In-brief: HARMAN, the automobile supplier, said it will buy Tower Security, a maker of security technology for connected vehicles.
The effects of last summer’s stunning display of software based attacks on a connected vehicle continue to be felt, as HARMAN, a leading equipment supplier to automotive firms, announced it is acquiring TowerSec, a firm that specializes in network security for automobiles.
HARMAN announced the deal at the annual Consumer Electronics Show (CES) on Tuesday, saying that TowerSec’s technology will be integrated into HARMAN’s 5+1 security architecture with a goal of “protecting the critical points of vulnerability in the connected and autonomous car, including hardware, network and Over The Air (OTA) updates.”
The deal is notable because HARMAN’s technology played a key role in the hack of a 2014 Jeep Cherokee manufactured by Fiat Chrysler. In a demonstration for Wired Magazine in July, researchers Chris Valasek of the firm IOActive and Charlie Miller of Twitter demonstrated software based attacks on the Cherokee’s on-board systems that enabled them to control braking, steering, and other critical in-vehicle systems. The two researchers were able to control those systems by way of a compromise of HARMAN’s UConnect wireless entertainment system.
Chris Valasek discusses his hack of Harman’s UConnect at the 2015 Security of Things Forum
The TowerSec acquisition seems intended to address the kinds of vulnerabilities that Miller and Valasek addressed (Both researchers now work for ride sharing start-up Uber’s advanced technologies group).
In a presentation at The Security of Things Forum in September, Valasek said that the nature of auto manufacturing makes it impossible for automakers to single-handedly ensure the security of their automobiles. Better information security needs to involve automakers, Tier 1 OEMs like HARMAN and telecommunications firms working in cooperation. “They all need to share responsibility for security,” he said.
“Not all the weight is on Fiat Chrysler,” Valasek said. The “execute” code exploited by the researchers was written by HARMAN, he noted. Fiat Chrysler doesn’t have the capability to completely audit all the hardware they receive from OEMs.”
HARMAN chief executive officer Dinesh Paliwal acknowledged as much in a statement. “We cannot sacrifice security for functionality” he said. “By acquiring TowerSec’s best-in-class suite of network protection software and gaining the expertise of their highly experienced security engineers, we will build on HARMAN’s 5+1 security framework, already the most comprehensive in the industry, and ensure that we remain one step ahead to protect existing and future connected systems.”