Securing the Connected Car Ecosystem
- Cybersecurity & Privacy - Application Security
- Automotive
- Product Research & Development
- Cybersecurity
In-vehicle communications and entertainment system hosts high-value or sensitive applications. API libraries facilitate communication and sharing of vehicle data. These API libraries are vulnerable to reverse engineering and tampering attacks and may even result in loss of passenger safety. Attackers can inject malware that may be able to migrate to other in-car networks such as the controller-area-network (CAN) bus which links to the vehicle’s critical systems. Software provided for dealers to interface with cars through the OBD2 port is vulnerable to reverse engineering and tampering attacks. Hackers may be able to abuse these tools to inject malicious code into the ECUs and CAN bus. Attackers can lift the cryptographic keys used, and use that to build their own rogue apps/software. Their cloned version of the original app/software may have altered functionality, and may intend to gain access to other in-car networks.
White-box cryptography is a method for securely hiding cryptographic keys even if a hacker has full access to the software. The original key material is converted to a new representation using a trapdoor function (a one-way, non- reversible function). This new key format can only be used by the associated white-box cryptographic software, effectively hiding the key. However, this is not enough – white-box cryptography hides the key securely, but the hacker could still decompile the original application and modify the app or lift out the entire white-box software package and leverage it in a separate app for nefarious objectives. Arxan Code Protection, comprised of unique patented guarding technology, hardens the API library to self-defend against reverse engineering or tampering, both statically and at runtime. Arxan’s application protection solution, comprised of unique patented guarding technology, hardens the dealer tools to self-defend against reverse engineering or tampering, both statically and at runtime. It can detect if the white-box software is running in the correct (unmodified) application or in a new environment, and make decompiling the app extremely difficult. Arxan’s anti-tamper techniques can respond to runtime attacks with customizable actions and notify the owner that the software is being modified.