Is­raeli com­pany GuardKnox pro­tects cars from hack­ers

The Jerusalem Post - - BUSINESS & FINANCE - • By HADAS MA­GEN

Af­ter years of work in tech­no­log­i­cal war­fare in the air force, GuardKnox’s founders want to safe­guard cars against cy­ber break-ins.

“It’s no great plea­sure to dis­cover that your brak­ing sys­tem has been bro­ken into when you are try­ing to park in front of a canal,” Wired mag­a­zine re­porter Andy Greenberg says at the be­gin­ning of a clip in which he shows a break-in by hack­ers of his Jeep Chero­kee, man­u­fac­tured by US au­tomaker Chrysler. In the next frame, Greenberg, with a half-amused, half-wor­ried ex­pres­sion on his face, tries to com­mu­ni­cate with the hacker, who is stand­ing a few me­ters away from his car.

Us­ing only a lap­top, the hacker is seen con­trol­ling every­thing hap­pen­ing with the car, un­til it falls into the canal. Be­cause the re­porter and the hacker were re­spon­si­ble enough, this canal was not re­ally deep or dan­ger­ous, but for Chrysler, the dam­age from the canal could amount to $1 bil­lion in terms of im­age, af­ter the com­pany had to re­call 1.4 mil­lion cars.

For the auto cy­ber pro­tec­tion in­dus­try, this was an op­por­tu­nity. Im­me­di­ately fol­low­ing the in­ci­dent, US com­pany Har­man, which makes the mul­ti­me­dia sys­tem for Chero­kee ve­hi­cles, made mas­sive ac­qui­si­tions of com­pa­nies in the sec­tor, in­clud­ing two Is­raeli com­pa­nies: Red Bend Soft­ware, for $200 mil­lion, and Tow­erSec, for $70m.

GuardKnox, which has raised mil­lions of dol­lars from auto in­dus­try con­cerns (in­clud­ing Al­lied, owner of Cham­pion Mo­tors; Taavura Hold­ings co-owner Shay Liv­nat, and Kar­dan NV, which owns a ve­hi­cle fleet, is try­ing to ride this wave. Ac­cord­ing to its founders, CEO Moshe Sh­lisel and CTO Dio­nis Tesh­ler (a third founder, Idan Na­dav, is chief en­gi­neer), GuardKnox has al­ready signed a con­tract with one of the auto man­u­fac­tur­ers for in­stalling its prod­ucts in that man­u­fac­turer’s ve­hi­cles, start­ing next year.

In con­trast to what you might think, GuardKnox’s founders make it clear that a cy­ber­at­tack by ter­ror­ists is not the main threat to the auto in­dus­try. “Ter­ror­ism is very sexy, but in the end, ev­ery crim­i­nal in­dus­try, in­clud­ing the cy­ber crim­i­nal in­dus­try, is mo­ti­vated by only one thing – money,” Tesh­ler, who served in the air force and was in­volved in sev­eral of its most sig­nif­i­cant projects, says. “At the most ba­sic level, when you’re driv­ing, the sys­tem in the car col­lects information, and this information can be stolen and traded,” he ex­plains, adding that there are also com­pletely le­gal dan­gers, such as information col­lected about our driv­ing from the auto com­pany reach­ing the in­sur­ance com­pany.

“The car is be­com­ing more and more of a ser­vice plat­form,” Sh­lisel, 53, an­other for­mer air force man (he was re­leased with the rank of lieu­tenant-colonel), adds. “You de­mand from the car all sorts of ca­pa­bil­i­ties that re­quire it to be con­nected to the In­ter­net: information about the traf­fic sit­u­a­tion, au­to­matic pay­ment on toll roads, and down­load­ing a movie on the back­seat screen.”

Con­trol of the car

Tesh­ler: “Imag­ine a breakin of the com­puter of a given ve­hi­cle fleet, with the hacker de­mand­ing a ran­som from the com­pany, with the threat that one of the cars of a given model in the fleet won’t drive.

“Think of it like this: once upon a time, you would step on the brake, and a hy­draulic sys­tem was put into oper­a­tion. To­day, the brakes don’t op­er­ate any­thing; it’s a but­ton that op­er­ates a com­puter. The same is true of the gas and the wheel. This is a com­pletely elec­tronic sys­tem, and just as the driver sends an or­der to one of the ve­hi­cles, some­one who has bro­ken in can sim­ply give the op­po­site or­der.”

Ve­hi­cle fleets were al­most the first to be dam­aged by cy­ber at­tacks. “Trans­porta­tion is be­com­ing more than a ser­vice, and less pri­vate,” Sh­lisel says. “The young gen­er­a­tion is get­ting fewer driv­ing li­censes and buy­ing fewer cars. Car own­er­ship is no longer sig­nif­i­cant. As soon as you con­cen­trate trans­porta­tion in ve­hi­cle fleets, you have cre­ated the po­ten­tial for an at­tack on them. Auto man­u­fac­tur­ers al­ways did ex­cel­lent work in de­vel­op­ing ve­hi­cles that would pro­tect us in a safety sense, but they did not take the other haz­ards into ac­count.”

In ad­di­tion to its agree­ment with the auto man­u­fac­turer, which it re­fuses to name, GuardKnox is con­duct­ing pi­lots with other com­pa­nies in the auto in­dus­try, and the lit­tle rev­enue it has comes from this as­pect; the com­pany hopes that some of this busi­ness will ex­pand into agree­ments with auto man­u­fac­tur­ers. In ad­di­tion, GuardKnox’s board of di­rec­tors in­cludes for­mer Gen­eral Mo­tors board mem­ber Steve Girsky.

GuardKnox’s unique­ness

Tesh­ler: “First of all, the fact that we come from tech­no­log­i­cal jobs in the air force. We ac­cu­mu­lated a lot of ex­pe­ri­ence in the mil­i­tary elec­tron­ics in­dus­try. Cy­ber in UAVs and mini-UAVs is some­thing that is al­ready hap­pen­ing, and we re­al­ized that the ca­pa­bil­i­ties that de­vel­oped over the years in mil­i­tary avi­a­tion are ex­actly what the auto in­dus­try needs. Our ap­proach to work pro­tects mov­ing tar­gets, and we think that this pro­tec­tion, when we bring it to cars, is good pro­tec­tion.

“We’re tak­ing the car’s com­mu­ni­ca­tions con­fig­u­ra­tion and lock­ing it in such a way that the party giv­ing the in­struc­tions has to meet cer­tain stan­dards; if he does not meet them, the in­struc­tion is classed as in­valid. In­stead of re­ac­tive de­fense, we pro­vide proac­tive de­fense that pre­vents any at­tack, like a vac­ci­na­tion.”

But you know what hap­pens with vac­ci­na­tions. As soon as a new one comes out, the bac­te­ria de­velop re­sis­tance, and the vac­ci­na­tion has to be re­newed, and so forth. In other words, hack­ers can also go through this evo­lu­tion.

Sh­lisel: “In the end, even the FBI and CIA suf­fer from breakins. What does that show? That some­one in­vested a great deal of time, and suc­ceeded. Any­one who thinks that se­cu­rity is com­plete is wrong. Our method­ol­ogy works like this: I can put a lot of guards around a pile of gold to try to de­fend against the at­tack­ers, but if there are too many at­tack­ers, the guards will sur­ren­der. On the other hand, if I put the gold in a closed fa­cil­ity at Fort Knox pro­tected by the build­ing and by guards, it will have a very high level of se­cu­rity.”

Changes in the in­dus­try

“For us, th­ese are busi­ness op­por­tu­ni­ties, be­cause there is a lot of com­mu­ni­ca­tions, and more points that can be at­tacked. Pas­sen­gers need to be pro­tected against mes­sages com­ing from out­side that are li­able to af­fect the car’s safety. Other com­pa­nies are work­ing on sta­tis­ti­cal so­lu­tions. Our ap­proach is de­ter­min­is­tic: it’s not some­thing that may not work; the en­tire sys­tem is locked.”

COM­MUTERS DRIVE on a high­way un­der con­struc­tion out­side of Tel Aviv.

Newspapers in English

Newspapers from Israel

© PressReader. All rights reserved.