Israeli company GuardKnox protects cars from hackers
After years of work in technological warfare in the air force, GuardKnox’s founders want to safeguard cars against cyber break-ins.
“It’s no great pleasure to discover that your braking system has been broken into when you are trying to park in front of a canal,” Wired magazine reporter Andy Greenberg says at the beginning of a clip in which he shows a break-in by hackers of his Jeep Cherokee, manufactured by US automaker Chrysler. In the next frame, Greenberg, with a half-amused, half-worried expression on his face, tries to communicate with the hacker, who is standing a few meters away from his car.
Using only a laptop, the hacker is seen controlling everything happening with the car, until it falls into the canal. Because the reporter and the hacker were responsible enough, this canal was not really deep or dangerous, but for Chrysler, the damage from the canal could amount to $1 billion in terms of image, after the company had to recall 1.4 million cars.
For the auto cyber protection industry, this was an opportunity. Immediately following the incident, US company Harman, which makes the multimedia system for Cherokee vehicles, made massive acquisitions of companies in the sector, including two Israeli companies: Red Bend Software, for $200 million, and TowerSec, for $70m.
GuardKnox, which has raised millions of dollars from auto industry concerns (including Allied, owner of Champion Motors; Taavura Holdings co-owner Shay Livnat, and Kardan NV, which owns a vehicle fleet, is trying to ride this wave. According to its founders, CEO Moshe Shlisel and CTO Dionis Teshler (a third founder, Idan Nadav, is chief engineer), GuardKnox has already signed a contract with one of the auto manufacturers for installing its products in that manufacturer’s vehicles, starting next year.
In contrast to what you might think, GuardKnox’s founders make it clear that a cyberattack by terrorists is not the main threat to the auto industry. “Terrorism is very sexy, but in the end, every criminal industry, including the cyber criminal industry, is motivated by only one thing – money,” Teshler, who served in the air force and was involved in several of its most significant projects, says. “At the most basic level, when you’re driving, the system in the car collects information, and this information can be stolen and traded,” he explains, adding that there are also completely legal dangers, such as information collected about our driving from the auto company reaching the insurance company.
“The car is becoming more and more of a service platform,” Shlisel, 53, another former air force man (he was released with the rank of lieutenant-colonel), adds. “You demand from the car all sorts of capabilities that require it to be connected to the Internet: information about the traffic situation, automatic payment on toll roads, and downloading a movie on the backseat screen.”
Control of the car
Teshler: “Imagine a breakin of the computer of a given vehicle fleet, with the hacker demanding a ransom from the company, with the threat that one of the cars of a given model in the fleet won’t drive.
“Think of it like this: once upon a time, you would step on the brake, and a hydraulic system was put into operation. Today, the brakes don’t operate anything; it’s a button that operates a computer. The same is true of the gas and the wheel. This is a completely electronic system, and just as the driver sends an order to one of the vehicles, someone who has broken in can simply give the opposite order.”
Vehicle fleets were almost the first to be damaged by cyber attacks. “Transportation is becoming more than a service, and less private,” Shlisel says. “The young generation is getting fewer driving licenses and buying fewer cars. Car ownership is no longer significant. As soon as you concentrate transportation in vehicle fleets, you have created the potential for an attack on them. Auto manufacturers always did excellent work in developing vehicles that would protect us in a safety sense, but they did not take the other hazards into account.”
In addition to its agreement with the auto manufacturer, which it refuses to name, GuardKnox is conducting pilots with other companies in the auto industry, and the little revenue it has comes from this aspect; the company hopes that some of this business will expand into agreements with auto manufacturers. In addition, GuardKnox’s board of directors includes former General Motors board member Steve Girsky.
GuardKnox’s uniqueness
Teshler: “First of all, the fact that we come from technological jobs in the air force. We accumulated a lot of experience in the military electronics industry. Cyber in UAVs and mini-UAVs is something that is already happening, and we realized that the capabilities that developed over the years in military aviation are exactly what the auto industry needs. Our approach to work protects moving targets, and we think that this protection, when we bring it to cars, is good protection.
“We’re taking the car’s communications configuration and locking it in such a way that the party giving the instructions has to meet certain standards; if he does not meet them, the instruction is classed as invalid. Instead of reactive defense, we provide proactive defense that prevents any attack, like a vaccination.”
But you know what happens with vaccinations. As soon as a new one comes out, the bacteria develop resistance, and the vaccination has to be renewed, and so forth. In other words, hackers can also go through this evolution.
Shlisel: “In the end, even the FBI and CIA suffer from breakins. What does that show? That someone invested a great deal of time, and succeeded. Anyone who thinks that security is complete is wrong. Our methodology works like this: I can put a lot of guards around a pile of gold to try to defend against the attackers, but if there are too many attackers, the guards will surrender. On the other hand, if I put the gold in a closed facility at Fort Knox protected by the building and by guards, it will have a very high level of security.”
Changes in the industry
“For us, these are business opportunities, because there is a lot of communications, and more points that can be attacked. Passengers need to be protected against messages coming from outside that are liable to affect the car’s safety. Other companies are working on statistical solutions. Our approach is deterministic: it’s not something that may not work; the entire system is locked.”