Red Balloon Security recently launched an Automotive Exploitation Sandbox to demonstrate what typical automotive attack chains look like and to provide a hands-on experience with real hardware.
NEW YORK (PRWEB) July 13, 2018
Red Balloon Security, a world leader in universally compatible embedded security technology, announced today it has signed a strategic partnership with the Automotive Information Sharing and Analysis Center (Auto-ISAC) to provide new tools and training aimed at improving cybersecurity awareness within the automotive industry.
“We are excited to work with Auto-ISAC in its effort to promote stronger automotive cybersecurity,” said Dr. Ang Cui, founder and CEO of Red Balloon Security. “We hope this strategic partnership will be an opportunity for us to collaborate more closely with industry partners and to bring our experience in embedded security to the global automotive community.”
In its role as an Auto-ISAC strategic partner, Red Balloon Security will provide the automotive community with specialized tools and training to help these professionals better understand the new cyber threats facing vehicle embedded device systems.
“We are pleased to have Red Balloon Security as an Auto-ISAC strategic partner and are looking forward to our collaboration with them. Red Balloon Security will introduce our membership to their Automotive Exploitation Sandbox, a learning tool designed to teach members about vulnerabilities in automotive embedded devices, and how these vulnerabilities might be exploited by malicious actors,” said Faye Francy Executive Director of the Auto-ISAC. “The addition of Red Balloon Security will help the Auto-ISAC continue to drive the industry's proactive efforts to incorporate strong security measures into every phase of the vehicle lifecycle.”
To further educate stakeholders in the automotive industry, Red Balloon Security recently launched an Automotive Exploitation Sandbox (available publicly at https://sandbox.redballoonsecurity.com) to demonstrate what typical automotive attack chains look like and to provide a hands-on experience with real hardware. Announced at the escar USA conference in June 2018, the sandbox builds on Red Balloon Security’s academic and research efforts and is intended to be used as an educational tool. The sandbox allows users to access and subvert a vehicle electronic control unit (ECU) in order to show security weaknesses within this key piece of technology. ECUs are small embedded devices which control most of the functions within a car, from the infotainment system to the steering, acceleration, brakes, suspension, transmission and more. Today’s vehicles typically have dozens of embedded ECUs. The problem, however, is that ECUs often contain numerous vulnerabilities which could be exploited by an attacker. (While real code is used in the exercise, the exploit is a synthetic vulnerability created by Red Balloon Security.) ECUs are also difficult to patch because most automakers do not yet facilitate over-the-air software updates. Red Balloon Security’s sandbox provides a safe way for automotive industry professionals to simulate attacks on an ECU in order to see how easily these security flaws can be exploited, and the damage this would cause.
Red Balloon Security is also working closely with a number of automotive industry partners to improve vehicle cybersecurity more directly. Last year, the company released a new security technology which protects vehicle systems from a wide range of potential attacks. Known as Symbiote for Automotive Defense, it is a universally-compatible, OS-agnostic, real time host-based intrusion defense system for automotive ECUs and gateways. It is based on the highly successful Symbiote Defense technology for embedded devices, which is already being transitioned into the U.S. Department of Defense, the Department of Homeland Security, as well as in critical infrastructure applications. Symbiote currently protects millions of embedded devices around the world, and has logged more than 25 billion hours of runtime without a single recorded failure.
For more information, visit the Red Balloon Security website at http://www.redballoonsecurity.com.
About Red Balloon Security
Red Balloon Security is a leading security provider for embedded devices across all industries. Founded in 2011 by Dr. Ang Cui, the company’s core technology, Symbiote Defense, was originally developed through Columbia University’s Intrusion Detection Systems Lab. After a decade of testing, billions of hours of error-free runtime and deployments in the US military, homeland security, critical infrastructure and consumer products, Symbiote Defense is the world’s most advanced and proven firmware defense system for embedded devices. Red Balloon Security’s pioneering industry research is led by a team of world-class academics, researchers and developers who have published seminal research papers in the fields of embedded security and intrusion detection, directed U.S. Department of Defense funded research activities, responsibly disclosed vulnerabilities within hundreds of millions of ubiquitous embedded devices and worked as embedded security researchers within various intelligence agencies. Website: http://www.redballoonsecurity.com
The Auto-ISAC facilitates sharing of timely and actionable information pertaining to cybersecurity threats affecting the automotive industry. It enhances the ability of the automotive industry to prepare for and respond to cyberthreats, deal with vulnerabilities and incidents, and raise awareness across the community to reduce business risks.
Auto-ISAC was established in 2015, when Global Automakers, Auto Alliance and 14 automakers joined forces to build this global community to foster collaboration that creates a safe, efficient, secure and resilient connected vehicle ecosystem. Auto-ISAC shares and analyzes timely and actionable intelligence about emerging cybersecurity risks to the vehicle. It also works to develop and mature vehicle cybersecurity capabilities across the industry through initiatives like its Best Practices and information exchanges.
Membership is open to light- and heavy-duty vehicle OEMs and suppliers, and commercial vehicle sector (e.g. fleets, carriers). Partnerships are open to security solutions providers, industry associations, research consortia, government agencies and academia.