Security Experts:

Symantec Wants to Protect Your Car From Zero-Day Attacks

Symantec Expands IoT Security Portfolio to Connected Cars

Symantec this week introduced a new IoT security solution specifically designed to protect connected vehicles from zero-day attacks and never-before-seen threats.

News of Symantec’s undertaking comes just a few months after the FBI released a warning on remotely exploitable cyber vulnerabilities that affect modern motor vehicles.

Researchers have demonstrated over the past years that vehicles such as the Toyota Prius, Tesla Model SJeep Cherokee, and Nissan Leaf are exposed to hacker attacks due to vulnerabilities in connected systems.

Symantec Expands IoT Security Portfolio to Connected Cars

Just last week, researchers from the UK discovered that the mobile applications for the Mitsubishi Outlander plug-in hybrid electric vehicle (PHEV) are plagued by vulnerabilities that can be exploited by hackers to remotely control some of the car’s features.

The new Symantec Anomaly Detection for Automotive leverages machine learning technology to provide “passive in-vehicle security analytics” that monitor all Controller Area Network (CAN) bus traffic without disrupting vehicle operations, learn what normal behavior is and flag anomalous activity that may indicate an attack.

“Connected cars offer drivers conveniences such as navigation, remote roadside assistance and mobile internet hot spots,” Symantec said. “There will be 220 million connected cars on the road in 2020, according to Gartner. While new technologies promise to enhance the driving experience, these advancements also create avenues of attack for hackers that can endanger drivers and passengers.”

Built from the ground up for vehicles, Symantec says the new offering can learn a vehicle’s behavior in a deeper, more precise way to allow auto makers to detect previously unseen attacks. Additionally, the offering can prioritize incidents based on “perceived criticality” and risk, and detect anomalies without the need set rules or create policies.

“Automotive security threats have gone from theory to reality,” said Shankar Somasundaram, senior director of product management and engineering at Symantec. “The infrastructure and technology that already helps protect billions of devices and trillions of dollars now protects the car.”

At SecurityWeek’s 2015 ICS Cyber Security Conference, Brian Witten, Senior Director for IoT Security at Symantec, told attendees that Symantec currently protects more than 1 billion connected IoT devices through its portfolio of IoT security offerings. 

Symantec is one of several players looking capitalize on the security needs for the automotive sector. In September 2015, Argus Cyber Security, a Tel Aviv, Israel-based startup focused on automotive cyber security, raised $26 million in Series B funding. In April 2016, Karamba Security emerged from stealth mode with $2.5 million in seed funding with a mission to protect connected cars from cyberattacks. Several other security firms have moved into the IoT security space as well.

In August 2014, a group of security researchers called upon automobile manufacturers to build cyber-security safeguards inside the software systems powering various features in modern cars. In an open letter to “Automotive CEOs”, the researchers called on automobile industry executives to implement five security programs to improve car safety and safeguard them from cyberattacks.

Symantec Anomaly Detection for Automotive is currently available in most markets worldwide and works with almost any automotive make and model.

view counter
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.