26–27 September 2017

Tokyo, Japan


Preventing exploits of ECUs unknown threats

Assaf Harel, CTO & Co-Founder, Karamba Security

Hidden security bugs represent unknown threats. Hackers may exploit them to gain code execution privileges and send malicious commands to the CAN bus.

ECUs are not user-changeable – therefore any unauthorised change to factory settings must imply an attempt to exploit a hidden security bug. Validating code execution in runtime and preventing any change to factory settings, enables prevention of security bug exploits, and effectively blocks hackers out of the car.

Autonomous Security software automatically reverse engineers from the ECU’s binaries its factory settings in build phase, and automatically generates security policy based on those settings. The policy is automatically embedded into the ECU rmware and OS, and validates in runtime the operations executed on the ECU.