Abstract: The present invention provides a security system, and methods useful for vehicle CAN bus communication mapping and attack originator identification, comprising: a CAN Bus Monitor, (CBM), configured to monitor the CAN bus communication comprising one or more frames, to and/or from at least one Electronic Control Unit, (ECU); a characterization module in communication with the CBM, configured to generate at least one characteristic for the monitored communication from each the ECU and at least one characteristic for each communication frame; (c) a comparator unit in communication with the characterization module, configured to compare one or more the characteristics of at least one frame against characteristics of each the ECU communication in order to detect at least one anomaly; and, (d) one or more Identification module in communication with the comparator, configured to identify at least one ECU originating an attack on the CAN bus.

Abstract: There is provided a method for identifying malicious activity that changes the integrity of data sent out from a vehicle, comprising: intercepting, by an output data monitoring agent that monitors data sent out from the vehicle to an external receiving computing unit using a communication interface in communication with a network; intercepting, by at least one sensor data monitoring agent that monitors sensor data outputted by at least one sensor associated with the vehicle; monitoring the integrity of the data sent out by the vehicle by analyzing the data collected by the output data monitoring agent with the sensor data collected by the at least one sensor data monitoring agent to identify a mismatch; and identifying an indication of malicious activity that changed the data sent out from the vehicle relative to the data sensed by the at least one sensor.

Abstract: Methods, systems, and devices manipulate operation of at least one electronic control unit (ECU) connected to a controller area network (CAN) bus. The at least one ECU includes at least one error counter, by counting errors associated with at least one ECU. The manipulating is based on generating and broadcasting via the CAN at least one bit stream destined to at least one ECU, thereby manipulating at least one ECU status, determined by the ECU error counter and querying for its status state.

Abstract: Apparatus, system and method useful for machine to machine (M2M) communication cyber-attack detection and prevention, are provided. An embedded security bridge (ESB), operatively connected to at least one proximal machine and at least one M2M module. The M2M module is in communication with at least one remote machine, and configured to enable communication between at least one remote machine and at least one proximal machine through the ESB. The ESB includes: one or more inspection units, configured for communication analysis for identifying communication and/or content suspicious as malicious, and, one or more decision units operatively connected to the inspection unit. The decision unit is configured to perform at least one action based on analysis of at least one inspection unit. The ESB is configured to detect by means of the inspection unit and prevent by means of the decision unit cyber-attacks on the proximal machine, the remote machine, or both.

Abstract: The present invention provides a security system, and methods useful for vehicle CAN bus communication mapping and attack originator identification, comprising: a CAN Bus Monitor, (CBM), configured to monitor the CAN bus communication comprising one or more frames, to and/or from at least one Electronic Control Unit, (ECU); a characterization module in communication with the CBM, configured to generate at least one characteristic for the monitored communication from each the ECU and at least one characteristic for each communication frame; (c) a comparator unit in communication with the characterization module, configured to compare one or more the characteristics of at least one frame against characteristics of each the ECU communication in order to detect at least one anomaly; and, (d) one or more Identification module in communication with the comparator, configured to identify at least one ECU originating an attack on the CAN bus.

Abstract: There is provided a method for identifying malicious activity that changes the integrity of data sent out from a vehicle, comprising: intercepting, by an output data monitoring agent that monitors data sent out from the vehicle to an external receiving computing unit using a communication interface in communication with a network; intercepting, by at least one sensor data monitoring agent that monitors sensor data outputted by at least one sensor associated with the vehicle; monitoring the integrity of the data sent out by the vehicle by analyzing the data collected by the output data monitoring agent with the sensor data collected by the at least one sensor data monitoring agent to identify a mismatch; and identifying an indication of malicious activity that changed the data sent out from the vehicle relative to the data sensed by the at least one sensor.

Abstract: The present invention provides a security system, and methods useful for vehicle CAN bus communication mapping and attack originator identification, comprising: a CAN Bus Monitor, (CBM), configured to monitor the CAN bus communication comprising one or more frames, to and/or from at least one Electronic Control Unit, (ECU); a characterization module in communication with the CBM, configured to generate at least one characteristic for the monitored communication from each the ECU and at least one characteristic for each communication frame; (c) a comparator unit in communication with the characterization module, configured to compare one or more the characteristics of at least one frame against characteristics of each the ECU communication in order to detect at least one anomaly; and, (d) one or more Identification module in communication with the comparator, configured to identify at least one ECU originating an attack on the CAN bus.

Abstract: There is provided a method for identifying malicious activity that changes the integrity of data sent out from a vehicle, comprising: intercepting, by an output data monitoring agent that monitors data sent out from the vehicle to an external receiving computing unit using a communication interface in communication with a network; intercepting, by at least one sensor data monitoring agent that monitors sensor data outputted by at least one sensor associated with the vehicle; monitoring the integrity of the data sent out by the vehicle by analyzing the data collected by the output data monitoring agent with the sensor data collected by the at least one sensor data monitoring agent to identify a mismatch; and identifying an indication of malicious activity that changed the data sent out from the vehicle relative to the data sensed by the at least one sensor.

Abstract: The present invention extends to methods, systems, devices, for manipulating operation of at least one electronic control unit (ECU) connected to a controller area network (CAN) bus, at least one said ECU comprising at least one error counter, by counting errors associated with at least one said ECU; and generating and broadcasting via said CAN at least one bit stream destined to at least one said ECU, thereby manipulating at least one said ECU status, determined by said ECU error counter and querying for its status state.

Abstract: The present invention extends to methods, systems, devices, for manipulating operation of at least one electronic control unit (ECU) connected to a controller area network (CAN) bus, at least one said ECU comprising at least one error counter, by counting errors associated with at least one said ECU; and generating and broadcasting via said CAN at least one bit stream destined to at least one said ECU, thereby manipulating at least one said ECU status, determined by said ECU error counter and querying for its status state.

Abstract: A system and method for detection of at least one cyber-attack on one or more vehicles including steps of transmitting and/or receiving by a first on-board agent module installed within one or more vehicles and/or a second on-board agent module installed within road infrastructure and in a range of communication with said first on-board agent module metadata to and/or from an on-site and/or remote cloud-based detection server including a correlation engine; detecting cyberattacks based on correlation calculation between the metadata received from one or more first agent module installed within vehicles and/or from one or more second agent modules installed within road infrastructure; indicating a probability of a cyber-attack against one or more vehicle based on correlation calculation; initiating blocking of vehicle-to-vehicle communication to present and/or stop a spread of an identified threat.

Abstract: A new device for detection and prevention of an attack on a vehicle via its communication channels, having: an input-unit configured to collect real-time and/or offline data from various sources such as sensors, network based services, navigation applications, the vehicles electronic control units, the vehicle's bus-networks, the vehicle's subsystems, and on board diagnostics; a database, for storing the data; a detection-unit in communication with the input-unit; and an action-unit, in communication with the detection unit, configured for sending an alert via the communication channels and/or prevent the attack, by breaking or changing the attacked communication channels. The detection-unit is configured to simultaneously monitor the content, the meta-data and the physical-data of the data and detect the attack.

Abstract: There is provided a method for identifying malicious activity that changes the integrity of data sent out from a vehicle, comprising: intercepting, by an output data monitoring agent that monitors data sent out from the vehicle to an external receiving computing unit using a communication interface in communication with a network; intercepting, by at least one sensor data monitoring agent that monitors sensor data outputted by at least one sensor associated with the vehicle; monitoring the integrity of the data sent out by the vehicle by analyzing the data collected by the output data monitoring agent with the sensor data collected by the at least one sensor data monitoring agent to identify a mismatch; and identifying an indication of malicious activity that changed the data sent out from the vehicle relative to the data sensed by the at least one sensor.

Abstract: The present invention extends to methods, systems, devices, for manipulating operation of at least one electronic control unit (ECU) connected to a controller area network (CAN) bus, at least one said ECU comprising at least one error counter, by counting errors associated with at least one said ECU; and generating and broadcasting via said CAN at least one bit stream destined to at least one said ECU, thereby manipulating at least one said ECU status, determined by said ECU error counter and querying for its status state.

Abstract: The present invention provides a security system, and methods useful for vehicle CAN bus communication mapping and attack originator identification, comprising: a CAN Bus Monitor, (CBM), configured to monitor the CAN bus communication comprising one or more frames, to and/or from at least one Electronic Control Unit, (ECU); a characterization module in communication with the CBM, configured to generate at least one characteristic for the monitored communication from each the ECU and at least one characteristic for each communication frame; (c) a comparator unit in communication with the characterization module, configured to compare one or more the characteristics of at least one frame against characteristics of each the ECU communication in order to detect at least one anomaly; and, (d) one or more Identification module in communication with the comparator, configured to identify at least one ECU originating an attack on the CAN bus.

Abstract: Apparatus, system and method useful for machine to machine (M2M) communication cyber-attack detection and prevention, are provided. An embedded security bridge (ESB), operatively connected to at least one proximal machine and at least one M2M module. The M2M module is in communication with at least one remote machine, and configured to enable communication between at least one remote machine and at least one proximal machine through the ESB. The ESB includes: one or more inspection units, configured for communication analysis for identifying communication and/or content suspicious as malicious, and, one or more decision units operatively connected to the inspection unit. The decision unit is configured to perform at least one action based on analysis of at least one inspection unit. The ESB is configured to detect by means of the inspection unit and prevent by means of the decision unit cyber-attacks on the proximal machine, the remote machine, or both.

Abstract: A system and method for detection of at least one cyber-attack on one or more vehicles including steps of transmitting and/or receiving by a first on-board agent module installed within one or more vehicles and/or a second on-board agent module installed within road infrastructure and in a range of communication with said first on-board agent module metadata to and/or from an on-site and/or remote cloud-based detection server including a correlation engine; detecting cyberattacks based on correlation calculation between the metadata received from one or more first agent module installed within vehicles and/or from one or more second agent modules installed within road infrastructure; indicating a probability of a cyber-attack against one or more vehicle based on correlation calculation; initiating blocking of vehicle-to-vehicle communication to present and/or stop a spread of an identified threat.

Abstract: A new device for detection and prevention of an attack on a vehicle via its communication channels, having: an input-unit configured to collect real-time and/or offline data from various sources such as sensors, network based services, navigation applications, the vehicles electronic control units, the vehicle's bus-networks, the vehicle's subsystems, and on board diagnostics; a database, for storing the data; a detection-unit in communication with the input-unit; and an action-unit, in communication with the detection unit, configured for sending an alert via the communication channels and/or prevent the attack, by breaking or changing the attacked communication channels. The detection-unit is configured to simultaneously monitor the content, the meta-data and the physical-data of the data and detect the attack.

Abstract: A new device for detection and prevention of an attack on a vehicle via its communication channels, having: an input-unit configured to collect real-time and/or offline data from various sources such as sensors, network based services, navigation applications, the vehicles electronic control units, the vehicle's bus-networks, the vehicle's subsystems, and on board diagnostics; a database, for storing the data; a detection-unit in communication with the input-unit; and an action-unit, in communication with the detection unit, configured for sending an alert via the communication channels and/or prevent the attack, by breaking or changing the attacked communication channels. The detection-unit is configured to simultaneously monitor the content, the meta-data and the physical-data of the data and detect the attack.

Abstract: A new device for detection and prevention of an attack on a vehicle via its communication channels, having: an input-unit configured to collect real-time and/or offline data from various sources such as sensors, network based services, navigation applications, the vehicles electronic control units, the vehicle's bus-networks, the vehicle's subsystems, and on board diagnostics; a database, for storing the data; a detection-unit in communication with the input-unit; and an action-unit, in communication with the detection unit, configured for sending an alert via the communication channels and/or prevent the attack, by breaking or changing the attacked communication channels. The detection-unit is configured to simultaneously monitor the content, the meta-data and the physical-data of the data and detect the attack.