whiteCryption just wrapped up the RSA Conference where we showcased our advanced application protection solutions. We met many app developers concerned about data protection and got to share some insights in how they can protect against security and data threats inherent in today’s apps.
The recent explosion of mobile apps for the Internet of Things (IoT), automotive, wearables and financial applications that carry deeply sensitive personal and confidential information has created significant demand for technologies that raise the bar against hackers trying to steal that information. As more personal, behavioral information and health data is kept in mobile devices, app developers must protect their apps in more advanced ways. In addition, IoT and transportation apps that control and connect to cars, airplanes and the like, will need even more advanced protection technologies to ensure personal data is not compromised.
Consumers are used to having modern high-performance computing devices with them wherever they go (imagine life without a smartphone). Constant connection to friends, the Internet, content, music, you name it; access to information is becoming the status quo. They are now expecting that this connectivity and content be accessible while they are driving their cars and even built in to some of the things they wear (glasses, watches, bracelets and clothing). In modern homes, appliances are providing data and information to both consumers and manufacturers to help in providing conveniences and efficiencies only imaginable in science fiction and movies.
While all of this connectivity sounds great and promises the world caution is needed. Anyone who has had their computer infected with malware well knows, there is a dark side to the Internet. In the wrong hands, all of this connectivity exposes data, some that can contain personal information such as health or financial information. Indeed, in the wrong hands this connectivity in the form of the connected car can be quite scary indeed!
What are some of the vulnerabilities?
- Lack of sufficient bus protection. The signaling and communications bus, CAN bus, lacks the necessary protection to ensure confidentiality, integrity, availability, authentication, and non-repudiation.
- Weak authentication. It’s very possible to re-program the ECUs illicitly.
- Misuse of the protocols. Denial of Service (DoS) attacks via CAN; malicious error messages can be used to trigger the fault-detection-mechanism in CAN.
- Poor protocol implementation. For example… reprogramming the ECU while the vehicle is moving is not allowed, however it is possible to launch commands that disable the CAN communication and set the ECU into programming mode while the vehicle is moving.
- Information leakage and corruption. Hackers can manipulate the diagnostic protocol by sniffing ordinary diagnostic sessions and injecting modified messages.
Now for the good news… we have a solution that was designed from the ground up to tackle advanced threats that people now face. Anyone making a wearable or IoT device should not launch without tamper resisting their apps against malicious attacks.
Our Cryptanium solutions protect IoT applications extending across connected cars, wearable devices and even in-flight entertainment. In fact, a leading supplier of in-flight entertainment and communication systems recently deployed an application security solution from whiteCryption to protect their content delivery against tampering and reverse engineering.
Cryptanium solutions stand out for the following key features:
- Enterprise-level solutions that add a layer of protection to help avoid limitations and risks involved with conventional application security.
- High security solutions that deliver the next level of obfuscation, self-defense and tamper-resistance against piracy.
- Integrated software code protection and white-box cryptography solutions to protect modern software applications on various platforms including mobile apps and firmware/embedded applications.
The future promises to provide conveniences that will surely make our lives easier, and connectivity will be a major reason why. But, like most technology advances, security and data protection will play prominent roles in ensuring that convenience is not trumped by disaster.