Connect with us

Hi, what are you looking for?



Symantec Wants to Protect Your Car From Zero-Day Attacks

Symantec Expands IoT Security Portfolio to Connected Cars

Symantec Expands IoT Security Portfolio to Connected Cars

Symantec this week introduced a new IoT security solution specifically designed to protect connected vehicles from zero-day attacks and never-before-seen threats.

News of Symantec’s undertaking comes just a few months after the FBI released a warning on remotely exploitable cyber vulnerabilities that affect modern motor vehicles.

Researchers have demonstrated over the past years that vehicles such as the Toyota Prius, Tesla Model SJeep Cherokee, and Nissan Leaf are exposed to hacker attacks due to vulnerabilities in connected systems.

Symantec Expands IoT Security Portfolio to Connected Cars

Just last week, researchers from the UK discovered that the mobile applications for the Mitsubishi Outlander plug-in hybrid electric vehicle (PHEV) are plagued by vulnerabilities that can be exploited by hackers to remotely control some of the car’s features.

The new Symantec Anomaly Detection for Automotive leverages machine learning technology to provide “passive in-vehicle security analytics” that monitor all Controller Area Network (CAN) bus traffic without disrupting vehicle operations, learn what normal behavior is and flag anomalous activity that may indicate an attack.

“Connected cars offer drivers conveniences such as navigation, remote roadside assistance and mobile internet hot spots,” Symantec said. “There will be 220 million connected cars on the road in 2020, according to Gartner. While new technologies promise to enhance the driving experience, these advancements also create avenues of attack for hackers that can endanger drivers and passengers.”

Built from the ground up for vehicles, Symantec says the new offering can learn a vehicle’s behavior in a deeper, more precise way to allow auto makers to detect previously unseen attacks. Additionally, the offering can prioritize incidents based on “perceived criticality” and risk, and detect anomalies without the need set rules or create policies.

Advertisement. Scroll to continue reading.

“Automotive security threats have gone from theory to reality,” said Shankar Somasundaram, senior director of product management and engineering at Symantec. “The infrastructure and technology that already helps protect billions of devices and trillions of dollars now protects the car.”

At SecurityWeek’s 2015 ICS Cyber Security Conference, Brian Witten, Senior Director for IoT Security at Symantec, told attendees that Symantec currently protects more than 1 billion connected IoT devices through its portfolio of IoT security offerings. 

Symantec is one of several players looking capitalize on the security needs for the automotive sector. In September 2015, Argus Cyber Security, a Tel Aviv, Israel-based startup focused on automotive cyber security, raised $26 million in Series B funding. In April 2016, Karamba Security emerged from stealth mode with $2.5 million in seed funding with a mission to protect connected cars from cyberattacks. Several other security firms have moved into the IoT security space as well.

In August 2014, a group of security researchers called upon automobile manufacturers to build cyber-security safeguards inside the software systems powering various features in modern cars. In an open letter to “Automotive CEOs”, the researchers called on automobile industry executives to implement five security programs to improve car safety and safeguard them from cyberattacks.

Symantec Anomaly Detection for Automotive is currently available in most markets worldwide and works with almost any automotive make and model.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

Joe Levy has been appointed Sophos' permanent CEO, and Jim Dildine has been named the company's CFO.

CISA executive assistant director for cybersecurity Eric Goldstein is leaving the agency after more than three years.

More People On The Move

Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.