For better or worse, military and government folk are more interested than most in hacking cars. As Forbes previously reported, the US Defense Advanced Research Projects Agency (DARPA) sponsored researchers Chris Valasek and Charlie Miller to see whether they could use computers to mess with a range of automobiles. In the UK this week, home secretary Theresa May said government would work with car companies to add cyber resilience to their cars.
Meanwhile, over in Tel Aviv, former members of Unit 8200, the intelligence arm of the Israel Defense Forces, have quietly established a company that is both testing the digital defences of modern vehicles and working on technology to protect them from malicious hackers.
Argus Cyber Security only finished work on its first range of products this summer, but it’s now meeting with car makers and parts manufacturers to get its intrusion prevention system (IPS) rolled out to protect drivers as soon as possible. Not only are its founders all ex-captains of Unit 8200, one of its backers, retired general Nadav Zafrir, set up the IDF Cyber Command.
The start-up's patent-pending technology is fairly straightforward on the surface: it allows sections of a vehicle to be contained. Right now, the most sensible approach for any lunatic who wants to drive someone else’s car off the road using just their computer is to connect to systems that can be accessed from far away, such as an entertainment system that relies on outside communication to work. As almost all cars coming off the production line now have their own internal networks, it’s possible to hack one system and move to another. Potentially, someone could hack the entertainment system and then move around the network-on-wheels to get access to critical components like the steering wheel or brakes.
But Argus claims its technology should stop that without causing dangerous distractions for the user. As soon as it detects suspicious activity, it contains and blocks it without sectioning off the system being attacked, so the hacker's code simply can’t access other bits of the car, explains co-founder and CEO Ofer Ben-Noon. It’s an approach partly inspired by smartphone security - an industry Ben-Noon and his Unit 8200 alumni co-founders Oron Lavi and Yaron Galula had originally planned to enter before shifting focus to vehicles.
“We also looked at Bitcoin, smart houses, IoT [the Internet of Things], and at every challenge we could think of. But we thought, what is the biggest threat that we forecast one or two years forward? That’s when cars came in,” Ben-Noon tells me.
“Everything will be hacked in every single [car] brand. It will take time, it might be weeks, months, or a couple of years, but eventually it will happen... Our goal is to be the
The Argus method is different to the one Miller and Valasek took when they created their own basic defensive system, which would shut down the entire network of the car when an attack was launched. This does have its downsides: imagine hurtling along the highway at 70Mph when the network suddenly shuts down. It would freak out the average driver, possibly causing a crash. Now imagine if the security tool was set off by an anomaly other than an attack, potentially leading to an accident even though no one was trying to hack the vehicle. From this perspective, the Argus technology would appear superior.
And unlike the Valasek and Miller model, Argus’ tech won’t be placed in the hands of consumers. Instead, the Unit 8200 alumni want to install their technology in the different parts of the car, so the final manufacturers who put the vehicle together won’t have to change their designs. According to Ben-Noon, this will allow for layers of security: if a hacker manages to exploit the Argus technology in one section of the car, it’ll still work in protecting others. There is no single point of failure, he adds.
Argus, which will also be hunting for security flaws in vehicle, isn’t the only company that has latched on to the car security craze. Indeed, Tel Aviv is home to two other firms specifically dealing with cyber threats on automobiles, TowerSec and Arilou. But Ben-Noon believes Argus is the only pure play company to have received proper financial backing. It raised $4 million in May from leading venture capitalists in Israel, indicating there’s money to be made here. More funding is on the way, Ben-Noon promises.
Not all are convinced there’s a real need for third parties in this sphere. Josh Corman, who is heading up the I Am The Cavalry movement focused on addressing digital public safety concerns, says the onus should be on manufacturers to get security right on their own. “I don’t want anti-virus or IPS in my car... I want in-built defence.”
What’s apparent to Corman and from the early interest in Argus, though, is that there is now an economic incentive for added in-vehicle cyber security. Such protections, alongside a software update mechanism, would obviate the need for potentially expensive recalls when things do go wrong, says Corman. “Being reactive is problematic in the automotive sphere,” adds Ben-Noon.
Whilst Corman believes the public’s attention needs to be drawn to vulnerabilities in cars, as long as it’s done responsibly, Ben-Noon says his company isn’t planning on making much noise. Manufacturers aren’t yet keen to openly work with cyber security types, as that would be tantamount to admitting there's a problem. Private collaboration remains the best way forward for Argus and the market as a whole, says Ben-Noon.
Given the automotive industry already deals in tight margins, and with heightened public awareness around vulnerabilities resident in cars today, this segment of the market looks set for expansion. Regardless of the current threat level, that can only be good for drivers everywhere.
