Beam Connectivity

Beam Connectivity and EVMI Solutions Unveil Partnership to Transform Last-Mile Delivery with Cutting-Edge Connectivity Solutions

Cirencester, 14/12/2023 — In a new collaboration, Beam Connectivity and EVMI Solutions have joined forces to revolutionise urban logistics using cutting-edge and highly secure vehicle connectivity.

Beam Connectivity wins Self-Driving Industry Award for Innovation in V2X Technology

Cirencester, UK, 20.11.2023 — Beam Connectivity has been honoured with the prestigious Self-Driving Industry Vehicle-to-Anything (V2X) Award. This marks a major milestone as the company’s maiden triumph in the competition, recognising their pioneering contributions to connected vehicle systems and innovations in V2X technology.

Mitigating vulnerabilities in open source with CHERI part 1: cURL

by Rob Potter and Hardeep Chahal

cURL is a completely ubiquitous tool used for making network requests over every protocol you have heard of, including: HTTP, HTTPS, IMAP, DICT, FTP, Kerberos, LDAP, MQTT, POP3, FTPS, Gopher, RTSP, RTMP, SCP, SMTP, SMB, SFTP, Telnet, TFTP, LDAPS, proxies, and more.

Basically a Swiss Army Knife for network comms.

It is used in EVERYTHING you can imagine and more – at least 20 billion devices run cURL, 100 million of which are vehicles🤯

2012 VW Sharan infotainment screen — this car is one of 100 million

Daniel Stenberg, solo author of curl, has disclosed a high severity memory safety issue that was found by a security researcher.

The vulnerability: heap overflow

First, we wanted to provide a high level description of the problem, with a few excerpts from the public disclosure:

SOCKS5 allows the host name field to be up to 255 bytes long, meaning a SOCKS5 proxy cannot resolve a longer host name.

curl builds a protocol frame in a memory buffer, and it copies the destination (host name) to that buffer. Since the code wrongly thinks it should pass on the host name, even though the host name is too long to fit, the memory copy can overflow the allocated target buffer.

Thus it pretty much requires a malicious actor to feed a super-long host name into this equation to trigger this flaw. To use it in an attack. The name needs to be longer than the target buffer to make the memory copy overwrite heap memory.

Yes, this family of flaws would have been impossible if curl had been written in a memory-safe language instead of C, but porting curl to another language is not on the agenda.

This has been registered as CVE-2023–38545 with MITRE, the organisation that identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.

Mitigating memory safety vulnerabilities: CHERI

At Beam, we are leading research into the application of CHERI into automotive systems — Capability Hardware Enhanced RISC Instructions. CHERI provides hardware-level enforcement of memory access, ensuring that software can only access the areas of memory that have been allocated.

One major benefit of CHERI is that it works without requiring a rewrite. For reference, the KDE desktop environment needed only 0.026% of the 6 million lines of C code modifying to support CHERI runtime.

CHERI doesn’t stop all known classes of memory vulnerabilities, but one it does stop is out-of-bound writes, which is what would be exploited here. Learn more about CHERI protections from Microsoft Security Response Center.

The hardware enforcement is done by using capabilities, which are pointers with additional metadata. Part of this metadata includes the bounds of the memory region that can be written to and any accesses outside of this would raise an “in-address-space” exception. If unexpected and not handled, this would still cause the program to exit, but the attacker can no longer overwrite memory.

So in summary, anyone exploiting this vulnerability on CHERI would crash the program, but not be able to use the exploit for more serious, nefarious purposes (arbitrary code execution, escalation of privilege, etc).

Learn more about CHERI

This is just one example of what is a prevalent challenge to the automotive industry.

If the average L2 ADAS vehicle has 120+ million lines of code, the question isn’t just how can we minimise the number of vulnerabilities, it is how can we minimise the impact on our systems when they are found.

We believe the answer is a combination of high quality software development methodology, low-friction over-the-air software update, and secure hardware foundations, like CHERI.

If CHERI sounds relevant to you, please take a look at our project website: https://autocheri.tech

We would love to talk to anyone interested in discussing this further: hello@autocheri.tech or hello@beamconnectivity.com

We will finish this post with some other pictures of cURL in the wild…

2016 Nissan Qashqai
Infotainment system of 2021 Polestar 2 uses curl
2021 Polestar 2
BMW i3

Mitigating vulnerabilities in open source with CHERI part 1: cURL was originally published in Beam Connectivity on Medium, where people are continuing the conversation by highlighting and responding to this story.

Demonstration of AutoCHERI project — Cenex-LCV

Beam Connectivity and the AutoCHERI consortium will be demonstrating a connected vehicle solution running on CHERI security processor at Cenex-LCV on 6th and 7th September.

Project announcement: SecureTCU

Beam Connectivity are delighted to have won funding under the UK-South Korea Bilateral Phase 2 competition. We have built a strong project consortium with Secure Elements in the UK, AUTOCRYPT and KATECH (Korea Automotive Technology Institute) in South Korea.