As Cars Grow More Vulnerable to Cyber-Attacks, Israeli Company Takes Lead in New Solutions
JNS.org – A leading Israeli automotive cybersecurity company is teaming up with an innovation lab that was opened by the Renault and Nissan car manufactures to build new cybersecurity technologies for the vehicle market.
Cybellum, an Israeli company established in 2016, announced last month that it will work with the Alliance Innovation Lab, which was founded in 2019 in Tel Aviv by Renault and Nissan.
One of the main focus areas of the Alliance Innovation Lab Tel Aviv is cybersecurity.
Speaking to JNS, Cybellum CEO Slava Bronfman said the old days in which cars were offline are over.
“There is communication in between the car’s components,” he explained. “The touchscreen can lead to the brakes. The modern vehicle is a dense network, like an IT network in an organization. When you hit the brakes, this is not mechanical anymore—you send a message from the brake pedal to the internal system and to the smart brake on wheel.”
“This world has changed a lot,” said Bronfman. “With Alliance, we will work on the new architecture of vehicles, and conduct risk analysis of the interconnectivity of the whole vehicle. We will simulate not only cyber vulnerabilities, but also the full attack chain on entire vehicle.”
Asked how cyber-attackers can reach vehicles, Bronfman said would-be thieves can now open cars with phone applications and even start engines this way. They can approach vehicles with digital keys and get the engine going, he added.
“Today’s smart vehicles are connected to Internet. They have their own SIM cards. After you get into the car, it broadcasts data to the manufacturer over the Internet, such as GPS data and speed,” said Bronfman. “Applications like Spotify, Netflix and Skype connect into car’s internal system.”
He cited a famous 2015 cyber attack on a Cherokee Jeep, in which hackers demonstrated their ability to take control of the steering wheel using a cellular network connected to the vehicle.
Cybellum’s risk analysis solutions automatically detect a wide range of vulnerabilities in vehicles, such as those in their electronic control units.
“Using upcoming developments from the new cooperation, Alliance companies will be able to use the Cybellum solution suite to gain full, ongoing visibility to their cybersecurity exposure at the vehicle level and get the necessary guidance on risk remediation,” according to a joint statement by Cybellum and the Alliance Lab.
Bronfman said his company enables vehicle manufacturers and suppliers to identify and remedy security risks throughout the entire vehicle life cycle.
Manufacturers can take immediate actions and eliminate any cyber risk in the development and production process before any harm is done, while continuously monitoring for emerging threats to vehicles on the road, he said.
The company operates on the understanding that the old world—in which cars, trains, aviation and medical devices were offline—is changing rapidly.
“The world has become highly connected. Everything that is connected to the Internet has value in the eyes of attackers,” stated Bronfman.
Currently, the vehicle cyber-security industry is worth some $4 billion, and by 2030, it’s expected to grow to $10 billion.
‘Security changes over time’
Currently, cyber attackers are mostly seeking data with financial value or which infringe on the privacy of car users, but as time goes by and cars become increasingly networked, the risks will grow to include other types of potential attacks, including the possibility of hijacking the vehicle itself.
In the first stage, prior to production when the vehicle is at the design phase, Cybellum analyzes the initial protype and locates cyber vulnerabilities. After sketching out the risks, it highlights the needed encryption levels and the right kind of communications to cancel them out.
In the second stage, after the car hits the road, the company also plays a key role. Bronfman described this as “the biggest conceptual change in the cyber-security world. Unlike safety testing, security changes over time. A component that was safe yesterday could be vulnerable to new cyber attacks tomorrow. We therefore conduct continuous monitoring.”
To achieve this, Cybellum creates a full digital simulation of the vehicle to discover vulnerabilities. In its cooperation with the Alliance Lab, it is working to analyze the full vehicle, not just individual components—a highly complex mission.
“Data broadcast from car has value. It interests cyber attackers to know the location of a vehicle. They can follow people of interest remotely by breaking into the network, and find out where you were and when. Cameras in vehicles can produce value for cyber attackers looking for data,” said Bronfman.
He described the Israeli vehicle cyber-security industry a world leader, adding that international companies often acquire Israeli companies in the field or set up scouting activities in Israel.
Etienne Barbier, director at the Alliance Innovation Lab, said, “We are looking into fresh, novel approaches to the most fundamental problems in our industry.”
He added that “managing software security is no longer an optional activity for car manufacturers, but a mandatory transformation to a future with fully automated, self-assessed, self-healing software. The Cybellum team built the technology foundation necessary to make this future a reality.”
Eldad Raziel, cyber-security leader at the Alliance Innovation Lab, said “our collaboration with Cybellum will bring to the market the first solution that can calculate the risk of a vulnerability in the full vehicle context, help the Alliance brands to manage the risk accurately, save time and be competitively prepared for upcoming regulations.”