Protecting Connected Cars Against API Driven Attacks
The Connected Car is Vulnerable
Most operational systems in a car or truck -- brakes, transmission, etc. -- have long adopted digital controls, largely interconnected within the vehicle. A vehicle today is increasingly understood as a computer system on wheels, ultimately trending toward comprehensive "self-driving" capabilities.
The current revolution to connect the new generation of computer-cars to central servers (and to each other) over wireless mobile networks promises enormous but introduces potentially catastrophic cyber-risks from hackers capable of attacking a connected car or entire fleets of vehicles sharing a communications network through common software, hardware or operating systems. Attacks can spread directly from one vehicle to another, and well as through a common backend.
APIs are the Future of the Connected Car Ecosystem
The connected car industry's global revenue is projected to reach $141 billion by 2020. Car manufacturers rely on an ecosystem of players to deliver next-generation services. In fact, the connected car is a use case of a colossal ecosystem of vehicle-centric IoT devices. Connecting them all together will be connected car APIs .
Connected cars report private data to OEM cloud and receive commands from the OEM cloud to enable advanced services. Multiple APIs exist between the following entities:
* The car and the OEM cloud
* User installed applications and the OEM cloud
* Advanced services and the OEM cloud
Each of these API types can be exploited to hack into the car or the OEM cloud and can lead to:
* Massive private data leakage * Fleet-wide ransomware attack
*Fleet-wide loss of control attack * Denial of Service attack
Anomaly Management Platform
Automated Protection Against API Driven Attacks
The answer to the rapidly-evolving and high-value threats in a complex system of connected vehicles (and related mobile applications) can only be achieved through AI-driven anomaly-detection systems capable of sifting through all of the data streams in a network -- in real time -- to identify conditions at variance with normal behavior and demanding instantaneous attention.
imVision's powerful cloud-based anomaly detection software is capable of rapidly and flexibly "learning" what data may be at variance with norms, and therefore an indication of possible security threats, fraudulent activity or data privacy breaches
Continuously Analyze Internal and External APIs
Protocol and Application Level Analysis
Procedural Flow Analysis
•End to end procedure integrity
•Procedure messages validation
•State of the car
•Multi-entity event analysis
Behavior patterns analysis
•Car behavior patterns
•Volumetric messages & events analysis
What to hear more? Contact us now!