Dodge model off the top of his head. Sahar also said that hackers tend to target remote servers that send commands to a vehicle, rather than the vehicle itself. Once those servers are compromised, hackers can send illegitimate messages to cars. Sahar likened this to building a strong bank vault, only for a thief to impersonate the owner of a bank and get access.
The number of both connected cars and malicious hackers is growing. There are already 100 million connected vehicles globally, including passenger cars and commercial trucks, and their numbers will likely grow as automakers add connectivity features and pursue autonomous-driving technology.
At the same time, Sahar said the number of criminal "black hat hackers" in the automotive sector is expected to surpass "white hats" for the first time this year. White hats are hackers that actively search for security flaws and report them to companies. General Motors and Tesla have offered cash bounties to these hackers for finding flaws.