"It's no great pleasure to discover that your braking system has been broken into when you are trying to park in front of a canal," Wired Magazine reporter Andy Greenberg says at the beginning of the clip in which he shows a break-in by hackers of his Jeep Cherokee, manufactured by US automaker Chrysler. In the next frame of the clip, Greenberg, with a half-amused, half-worried expression on his face, tries to communicate with the hacker, who is standing a few meters away from his car. Using only a laptop, the hacker is seen controlling everything happening with the car, until it falls into the canal. Because the reporter and the hacker were responsible enough, this canal was not really deep or dangerous, but for Chrysler, the damage from the canal could amount to $1 billion in terms of image, after the company had to recall 1.4 million cars.
For the auto cyber protection industry, this was an opportunity. Immediately following the incident, US company Harman, which makes the multimedia system for Cherokee vehicles, made massive acquisitions of companies in the sector, including two Israeli companies: Red Bend Software, for $200 million, and TowerSec, for $70 million.
GuardKnox, which has raised millions of dollars from auto industry concerns (including Allied, owner of Champion Motors; Taavura Holdings co-owner Shay Livnat, and Kardan NV (TASE: KRNV;AEX:KARD), which owns a vehicle fleet, is trying to ride this wave. According to its founders, CEO Moshe Shlisel and CTO Dionis Teshler (a third founder, Idan Nadav, is chief engineer), GuardKnox has already signed a contract with one of the auto manufacturers for installing its products in that manufacturer's vehicles, starting next year.
Target: Large vehicle fleets
In contrast to what you might think, GuardKnox's founders make it clear that a cyber attack by terrorists is not the main threat to the auto industry. "Terrorism is very sexy, but in the end, every criminal industry, including the cyber criminal industry, is motivated by only one thing - money," Teshler, who served in the air force and was involved in several of its most significant projects, says. "At the most basic level, when you're driving, the system in the car collects information, and this information can be stolen and traded," he explains, adding that there are also completely legal dangers, such as information collected about our driving from the auto company reaching the insurance company.
"The car is becoming more and more of a service platform," Shlisel, 53, another former air force man (he was released with the rank of lieutenant colonel), adds. "You demand from the car all sorts of capabilities that require it to be connected to the Internet: information about the traffic situation, automatic payment on toll roads, and downloading a movie on the backseat screen."
"Globes": All right, but isn't the danger of control of the car is significant and immediate?
Teshler: "Certainly, and people and organizations can be extorted in this way, especially concerns with vehicle fleets. Imagine a break-in of the computer of a given vehicle fleet, with the hacker demanding a ransom from the company, with the threat that one of the cars of a given model in the fleet won't drive."
How is that possible?
"Think of it like this: once upon a time, you would step on the brake, and a hydraulic system was put into operation. Today, the brakes don't operate anything; it's a button that operates a computer. The same is true of the gas and the wheel. This is a completely electronic system, and just as the driver sends an order to one of the vehicles, someone who has broken in can simply give the opposite order."
An immune system model
Vehicle fleets were almost the first to be damaged by cyber attacks. "Transportation is becoming more than a service, and less private," Shlisel says. "The young generation is getting fewer driving licenses and buying fewer cars. Car ownership is no longer significant. As soon as you concentrate transportation in vehicle fleets, you have created the potential for an attack on them. Auto manufacturers always did excellent work in developing vehicles that would protect us in a safety sense, but they did not take the other hazards into account."
In addition to its agreement with the auto manufacturer, which they refuse to name, GuardKnox is conducting pilots with other companies in the auto industry, and the little revenue it has comes from this aspect; the company hopes that some of this business will expand into agreements with auto manufacturers. In addition, GuardKnox's board of directors includes former General Motors board member Steve Girsky.
This sector is full of companies offering cyber protection for a vehicle in various ways. What is special about you?
Teshler: "First of all, the fact that we come from technological jobs in the air force. We accumulated a lot of experience in the military electronics industry. Cyber in UAVs and mini-UAVs is something that is already happening, and we realized that the capabilities that developed over the years in military aviation are exactly what the auto industry needs. Our approach to work protects moving targets, and we think that this protection, when we bring it to cars, is good protection.
"We're taking the car's communications configuration and locking it in such a way that the party giving the instructions has to meet certain standards; if he does not meet them, the instruction is classed as invalid. Instead of reactive defense, we provide proactive defense that prevents any attack, like a vaccination."
But you know what happens with vaccinations. As soon as a new one comes out, the bacteria develop resistance, and the vaccination has to be renewed, and so forth. In other words, hackers can also go through this evolution.
Shlisel: "In the end, even the FBI and CIA suffer from break-ins. What does that show? That someone invested a great deal of time, and succeeded. Anyone who thinks that security is complete is wrong. Our methodology works like this: I can put a lot of guards around a pile of gold to try to defend against the attackers, but if there are too many attackers, the guards will surrender. On the other hand, if I put the gold in a closed facility at Fort Knox protected by the building and by guards, it will have a very high level of security."
Are you prepared for changes that are going to take place in the auto industry? In the not-too-distant future, there is a chance of an autonomous car, and there are already now systems that are making the car a kind of smart car that communicates with apps on a smart watch or a smartphone.
"For us, these are business opportunities, because there is a lot of communications, and more points that can be attacked. Passengers need to be protected against messages coming from outside that are liable to affect the car's safety. Other companies are working on statistical solutions. Our approach is deterministic: it's not something that may not work; the entire system is locked."
Published by Globes [online], Israel Business News - www.globes-online.com - on June 12, 2017
© Copyright of Globes Publisher Itonut (1983) Ltd. 2017