The Daily Swig Web security digest

BlackBerry races to market with automotive cybersecurity solution

James Walker | 17 January 2018 at 11:22

Jarvis scans for software vulnerabilities in connected and autonomous vehicles.

Continuing its shift away from mobile phone technology to enterprise software and services, BlackBerry has unveiled a new cybersecurity product for the automotive industry.

BlackBerry Jarvis is a cloud-based static binary code scanning solution that identifies vulnerabilities in the software used in today’s high-tech automobiles.

According to the Canada-based company, the solution scans and delivers “deep actionable insights” in minutes, eliminating the need for time-consuming manual tests.

“Connected and autonomous vehicles require some of the most complex software ever developed, creating a significant challenge for automakers who must ensure the code complies with industry and manufacturer-specific standards while simultaneously battle-hardening a very large and tempting attack surface for cybercriminals,” said BlackBerry chairman and CEO, John Chen.

The company has already begun trialing the pay-as-you go security solution with some of the world’s largest automakers, including Jaguar Land Rover.

However, while BlackBerry is initially marketing this solution to automakers, the developer said Jarvis is applicable to other industry segments, such as healthcare, industrial automation, aerospace, and defense.

“Jarvis is a game-changer for OEMs because for the first time they have a complete, consistent, and near real-time view into the security posture of a vehicle’s entire code base along with the insights and deep learning needed to predict and fix vulnerabilities, ensure compliance, and remain a step ahead of bad actors,” said Chen.

The firm’s announcement comes after Charles Covel, intelligence analyst at the Department of Homeland Security’s Office of Cyber and Infrastructure Analysis, recently drew attention to the security risks presented by IoT-enabled devices, including vehicles.

“By being connected to the internet and other devices, these physical devices now offer a new pathway for malicious actors or accidents to occur that have much broader effects than simply damaging or affecting that specific IoT device,” Covel said.