Arxan Technologies > Case Studies > Securing the Connected Car Ecosystem

Securing the Connected Car Ecosystem

Arxan Technologies Logo
 Securing the Connected Car Ecosystem - IoT ONE Case Study
Technology Category
  • Cybersecurity & Privacy - Application Security
Applicable Industries
  • Automotive
Applicable Functions
  • Product Research & Development
Use Cases
  • Cybersecurity
About The Customer
One of the largest global automakers
The Challenge

In-vehicle communications and entertainment system hosts high-value or sensitive applications. API libraries facilitate communication and sharing of vehicle data. These API libraries are vulnerable to reverse engineering and tampering attacks and may even result in loss of passenger safety. Attackers can inject malware that may be able to migrate to other in-car networks such as the controller-area-network (CAN) bus which links to the vehicle’s critical systems. Software provided for dealers to interface with cars through the OBD2 port is vulnerable to reverse engineering and tampering attacks. Hackers may be able to abuse these tools to inject malicious code into the ECUs and CAN bus. Attackers can lift the cryptographic keys used, and use that to build their own rogue apps/software. Their cloned version of the original app/software may have altered functionality, and may intend to gain access to other in-car networks.

The Solution

White-box cryptography is a method for securely hiding cryptographic keys even if a hacker has full access to the software. The original key material is converted to a new representation using a trapdoor function (a one-way, non- reversible function). This new key format can only be used by the associated white-box cryptographic software, effectively hiding the key. However, this is not enough – white-box cryptography hides the key securely, but the hacker could still decompile the original application and modify the app or lift out the entire white-box software package and leverage it in a separate app for nefarious objectives. Arxan Code Protection, comprised of unique patented guarding technology, hardens the API library to self-defend against reverse engineering or tampering, both statically and at runtime. Arxan’s application protection solution, comprised of unique patented guarding technology, hardens the dealer tools to self-defend against reverse engineering or tampering, both statically and at runtime. It can detect if the white-box software is running in the correct (unmodified) application or in a new environment, and make decompiling the app extremely difficult. Arxan’s anti-tamper techniques can respond to runtime attacks with customizable actions and notify the owner that the software is being modified.

Data Collected
Connectivity Status, Data Security
Operational Impact
  • [Data Management - Data Security]
    Arxan’s Cryptographic Key/Data Protection has effectively hidden the secret keys used for authentication. Given the keys are never present either in the static form or in runtime memory, hackers have not been able to gain unauthorized access to the application and/or to any of the in-car networks. Arxan’s Code Protection has “hardened” the client app and dealer tools, making it extremely difficult for a hacker to gain access to the source code and all of the security controls, lift the white-box software package and/or modify the behavior of the application at run-time.

Case Study missing?

Start adding your own!

Register with your work email and create a new case study profile for your business.

Add New Record

Related Case Studies.

Contact us

Let's talk!
* Required
* Required
* Required
* Invalid email address
By submitting this form, you agree that IoT ONE may contact you with insights and marketing messaging.
No thanks, I don't want to receive any marketing emails from IoT ONE.
Submit

Thank you for your message!
We will contact you soon.