Car security startup Karamba Security has emerged from stealth with $2.5m in funding and a plan to revamp in-car security.
Karamba has developed a technology that hardens the externally-facing electronic control unit (ECU) of cars in order to defend against hack attacks. The software is designed to protect a car's externally connected components, identifying attack attempts and blocking exploits from infiltrating the vehicle's network via the internet, Wi-Fi, Bluetooth or other connections.
Externally facing controllers manage the telematics (sensors, instrumentation, navigation, etc), infotainment (radio, head unit, etc) and on-board diagnostics (OBD) of the vehicle. Karamba's tech is designed to block attacks from ever infiltrating the car's controller area network (CAN Bus). The technology ensures that only explicitly allowed code and applications can be loaded and run on the controller, as a statement from the firm explains:
Karamba's unique endpoint security protects externally connected ECUs from attacks. Karamba enables ECUs and system providers to define factory settings for each ECU, generating a policy that creates whitelists of all ECUs' permitted program binaries, processes, scripts, network behavior, etc. This policy is embedded within the externally connected ECU to ensure that only explicitly allowed code and behaviour may run on it.
The technology can be used to protect both new and existing car models. Automobile manufacturers can retrofit the cars on the road now, as part of the ECU software update, whenever the car comes into the dealer for regular maintenance.
David Barzilai, executive chairman and cofounder of Karamba Security, told The Register that its technology offers a suite of endpoint security layers such as application whitelisting, OS firewall, and port protection.
"Karamba's technology is OS agnostic," Barzilai explained. "We support all operating systems run by the various externally connected ECUs. The provider doesn't need to port or do any work of such sort."
Scott J. McCormick, president of the Connected Vehicle Trade Association, praised Karamba's approach. "Early detection of cyberattack attempts and prevention of malware without false positive risks are essential to immune [sic] cars against malicious software,” he said.
"We are impressed with Karamba Security's unique approach, which can be used to provide early warnings of attack attempts and prevent malware from infiltrating the safety controllers of both new and existing cars."
Karamba received $2.5 million in seed funding from YL Ventures and GlenRock. The firm's launch follows shortly after a warning from an FBI-affiliated organisation and the US National Highway Traffic Safety Administration that highlighted the cybersecurity risks of increasingly connected cars.
Modern vehicles have over 100 controllers, or ECUs, that are responsible for running most of the car's functions, such as the steering wheel, engine, braking system, airbags, and navigation systems. Like other components in the so-called Internet of Things, ECUs in connected cars have increasingly become targets for hackers and security researchers.
Over recent months, the Jeep Cherokee, Toyota Prius, Tesla Model S, Nissan Leaf and other cars have been successfully attacked by white hat attackers. Exploits ranged from turning on the radio and windshield wipers to killing the engine, while the car drove on the motorway. In response to this Jeep hack, Chrysler was obliged to recall 1.4 million vehicles for a mandatory update.
Karamba's technology is designed to help car companies and tier-1 system providers, who build the cars' externally connected controllers, keep drivers safe from hackers. The tech is pitched as a way for car companies to avoid the costs of recalls, or lost future sales as the result of their vehicles being compromised.
Other car security startups have sprung up over recent months. Karamba aims to differentiate itself by focusing on protecting externally connected ECUs from attacks rather than looking for hackers that are already in the car's internal network (aka CAN Bus). The firm is focused on detecting and stopping an attack from getting into the CAN Bus in the first place.
Karamba's founders are Ami Dotan, Tal Ben David, David Barzilai and Assaf Harel. Ben David and Harel cut their teeth managing Check Point's endpoint security research and development teams. The company's research and development is based in Israel, with business development located in Detroit, Michigan. ®