Today’s modern vehicles include hundreds of data-producing sensors and millions of lines of code – effectively, every new car that rolls off the lot is a mobile data center. The intersection of connected vehicles and cybersecurity is critical considering that safety, security, and trust are essentially inseparable.
The relative insecurity of most every connected thing elicits heightened awareness of the impact of cyberattacks and breaches which are highlighted in the media and popular culture depictions of attacks. This makes achieving security from the outset extremely critical to the continued adoption of these technologies by the marketplace.
With this in mind, BlackBerry® is taking our world-class endpoint protection capabilities into the automotive world. Drawing on our decades of experience in data and endpoint security, several engineering teams across BlackBerry have united to bring advanced mobile security to the automotive sector and set the benchmark for comprehensive Unified Endpoint Security for Vehicles.
The Problem
Car connectivity can bring valuable features like proactive diagnostics, effortless software updates, and real-time status monitoring such as tire pressure or fuel level, but this connectivity also increases the vehicle’s cyberattack surface. Today’s vehicles, like any connected system, are vulnerable to attack, and each connected feature is a possible attack vector.
In addition to countless cases of white-hat hackers demonstrating these mounting vulnerabilities, there have also been several instances of actual attacks on vehicles in recent years. And, since 82% of all automotive cyberattacks are now remote, these unique problems require custom solutions.
“With the increasing smart cars connectivity and the emergence of (semi)-autonomous cars, novel cybersecurity challenges, risks and threats are arising. Attacks targeting smart cars may lead to vehicle immobilization, road accidents, financial losses, disclosure of sensitive and/or personal data, and even endanger road users’ safety,” a report (PDF) from the European Union Agency for Cybersecurity (ENISA) states.
“Thus, appropriate security measures need to be implemented to mitigate the potential risks, especially as these attacks threaten the security, safety and even the privacy of vehicle passengers and all other road users, including pedestrians.”
The Solution
The massive mobile endpoint that is the modern vehicle comes with more than its share of security concerns, and until now the question was whether traditional network security solutions were going to translate well to connected vehicles, which are complex systems that require the same protections as any other network, such as firewalls, antivirus (EPP), endpoint detection and response (EDR), data loss prevention, and more.
BlackBerry narrowed our focus to address three of the most significant issues in connected vehicle security and safety:
- Blocking malware and cyberattacks: Using machine learning, we can detect and prevent malicious apps from being installed on the vehicle infotainment system. This technology can be used by an OEM to pre-screen apps before they’re made available on their app store, or it can scan apps as they’re installed by the vehicle owner. Furthermore, the solution uses data from sensors in the vehicle to provide AI-driven endpoint detection and response from machine learning models – which can live on the vehicle, in the cloud, or both.
- Driver recognition: Based on behavior analytics, BlackBerry’s solution can recognize drivers based on their driving style. Using data and analysis from dozens of vehicle sensors, the solution can learn behaviors like steering style, acceleration and braking tendencies, and even turn signal data, to eventually create a persona for each driver of the vehicle. This data can help fleet managers and OEMs monitor overall vehicle security – this solution could detect if the driver matches the owner of the remote key fob that was used to start the vehicle. These driver recognition methods can be utilized to tell you who is driving – or not driving – the vehicle.
- Vehicle maintenance: Machine learning models can provide proactive vehicle diagnostics for maintenance requirements and detect when a vehicle component might need service or replacement. Imagine if data produced by your vehicle could tell you when your battery has lowered capacity, how many times it has been charged in its lifespan, and when it will start failing to produce the correct amperage to start your vehicle – without ever being stranded with a dead battery in the parking lot. This component of our solution could be an invaluable asset for auto manufacturers, service departments, fleet managers, and car owners.
These innovative BlackBerry Unified Endpoint Security for Vehicles solutions are designed to protect against automotive cyberattacks and malicious infotainment apps while using data science and machine learning to authenticate the driver and predict vehicle maintenance requirements.
“The need for a holistic view into the overall health and security posture of a vehicle's entire code base throughout its full lifecycle is absolutely critical,” said Charles Eagan, Chief Technology Officer, BlackBerry.
“No one knows security better than us, and we now have a transportation-focused framework that the industry can tap to enhance the security, trustworthiness, and safety of connected vehicles. It can provide peace of mind to drivers, passengers and pedestrians alike.”
Built on both new and existing BlackBerry technologies, our solution has focused on these key tenets of connected car security to pave the road for true endpoint protection – even when the endpoint has four wheels and an engine. After being demonstrated for the first time at the Consumer Electronics Show (CES) 2020 in Las Vegas, all these Unified Endpoint Security for Vehicles features are now available for integration into manufacturer and infotainment software.
For more information, or to inquire about this solution, contact us at: endpointsecurityforvehicles@blackberry.com