* Researchers developing cyber defences for cars
* Security breach has already caused recall
* Premium cars use more software code than fighter jets
By Ari Rabinovitch
TEL AVIV, Jan 11 (Reuters) - Building on its expertise in technology, Israel is emerging as a leader in the race to keep cars secure and prevent the nightmare scenario of a hacker commandeering your vehicle.
Most cars today are equipped with some level of connectivity and self-driving vehicles are being developed. Given this level of sophistication, protecting cars from contamination with malicious software has become big business.
“We view this as a potential $10 billion market opportunity over the next five years,” said Daniel Ives, an analyst with FBR Capital Markets in New York.
“As we have seen with cyber security over the past decade, the lion’s share of the innovation going after this market is from Israel and Silicon Valley.”
The threat appears real enough.
Fiat Chrysler recalled 1.4 million vehicles to install new software last year after cybersecurity researchers showed they could turn off a Jeep Cherokee’s engine as it drove . Software manipulation, albeit intentional, was also behind Volkswagen’s emissions scandal.
From its headquarters in Tel Aviv, Check Point, one of the world’s largest cyber security firms, pioneered the computer firewall two decades ago. It hopes to repeat that success with a security capsule for vehicles.
Connected cars need a two-pronged defence.
First, they must make sure nothing bad gets in, like a virus sneaking through a navigation system. Then they have to keep internal communications secure to allow functions like side-view mirrors which angle down when vehicles are put into reverse.
Check Point is focusing on protecting the car’s external gateway, said Alon Kantor, vice president of business development. After two years of meeting carmakers and their top suppliers, he said they now have a working “proof of concept”.
“The car manufacturers didn’t know exactly what cyber security was. We had to study the networks in different cars. It was mutual learning,” Kantor said.
With Check Point’s system, everything going in and out of the car passes through the company’s cloud-based network, where it is inspected in real time and malware is blocked.
“The idea is to prevent the next recall and handle all security and updates over the air,” Kantor said.
Experts warn that hackers may eventually try to track driving patterns, interfere with fleet management or falsify information passed electronically to insurers.
“Automakers are working to keep pace with the dynamic nature of cyber threats by incorporating security by design, developing internal expertise, and cultivating partnerships -- both procedural and operational -- with organisations specialising in cyber defense,” says the Alliance of Automobile Manufacturers, a Washington-based association of 12 of the largest car makers.
Some 420 million connected cars will be on the road in 2018, and the number has risen 57 percent annually since 2013, according to market researcher IDATE.
Technology companies are alive to the business opportunity.
Last week, Harman International Industries, a maker of connected car systems, said it was buying Israeli-founded cyber defense start-up TowerSec to protect its products with market-ready platforms. Israeli media estimated the deal at $70 million.
Technology giants like IBM and CISCO have asked their teams in Israel to work on protecting cars.
“What makes cars so vulnerable to attack is that they are such complex systems,” said Yaron Wolfsthal, head of the IBM research center in the desert city of Beersheba.
Premium cars, put together from a complex supply chain, can run on up to 100 million lines of software code -- about 12 times more than in the new F-35 stealth fighter jet.
Like other global technology firms, IBM set up a branch in Beersheba two years ago when the military began moving operations there, including elite intelligence and cyber warfare units whose graduates are behind many of Israel’s private sector successes.
IBM has developed a comprehensive prototype, Wolfsthal said, and is looking to integrate it with a car manufacturer. The programme will be connected to other IBM systems that can spot patterns of broader security breaches.
None of the handful of companies in Israel that spoke with Reuters would give the names of carmakers with whom they are talking. But the pitching process can include exposing them to the vulnerability of their own models.
Check Point said it showed executives from a few large automakers that it can hijack their car’s external communication channel using a handheld transceiver and frequency jammer, both of which can be bought on eBay for a few hundred dollars, and a laptop computer running open-source software.
Also based in Tel Aviv, Argus Cyber Security developed a defence system that protects a car’s internal networks as well as the external wireless connection.
The start-up was founded by graduates of the military’s cyber intelligence unit and in September raised $26 million, including from auto supplier Magna International.
Yoni Heilbronn, the company’s head of marketing, was the only foreigner to appear at a closed-door session last year in the U.S. Congress discussing how to protect connected cars.
“Car manufacturers for the last 100 years simply built cars and were very good at doing that. Cyber security is generally not their core competence,” he said. “This is where it comes back to Israel.”
Editing by Luke Baker and Keith Weir