Karamba Security has announced ThreatHive, which provides automobile OEMs and Tier-1 suppliers a view of actual, online attacks on their ECUs during development.
This service offering enhances Karamba’s ECU protection portfolio with Automotive Threat Intelligence, giving the automotive security industry a platform for early discovery of security vulnerabilities.
Karamba Security’s ThreatHive implements a worldwide set of hosted automotive ECUs in simulation of a “car-like” environment. These ECU software images are automatically monitored to expose automobile attack patterns, tools, and vulnerabilities in the ECU’s operating system, configuration, and code. The real attacks on the ECU during the development lifecycle provide actionable insights into security vulnerabilities, including industry software (like OS, development tools, and common libraries) that benefit the automotive security community.
By utilizing hackers’ crowd effect, attacking the ECU software hosted in the honeypots, Karamba Security’s offering expedites vulnerabilities discovery, and reduces OEMs’ and Tier-1 suppliers’ investment in penetration testing during product acceptance tests, in a narrow time window, which may limit vulnerabilities discovery. The findings from the threat analysis tool are shared in an aggregated and anonymized way to help vehicle OEMs and Tier-1 suppliers secure ECUs from hackers, as part of Karamba Security’s strategic partnership with US Auto-ISAC.
ThreatHive works with Karamba Security’s Carwall, its in-vehicle security software that automatically secures connected cars against cyberattacks. Carwall keeps connected and autonomous cars safe by sealing the car’s ECU software, so it automatically prevents cyberattacks from infiltrating the vehicle and compromising consumer safety. Together the products build out Karamba Security’s ECU protection portfolio to keep autonomous and connected cars safe from cyberattacks during development and in production.
Karamba Security recently announced it was selected by the Automotive Information Sharing & Analysis Center (Auto-ISAC) Board of Directors to join the Auto-ISAC Strategic Partnership Program to provide members analysis on attack activity and forensics data of such attacks against ECUs.