back to article Upstart bags $2.5m to help put the brakes on self-driving car hackers

Israeli car security startup Karamba Security has banked $2.5m in fresh investment, which it plans to use to extend its technology to autonomous vehicles. The tech will be geared towards protecting engine control units (ECUs) in robot cars from hackers and malware infections. Miscreants typically infiltrate a vehicle by first …

  1. DougS Silver badge

    Sales of "connected and fully autonomous vehicles"?

    I assume sales of either connected OR fully autonomous vehicles was meant, with ALL of the total in 2020 being connected and none fully autonomous. Maybe they'll hit 15% fully autonomous by 2025, we'll see.

    What would really help security is getting rid of the stupid and pointless "connected vehicle" concept. WTF should a vehicle be accessible from the outside? Unless it serves a REALLY important purpose, such communication should only be capable of being initiated from/by the vehicle! Being able to unlock or remote start your vehicle with an app might be convenient, but such convenience comes at an enormous price given how poor security is these days. Being able to access diagnostics remotely does nothing for the car owner but make him more insecure. What's wrong with having the vehicle upload diagnostic information (preferably only with the OK of the owner) rather than having that be remotely accessible?

    1. Tessier-Ashpool

      Re: Sales of "connected and fully autonomous vehicles"?

      I'm not in this business but I imagine there are cases where shared realtime information could be far from pointless. A beehive works efficiently because bees interact with their neighbours both actively and passively. Traffic flow might be better managed in a connected environment: have you ever felt frustration when you see a green light in the distance, and yet it's a very slow wave of activity that takes place as a ripple of awareness flows from driver to driver? Detecting and acting on an incoming vehicle whose brake unit is failing could save lives. Off the top of my head.

      1. DougS Silver badge

        Re: Sales of "connected and fully autonomous vehicles"?

        When we get to the point of having enough autonomous cars that having them communicate (versus just assuming all cars are driven by half-insane meatbags) is helpful, sure.

        But you better think long and hard about how to do it, because if my car can tell the cars behind it "accident ahead, slow down" what stops a miscreant bent on creating havoc from sending out such a message to all cars and making your 20 minute commute take two hours?

        1. Anonymous Coward
          Anonymous Coward

          Re: Sales of "connected and fully autonomous vehicles"?

          @DougS

          Trust but verify. With "cooperative" information sharing you accept the information as an indicator only. i.e if the car in front of you at the traffic lights says it's moving forward you move forward too, but if it remains stationary you distrust the information it has given you and stop (or go safely around it) after telling the car behind.

          Taking it a step further if the car in front is demonstrably and repeatedly sending out false information the communication will be completely ignored and the car treated like it was being driven by a person. The option would also be there to record the data traffic and forward it to the police.

          1. DougS Silver badge

            Re: Sales of "connected and fully autonomous vehicles"?

            I'm not thinking about a car being hacked to send out false information, but someone building a device that would pretend it is a car (or more likely a LOT of cars) and do so. That would be difficult to track, sort of like if someone drove down the highway with a cellular jammer - by the time the cops got someone out there with the equipment to locate the jammer he'd be long gone.

    2. TeeCee Gold badge

      Re: Sales of "connected and fully autonomous vehicles"?

      You overlooked the elephant in the room that nobody will talk about.

      Exploits / attack vectors / techniques evolve over time. It doesn't matter how bleedin' edge your security is on the date of manufacture, it will be exploitable one day.

      Cars have a plan life of 10 or so years and an actual life of 20 or more. Chances of that new exploit actually being fixable on hardware over 10 years old? Slim to none. Chances of any manufacturer bothering to try? Fuck all.

      The "connected car" concept is dead. It just needs a large enough number of dead people to reinforce that to the extent that somebody'll actually give enough of a shit to ban the concept.

  2. DryBones

    Autonomous Vehicle Security

    Physically separate the infotainment system harnessing from the steering, telemetry, and speed control harnessing. Use hardware that can only pass data one way (transmit only or receive only) to let the two talk. Hey, there goes 95% of all attack surfaces.

    Waiting for my VC money...

  3. nilfs2
    Coat

    All or nothing

    That's the only way autonomous cars will work, computers can't predict human stupidity on the road.

    1. Scoular

      Re: All or nothing

      Have you considered programmer stupidity or lack of knowledge or experience with the complexity of actually controlling something in a complicated and changing situation.

      I think many are underestimating the task and overestimating their own brilliance. It may happen but it is going to take longer and cost a lot along the way.

      Humans are actually quite good at adapting and it is really hard for a programmer to think of every possible situation, Just jamming on the brakes when confused is a long way short of elegant engineering.

      1. nilfs2

        Re: All or nothing

        Humans are also really good at doing stupid things, like cutting you off, running a red light, speeding, drunk driving, and so on.

  4. MachDiamond Silver badge

    Connected = Hackable

    If it's "connected", it can be hacked. There might be some very simple hardware that can't, but something as complex as a modern automobile is going to have more holes than a chain link fence.

    1. Version 1.0 Silver badge

      Re: Connected = Hackable

      Let's have them demonstrate their abilities with a refrigerator or a home thermostat first - then maybe I'll think about trusting them with a car.

  5. allthecoolshortnamesweretaken Silver badge

    "... connected autonomous ..."

    Sounds like a contradiction in terms to me...

    1. HieronymusBloggs Silver badge

      "... connected autonomous ..."

      "Sounds like a contradiction in terms to me..."

      Not necessarily. We humans are (usually) autonomous, but connected to each other by our ability to communicate.

  6. Paul Crawford Silver badge

    Autonomous?

    "To enable full autonomy, a car should have more externally connected electronic control units vs connected cars," Barzilai explained.

    WTF is this? So a supposedly autonomous vehicle will not work properly in the event of no mobile connection, or if the other vehicles it encounters are meatbag driven?

    Some one needs to take a clue-hammer to this guy and demand that any autonomous car can work and are tested under adverse communication situations, otherwise a $20 Chinese mobile jammer will be able to bring cities to the knees by blocking the roads with malfunctioning cars.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019