News & Insights from Beam Connectivity

Every day we strive to improve the world of connected vehicle systems. Understanding what is at the forefront of this sector and interpreting the latest innovations is fundamental to our success. Here we present a selection of our insights and company updates.

Part 2 : The Standards Helping You Build Compliant Connected Motorbikes

Delve into Part 2 of our Beam Connectivity series, where we continue our in-depth analysis of the latest cybersecurity regulations for connected motorbikes. We explore their implications for manufacturers, operators, and consumers alike.

Read more
2 motorcycle riders displaying beam connectivity's real-time analytics

The New Cybersecurity Rules for Connected Motorbikes: What Do They Mean for You?

Explore the latest blog post from Beam Connectivity, where we delve into the new cybersecurity regulations for connected motorbikes and what they mean for manufacturers, operators, and consumers alike.

Read more

From concept to reality: how we validated CHERI for real automotive use cases

Building on our last article, we put CHERI to the test in real-world automotive scenarios. From lab simulations to on-track testing, our latest insights show how CHERI enhances vehicle cybersecurity.

Read more

Driving Cybersecurity Forward: How CHERI is transforming automotive cyber-resilience

Enhancing Automotive Cybersecurity with CHERI: A New Era of Cyber Resilience –Discover how CHERI technology is transforming vehicle cybersecurity, strengthening hardware security, and protecting against evolving threats.

Read more

AutoCHERI project validates new approach to automotive cybersecurity

London, UK, 16th September 2024 — The AutoCHERI consortium (Beam Connectivity, Applus+ IDIADA, Swansea University, University of Exeter, and the Compound Semiconductor Applications Catapult) led by Beam Connectivity is proud to announce the successful completion of the AutoCHERI project.

Read more

Beam Connectivity and EVMI Solutions Unveil Partnership to Transform Last-Mile Delivery with Cutting-Edge Connectivity Solutions

Cirencester, 14/12/2023 — In a new collaboration, Beam Connectivity and EVMI Solutions have joined forces to revolutionise urban logistics using cutting-edge and highly secure vehicle connectivity.

Read more

Beam Connectivity wins Self-Driving Industry Award for Innovation in V2X Technology

Cirencester, UK, 20.11.2023 — Beam Connectivity has been honoured with the prestigious Self-Driving Industry Vehicle-to-Anything (V2X) Award. This marks a major milestone as the company’s maiden triumph in the competition, recognising their pioneering contributions to connected vehicle systems and innovations in V2X technology.

Read more

Mitigating vulnerabilities in open source with CHERI part 1: cURL

by Rob Potter and Hardeep Chahal

cURL is a completely ubiquitous tool used for making network requests over every protocol you have heard of, including: HTTP, HTTPS, IMAP, DICT, FTP, Kerberos, LDAP, MQTT, POP3, FTPS, Gopher, RTSP, RTMP, SCP, SMTP, SMB, SFTP, Telnet, TFTP, LDAPS, proxies, and more.

Basically a Swiss Army Knife for network comms.

It is used in EVERYTHING you can imagine and more – at least 20 billion devices run cURL, 100 million of which are vehicles🤯

2012 VW Sharan infotainment screen — this car is one of 100 million

Daniel Stenberg, solo author of curl, has disclosed a high severity memory safety issue that was found by a security researcher.

The vulnerability: heap overflow

First, we wanted to provide a high level description of the problem, with a few excerpts from the public disclosure:

SOCKS5 allows the host name field to be up to 255 bytes long, meaning a SOCKS5 proxy cannot resolve a longer host name.

curl builds a protocol frame in a memory buffer, and it copies the destination (host name) to that buffer. Since the code wrongly thinks it should pass on the host name, even though the host name is too long to fit, the memory copy can overflow the allocated target buffer.

Thus it pretty much requires a malicious actor to feed a super-long host name into this equation to trigger this flaw. To use it in an attack. The name needs to be longer than the target buffer to make the memory copy overwrite heap memory.

Yes, this family of flaws would have been impossible if curl had been written in a memory-safe language instead of C, but porting curl to another language is not on the agenda.

This has been registered as CVE-2023–38545 with MITRE, the organisation that identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.

Mitigating memory safety vulnerabilities: CHERI

At Beam, we are leading research into the application of CHERI into automotive systems — Capability Hardware Enhanced RISC Instructions. CHERI provides hardware-level enforcement of memory access, ensuring that software can only access the areas of memory that have been allocated.

One major benefit of CHERI is that it works without requiring a rewrite. For reference, the KDE desktop environment needed only 0.026% of the 6 million lines of C code modifying to support CHERI runtime.

CHERI doesn’t stop all known classes of memory vulnerabilities, but one it does stop is out-of-bound writes, which is what would be exploited here. Learn more about CHERI protections from Microsoft Security Response Center.

The hardware enforcement is done by using capabilities, which are pointers with additional metadata. Part of this metadata includes the bounds of the memory region that can be written to and any accesses outside of this would raise an “in-address-space” exception. If unexpected and not handled, this would still cause the program to exit, but the attacker can no longer overwrite memory.

So in summary, anyone exploiting this vulnerability on CHERI would crash the program, but not be able to use the exploit for more serious, nefarious purposes (arbitrary code execution, escalation of privilege, etc).

Learn more about CHERI

This is just one example of what is a prevalent challenge to the automotive industry.

If the average L2 ADAS vehicle has 120+ million lines of code, the question isn’t just how can we minimise the number of vulnerabilities, it is how can we minimise the impact on our systems when they are found.

We believe the answer is a combination of high quality software development methodology, low-friction over-the-air software update, and secure hardware foundations, like CHERI.

If CHERI sounds relevant to you, please take a look at our project website: https://autocheri.tech

We would love to talk to anyone interested in discussing this further: hello@autocheri.tech or hello@beamconnectivity.com

We will finish this post with some other pictures of cURL in the wild…

2016 Nissan Qashqai
Infotainment system of 2021 Polestar 2 uses curl
2021 Polestar 2
BMW i3


Mitigating vulnerabilities in open source with CHERI part 1: cURL was originally published in Beam Connectivity on Medium, where people are continuing the conversation by highlighting and responding to this story.

Read more

Demonstration of AutoCHERI project — Cenex-LCV

Beam Connectivity and the AutoCHERI consortium will be demonstrating a connected vehicle solution running on CHERI security processor at Cenex-LCV on 6th and 7th September.

Read more

Project announcement: SecureTCU

Beam Connectivity are delighted to have won funding under the UK-South Korea Bilateral Phase 2 competition. We have built a strong project consortium with Secure Elements in the UK, AUTOCRYPT and KATECH (Korea Automotive Technology Institute) in South Korea.

Read more

Overview of MOVE 2023

An interesting and honest overview of our journey to date from our CEO Thomas Sors, kicked off our MOVE 2023 visit.

Read more

WAE make strategic investment in Beam

We are pleased to announce strategic investment into Beam Connectivity from WAE Technologies! 🎉

Read more

AutoCHERI🍒: Integrating Morello into vehicle systems

Following on from our last public update on AutoCHERI in October, we wanted to run a workshop to share our experience working on Morello with the community working on DSbD technologies.

Read more

MQTT Explorer: Our favourite test client

Using the AWS IoT Core test console UI can be a pain at times. The connection can sometimes be lost, and if you [leave the page | look away | sneeze] you can be logged out and lose the message payloads you were working with and any unsaved topic subscriptions.

Read more

Monitor Anywhere with OxTS and Beam Connectivity

At Beam Connectivity, our vision is to become the partner of choice for connected systems in the vehicle sector.

Read more

Measuring the performance-security trade-off

Last week we were invited to present at the AESIN Conference 2022 — the UK automotive industry suppliers’ innovation network.

Read more

Project AutoCHERI🍒: Technical update

The Digital Security By Design programme (DSbD) is an initiative that we have been involved in for the past 18 months.

Read more

Beam announced as winners on Zenzic CAM Scale-up programme

We are delighted that Beam Connectivity have been recognised as an SME to watch and have won a place on the Zenzic CAM Scale-up programme 🚀

Read more

Onboarding with Convex, the Global Mobility Data Exchange

Beam Connectivity onboard CaaS onto Convex, the global mobility data exchange run by Chordant.

Read more

Connected vehicle UX expectations

I recently sat down with Zenzic, the driving force behind the UK’s Connected and Autonomous Vehicle industry, to discuss today’s connected vehicle solutions and our progression through the Zenzic CAM Scale-Up programme.

Read more

Update: CAM Scale-Up programme

Last week I sat down with Zenzic, the driving force behind the UK’s Connected and Autonomous Vehicle industry, to discuss our progression through the Zenzic CAM Scale-Up programme.

Read more

Join us at Highways UK 2021

We will be at Highways UK this week — an event that brings together the people responsible for planning, developing, managing, maintaining, and future-proofing the nation’s roads networks.

Read more

MOVE21 — The world’s most important mobility event

We are at MOVE21 in London’s ExCel Docklands exhibition centre along with 3000 of the world’s leading experts in the mobility sector.

Read more

Project AutoCHERI🍒: Announcement

The AutoCHERI consortium including Beam Connectivity, Applus IDIADA, Compound Semiconductor Applications Catapult, Coventry University and University of Exeter will review how Digital Security by Design technologies can improve the cyber security and safety of connected vehicles.

Read more

CAN bus support in Windows 11

When working on automotive software development, being able to test CAN data transmission is essential. An easy way to test this without requiring CAN hardware is to use a Virtual Local CAN Interface (vcan).

Read more

Does firmware have a place in the modern vehicle?

Firmware is a category of software responsible for configuring and controlling hardware.

Read more

Supporting your journey into connected data

Interested in experiencing high performance, hyper-secure connectivity with a free,
 4 week trial of CaaS? Get in touch today to understand how connected data can strengthen your organisation.

Enquire today