TowerSec proprietary. The contents shall not be copied, reproduced, changed or communicated to another - either in whole or in part.

The first mile in secured connected vehicle

Cyber Maryland 2015

Anuja Sonalker, Ph.D

© TOWERSEC 2

Founded in 2012, TowerSec brings together Detroit’s automotive industry's knowledge with Israeli Cyber Security experience.

Offices Ann Arbor, Michigan, Annapolis Junction, Maryland, Berlin, Germany and an R&D center in Tel-Aviv, Israel

TOWERSEC Overview

Providing security solution to protect vehicles and related on-board components against hacking and intrusions.

BUSINESS PROFILE

PRODUCTS Ready to embed software solution for integration into ECUs, Smart Gateways and other CAN related systems

ORGANIZATION

ECUSHIELD TCUSHIELD

Designed to be integrated in Telematics devices, IVIs, dongles and other after-market OBDII related products.

© TOWERSEC 3© TOWERSEC 3Trojan Car |

© TOWERSEC 4© TOWERSEC 4Trojan Car |

The modern connected attack surface!

© TOWERSEC 5TOWERSEC Introduction |

Its all about CAN access

© TOWERSEC 6© TOWERSEC 6Trojan Car |

Cyber attacks on cars today are rare– Requires a lot of time– Special resources – Specialized knowledge

Civilian connected-cars = higher payoff– Insurance Fraud, Warranty Fraud– Safety hazards & Terrorism

Law enforcement vehicles have a much higher payoff– Law and order situation out-of-control

Is the problem REAL and PRACTICAL?

© TOWERSEC 7© TOWERSEC 7Trojan Car |

Telematics compromiseIn-cab electronics hacking– Radio– Cell phone– OBD-II– GPS spoofing

Remote Start!

Typical cyber attacks on vehicles

© TOWERSEC 8© TOWERSEC 8Trojan Car |

Sensor input compromise– Camera– Radar, LIDAR

Loss of Critical control – Braking and acceleration– Air bag control– Adaptive safety systems

Typical cyber attacks on vehicles

© TOWERSEC 9TOWERSEC Introduction |

Vehicle brands hacked in the public domain

o Fordo GM o BMWo Mercedeso Chrysler/FCA

o Toyotao VWo Teslao Audio Corvette

© TOWERSEC 10TOWERSEC Introduction |

Layered Security Approach

Vehicular Network Security

© TOWERSEC 11

How You Would Protect• Intrusion Detection or Prevention:

– Employ at least a passive detection technology

• Vulnerability management: – Regular maintenance, patching of known and exposed vulnerabilities

© TOWERSEC 12

• Penetration testing:– Routine pen testing of IT systems, software, vehicles, telematics units, major sensors

• By Design: – Future Systems design– Complexity management through SEP

How You Would Protect

© TOWERSEC 13

• Balance Risk, Asset and Threat likelihood• Cover high bandwidth attack surfaces• Long term secure designs• Detection/monitoring systems have a place

Where should prevention resources be invested?

TowerSec proprietary. The contents shall not be copied, reproduced, changed or communicated to another - either in whole or in part.

For Safe and Secure Drive

www.tower-sec.com | info@tower-sec.com

© TOWERSEC 15TOWERSEC Introduction |

Telit Wireless Solutions to Present m2mAirSHIELD at MWC, March, 2014

TowerSec enters into a cooperative agreement with AC Cars to embed TowerSec products in future AC models.July, 2014