In a world that strives to connect everything, filled with IoT devices ranging from home appliances to cars, it is absolutely necessary to keep those devices secure. While the tech community is working to secure the world of IoT, very little attention is given to the security of a certain future IoT device called the ‘car’.
An Israeli based startup called Karamba security aims to provide security to all connected cars, particularly self driving cars. Called Carwall the software protects cars based on their factory settings, blocking hacking attempts as they deviate from these settings and before they infiltrate the car. Although no mass hackings on cars have taken place yet, it is an imminent threat and Karamba wants to keep it that way. In an investment round led by its existing investors, Karamba raised $12 million bringing its total tally to around 17 million. It also added new investors the likes of Paladin Capital Group, Agsent, Presidio Ventures and Liberty mutual strategic ventures.
Paladin’s Managing Director Chris Inglis, who previously served as the deputy director and COO of the National Security Agency, said: “There are enormously positive transformational changes tech is bringing about. Think about the things autonomous cars will do for us! But we have to build security in from the beginning, not as an appliqué afterwards.”
Karamba started its series B funding after an upsurge of demand for car security from the tech community. Some of the fund raised in this round will be used to open an office in Michigan which is near most of US’ major automakers, while most of it will go for hiring, continued research and development and performance testing of vehicles.
“ Carwall bases its security policies on complete factory settings. There’s no ambiguity and no false alarms. If a piece of code or a function calling sequence isn't part of the factory settings, Carwall won't allow it to run, period.”
What makes Karamba unique is there approach to autonomous car security? It does not treat connected cars the same as other public commuting transportation and has a new approach specifically designed for self driving cars. Earlier approach to self driving car security was adapting it to network security and this left it with a lot of gaping holes
Karamba on the other hand deal with the security from within. Karamba’s software is built-in to a car, and can prevent hacks on an embedded system, explained the company’s co-founder and chairman David Barzilai. Specifically, it is installed in a vehicle’s ECUs, which are tiny computers that control various functions inside a car, from the brakes to the navigation and on-board entertainment systems. Karamba’s software locks down the ECU’s factory settings, preventing the execution of any programs that would deviate from those settings.
“Autonomous and connected cars’ security needs to protect lives. False positives and detection errors are not acceptable risks. It must also secure the transportation platform regardless of whether it's actively connected to the cloud (as cars may drive in spotty coverage areas without frequent cellular connectivity to the Internet). Security solutions that make critical decisions in the cloud or require anti-malware updates aren't providing ultimate security,” said Karamba in its FAQ.
It has already been proved that connected cars can be hacked. Fiat Chrysler had to issue a Jeep Cherokee recall after Charlie Miller and Chris Valasek demonstrated their cars’ vulnerabilities. And Tesla had to issue major security upgrades after Tencent security researchers demonstrated a way to exploit the Wi-Fi in a Tesla S to remotely activate the car’s brakes while the car was still in motion.
While there have not been any mass attacks yet, Karamba co-founder David Barzilai said Karamba wants to keep it that way. Karamba is already working with auto makers on its security product and it has added 16 new automakers in the last 15 months in the cost sensitive industry of automotive manufacturing.