Every day we strive to improve the world of connected vehicle systems. Understanding what is at the forefront of this sector and interpreting the latest innovations is fundamental to our success. Here we present a selection of our insights and company updates.
Delve into Part 2 of our Beam Connectivity series, where we continue our in-depth analysis of the latest cybersecurity regulations for connected motorbikes. We explore their implications for manufacturers, operators, and consumers alike.
Explore the latest blog post from Beam Connectivity, where we delve into the new cybersecurity regulations for connected motorbikes and what they mean for manufacturers, operators, and consumers alike.
Building on our last article, we put CHERI to the test in real-world automotive scenarios. From lab simulations to on-track testing, our latest insights show how CHERI enhances vehicle cybersecurity.
Enhancing Automotive Cybersecurity with CHERI: A New Era of Cyber Resilience –Discover how CHERI technology is transforming vehicle cybersecurity, strengthening hardware security, and protecting against evolving threats.
London, UK, 16th September 2024 — The AutoCHERI consortium (Beam Connectivity, Applus+ IDIADA, Swansea University, University of Exeter, and the Compound Semiconductor Applications Catapult) led by Beam Connectivity is proud to announce the successful completion of the AutoCHERI project.
Cirencester, 14/12/2023 — In a new collaboration, Beam Connectivity and EVMI Solutions have joined forces to revolutionise urban logistics using cutting-edge and highly secure vehicle connectivity.
Cirencester, UK, 20.11.2023 — Beam Connectivity has been honoured with the prestigious Self-Driving Industry Vehicle-to-Anything (V2X) Award. This marks a major milestone as the company’s maiden triumph in the competition, recognising their pioneering contributions to connected vehicle systems and innovations in V2X technology.
by Rob Potter and Hardeep Chahal
cURL is a completely ubiquitous tool used for making network requests over every protocol you have heard of, including: HTTP, HTTPS, IMAP, DICT, FTP, Kerberos, LDAP, MQTT, POP3, FTPS, Gopher, RTSP, RTMP, SCP, SMTP, SMB, SFTP, Telnet, TFTP, LDAPS, proxies, and more.
Basically a Swiss Army Knife for network comms.
It is used in EVERYTHING you can imagine and more – at least 20 billion devices run cURL, 100 million of which are vehicles🤯
Daniel Stenberg, solo author of curl, has disclosed a high severity memory safety issue that was found by a security researcher.
First, we wanted to provide a high level description of the problem, with a few excerpts from the public disclosure:
SOCKS5 allows the host name field to be up to 255 bytes long, meaning a SOCKS5 proxy cannot resolve a longer host name.
curl builds a protocol frame in a memory buffer, and it copies the destination (host name) to that buffer. Since the code wrongly thinks it should pass on the host name, even though the host name is too long to fit, the memory copy can overflow the allocated target buffer.
Thus it pretty much requires a malicious actor to feed a super-long host name into this equation to trigger this flaw. To use it in an attack. The name needs to be longer than the target buffer to make the memory copy overwrite heap memory.
Yes, this family of flaws would have been impossible if curl had been written in a memory-safe language instead of C, but porting curl to another language is not on the agenda.
This has been registered as CVE-2023–38545 with MITRE, the organisation that identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.
At Beam, we are leading research into the application of CHERI into automotive systems — Capability Hardware Enhanced RISC Instructions. CHERI provides hardware-level enforcement of memory access, ensuring that software can only access the areas of memory that have been allocated.
One major benefit of CHERI is that it works without requiring a rewrite. For reference, the KDE desktop environment needed only 0.026% of the 6 million lines of C code modifying to support CHERI runtime.
CHERI doesn’t stop all known classes of memory vulnerabilities, but one it does stop is out-of-bound writes, which is what would be exploited here. Learn more about CHERI protections from Microsoft Security Response Center.
The hardware enforcement is done by using capabilities, which are pointers with additional metadata. Part of this metadata includes the bounds of the memory region that can be written to and any accesses outside of this would raise an “in-address-space” exception. If unexpected and not handled, this would still cause the program to exit, but the attacker can no longer overwrite memory.
So in summary, anyone exploiting this vulnerability on CHERI would crash the program, but not be able to use the exploit for more serious, nefarious purposes (arbitrary code execution, escalation of privilege, etc).
This is just one example of what is a prevalent challenge to the automotive industry.
If the average L2 ADAS vehicle has 120+ million lines of code, the question isn’t just how can we minimise the number of vulnerabilities, it is how can we minimise the impact on our systems when they are found.
We believe the answer is a combination of high quality software development methodology, low-friction over-the-air software update, and secure hardware foundations, like CHERI.
If CHERI sounds relevant to you, please take a look at our project website: https://autocheri.tech
We would love to talk to anyone interested in discussing this further: hello@autocheri.tech or hello@beamconnectivity.com
We will finish this post with some other pictures of cURL in the wild…
Mitigating vulnerabilities in open source with CHERI part 1: cURL was originally published in Beam Connectivity on Medium, where people are continuing the conversation by highlighting and responding to this story.
Beam Connectivity and the AutoCHERI consortium will be demonstrating a connected vehicle solution running on CHERI security processor at Cenex-LCV on 6th and 7th September.
Beam Connectivity are delighted to have won funding under the UK-South Korea Bilateral Phase 2 competition. We have built a strong project consortium with Secure Elements in the UK, AUTOCRYPT and KATECH (Korea Automotive Technology Institute) in South Korea.
An interesting and honest overview of our journey to date from our CEO Thomas Sors, kicked off our MOVE 2023 visit.
We are pleased to announce strategic investment into Beam Connectivity from WAE Technologies! 🎉
Following on from our last public update on AutoCHERI in October, we wanted to run a workshop to share our experience working on Morello with the community working on DSbD technologies.
Using the AWS IoT Core test console UI can be a pain at times. The connection can sometimes be lost, and if you [leave the page | look away | sneeze] you can be logged out and lose the message payloads you were working with and any unsaved topic subscriptions.
At Beam Connectivity, our vision is to become the partner of choice for connected systems in the vehicle sector.
Last week we were invited to present at the AESIN Conference 2022 — the UK automotive industry suppliers’ innovation network.
The Digital Security By Design programme (DSbD) is an initiative that we have been involved in for the past 18 months.
We are delighted that Beam Connectivity have been recognised as an SME to watch and have won a place on the Zenzic CAM Scale-up programme 🚀
Beam Connectivity onboard CaaS onto Convex, the global mobility data exchange run by Chordant.
I recently sat down with Zenzic, the driving force behind the UK’s Connected and Autonomous Vehicle industry, to discuss today’s connected vehicle solutions and our progression through the Zenzic CAM Scale-Up programme.
Last week I sat down with Zenzic, the driving force behind the UK’s Connected and Autonomous Vehicle industry, to discuss our progression through the Zenzic CAM Scale-Up programme.
We will be at Highways UK this week — an event that brings together the people responsible for planning, developing, managing, maintaining, and future-proofing the nation’s roads networks.
We are at MOVE21 in London’s ExCel Docklands exhibition centre along with 3000 of the world’s leading experts in the mobility sector.
The AutoCHERI consortium including Beam Connectivity, Applus IDIADA, Compound Semiconductor Applications Catapult, Coventry University and University of Exeter will review how Digital Security by Design technologies can improve the cyber security and safety of connected vehicles.
When working on automotive software development, being able to test CAN data transmission is essential. An easy way to test this without requiring CAN hardware is to use a Virtual Local CAN Interface (vcan).
On 15th December, the Cabinet Office released a Policy Paper outlining the National Cyber Strategy 2022 (www.gov.uk).
Firmware is a category of software responsible for configuring and controlling hardware.
Interested in experiencing high performance, hyper-secure connectivity with a free, 4 week trial of CaaS? Get in touch today to understand how connected data can strengthen your organisation.
Enquire today