In this fascinating connected world, it is truly challenging to keep up with the innovations that will impact our lives in major ways. Dozens of connected vehicle solutions are launched every day to reshape traffic and urban life. The rapid expansion of the Internet of Things (IoT) is bringing us one step closer to developing truly smart homes. While all this brings virtually limitless potential in terms of, for example, enhancing road safety and enjoying an ever-greater level of convenience, security hazards and threats are also mushrooming. Intrusion prevention and detection, complete with protection against emerging attack patterns, is an absolute must for citizens and businesses alike. Cybersecurity threats come in many forms. Some are quite easy to detect, others come in disguise. Besides providing scalable security solutions, we also make a point of enforcing data privacy protection measures.
The automotive industry is going through a rapid transformation shaped by four major trends: electrification, robotization, on-demand ownership and finally, connectivity. Connected car technology has produced many great achievements, and on-board diagnostics (OBD) systems are clearly one of them. OBD systems today are widely available and, as a result, the amount of real-time information about the status of the vehicle is increasing, giving way to better vehicle management – and also extending a warm welcome to attackers.
An OBD port is an open standard, easy-to-access service port – one that usually comes without any physical or digital protection. In other words, uploading a malware (e.g. blackmail virus) into a vehicle through this port is shockingly easy. The solution we developed for intrusion prevention through the OBD port prevents unauthorized connection and provides real-time intrusion detection on the entire CAN (Controller Area Network) bus. Balasys’ OBD firewall is a tiny appliance placed hidden behind the OBD junction.
All the data inwards and outwards the vehicle through the port is filtered. At the same time, the entire data traffic on the internal CAN bus is logged. Regular reports and alerts are sent to the central management server through a GSM connection. The equipment complies with statutory and regulatory requirements for data security in the vehicle. Quick and easy installation is another attractive feature of the product: with no visible modification of the original socket system, the car warranty remains intact.
Balasys PrivaHome project focuses on the smart home environment. Home automation includes a wide range of smart devices providing services and executing physical tasks. The diversity of smart home products is already mind-blowing: from speakers to window blinds, cooking utensils and light bulbs, anything and everything can connect to the internet. IoT in private homes also means a vast amount of data transfer.
Smart devices collect and share data that are relevant to their functionality. Some of these data, however, may also serve third-party interests: with our connected devices, we practically invited marketers into our homes – and many others arrive uninvited and with less obvious intentions. In short, smart homes are basically a sitting duck for cybercriminals. With that in mind, the Balasys PrivaHome project is primarily focused on the privacy and security issues faced by homeowners. It is our mission to empower citizens to make smart decisions regarding their smart home environments.
We do that by providing tools for a better understanding of potential risks, as well as a capable device control technology that helps enforce the decisions citizens make. The first step to make that happen is providing smart home owners with knowledge about how IoT and smart devices work. It is also vital that they understand the nature of threats an unauthorized access may pose. Add to that the power imbalance between citizens and tech companies – in favor of the latter – and you will see why we consider it our mission to provide transparency and awareness.
For the sake of transparency, we encourage smart home owners to make sure network traffic in their smart home environment is inspected and analyzed, either locally or in a cloud infrastructure. Awareness comes from making informed decisions based on the analysis of traffic. To that end, it must be provided in a comprehensible, user-friendly format. With all the exciting features smart homes have to offer, privacy issues and data protection policies are easy to neglect. Given the fact that privacy and security focused user-centric controls are in many cases explicitly missing from IoT devices, the prevailing ignorance is alarming in so many ways it is difficult to count. Therefore, it is our job to draw the attention of homeowners to these issues and then propose solutions, such as the external means (e.g. in a security-oriented router) to enforce technical control over data traffic.