Symantec Corp. debuted Wednesday its Anomaly Detection for Automotive to protect against zero-day attacks and never-before-seen issues facing modern connected vehicles. Bringing Symantec’s extensive security and analytics technologies across complex networks to the vehicle, Anomaly Detection for Automotive offers the ability to identify issues for early remediation.
Symantec Anomaly Detection for Automotive uses machine learning to provide passive in-vehicle security analytics that monitor all Controller Area Network (CAN) bus traffic without disrupting vehicle operations, learn what normal behavior is and flag anomalous activity that may indicate an attack. The solution works with virtually any automotive make and model.
The offering protects against range of vehicle attacks by using deep packet inspection on every message to detect anomalies in message patterns, payload values, traffic rates and other device activity on the bus. It also examines the breadth and depth of detection in vehicle, so the analytics “in-vehicle” allows customers to only send aggregated data and learned baselines off vehicle while still inspecting every message.
Connected cars offer drivers conveniences such as navigation, remote roadside assistance and mobile internet hot spots. There will be 220 million connected cars on the road in 2020, according to Gartner. While new technologies promise to enhance the driving experience, these advancements also create avenues of attack for hackers that can endanger drivers and passengers.
“Automotive security threats have gone from theory to reality,” said Shankar Somasundaram, senior director of product management and engineering at Symantec. “Symantec is bringing the world’s most comprehensive portfolio of security technologies to the car. The infrastructure and technology that already helps protect billions of devices and trillions of dollars now protects the car. We’re building long-term comprehensive security all while delivering ground breaking protection for cars today.”
Set to be available across most markets globally, Symantec Anomaly Detection for Automotive is the latest example of Symantec’s investment in the comprehensive IoT security solution. Symantec recently announced that the company is securing more than 1 billion IoT devices, from cars to smart meters to industrial control systems. This is Symantec’s fourth solution designed to serve the auto industry, in addition to Symantec Embedded Security: Critical System Protection, Code Signing, and Managed Public Key Infrastructure.
Recent evidence shows that these attacks can work remotely, spurring costly recalls. Those most attacks are not only against cars, some attacks are already hurting users at large scale. Throughout Europe and North America, thieves have been exploiting vulnerabilities in keyless entry systems. Keyless entry systems provide the customer the convenience of entering, leaving, and locking their cars—as well as stopping and even starting their car engines—without taking their keys out of the pocket, purse, or briefcase.
Many of the vulnerable keyless entry systems do this by trying to detect the proximity of the key to car. Few systems take the precaution of capturing position and proximity through relatively strong means, such as using combinations of Global Positioning System (GPS), cellular, Wi-Fi, and accelerometer telemetry, digitally signed by both the car and the car keys for them to agree that they are near each other.
Instead, many systems attempt to capture proximity data with simpler signal strength triangulation among sensors on the car. Of course, that is susceptible to relay attacks in which a thief with the right electronics—often carried in a purse—can relay the car signal to the keys, and then relay the keys’ signal to the car, as if the keys were in the thief’s purse. To date, impacted brands include Audi and BMW, but those two are just the beginning of a long alphabetic list of impacted brands.
Automakers could avoid such costly and brand-damaging mistakes through combinations of digital capture of location, signing data on capture, and using secure boot and code signing to ensure that firmware isn’t tampered. Similarly, embedding a set of over-the-air (OTA) update mechanisms into most cars could give many automakers more choices in resolving this issue, even if the original set of keys weren’t shipped with the more expensive sensors.
These options could include using the customer’s smartphone; for example, Android devices leveraging technology such as TrustZone Integrity Monitoring Architecture (TIMA) as alternate keys. After all, such mobile devices already have all of the sensors mentioned above.
Unfortunately, most carmakers are still building basic OTA update and configuration management into the cars they make and sell. Perhaps most important, such OTA capabilities still don’t directly fix the risky vulnerabilities, which let hackers remotely trigger the car. That has to be done by applying the basic security principles to cars, and applying those principles at each tier of the supply chain.