BlackBerry Jarvis finds security flaws in connected cars

BlackBerry Ltd. continued its push into the auto industry with a new product that helps carmakers detect security flaws in software before it goes into their vehicles.


The system, known as Jarvis, can automatically scan reams of code to look for vulnerabilities, a job that traditionally would be done manually by computer experts, BlackBerry said in statement Monday.

Cars have used software for years, but now more are being connected to the internet, raising fears hackers could break into them. Some hackers have even demonstrated the ability to take control away from a driver remotely. BlackBerry is touting its experience in cybersecurity as an advantage in protecting vehicles from such threats.



Bloomberg, Engadget

 
Jarvis aims to provide automakers with safety backups as they design the incredibly complex and nuanced software that true autonomous driving requires. With complexity comes vulnerability, and rather than trying to build automotive software and protect it later, Jarvis will hold carmakers' hands through the entire process. BlackBerry says Jarvis will go through code line, and with a higher level of accuracy than would be possible by humans alone.
The way that BlackBerry plans on offering Jarvis to car companies is interesting, too. It will be sold on a pay-as-you-go basis and will be available to an OEM's entire software supply chain, soup to nuts. What's also neat is that Jarvis will allow manufacturers to have immediate results based on the program's evaluation of their software. No waiting for people to comb through millions of lines of code (or more), which can take weeks, months or longer.

The last huge benefit from an OEM standpoint is that BlackBerry's Jarvis will help ensure that their software adheres to rigid industry standards, like MISRA (Motor Industry Software Reliability Association) and CERT (Computer Emergency Response Team) C Standard for safety, reliability and security.

Connected and autonomous vehicles require some of the most complex software ever developed, creating a significant challenge for automakers who must ensure the code complies with industry and manufacturer-specific standards while simultaneously battle-hardening a very large and tempting attack surface for cybercriminals," said Chen, in a statement.

Now, we realize that this seems like intense nerd stuff, and it is, but here's why you should care about it: Imagine that your future self (you look great, by the way) is riding along in a Level 4 or 5 self-driving vehicle on your way to work. All of a sudden, your car starts to act strangely. Maybe it doesn't respond to inputs, and maybe someone calls your phone, telling you that they'll crash your car into a lake if you don't pay them.

Sure, this might sound like the plot of a super dystopian sci-fi thriller (Duncan Jones, I'm waiting for your call), but this is precisely the kind of nightmare that security experts fear may happen if cybercriminals are able to worm their way into your vehicle's self-driving software. Jarvis is designed to help prevent this sort of scenario from the ground up. Better still, Jarvis won't strictly be limited to use by automakers. BlackBerry plans to offer it to other industries including defense, healthcare, industrial automation and aerospace, so maybe our future as a whole will be a little more secure thanks to Jarvis.

CNET

Reacties