Karamba, a start-up trying to erect digital roadblocks for hackers prying into connected cars, has raised $12 million from investors, including a venture capital firm directed by a former deputy chief of the National Security Agency and the investment arm of insurance giant Liberty Mutual.
The firm’s software seals off electronic control units used for programs like navigation and roadside assistance, giving them something of a lie detector test. The technology checks that only factory authorized code is running inside the control units, blocking foreign code that could be trying to hijack s the steering wheel, ignition, or brakes.
The two-year-old company claims to be in contact with sixteen automotive suppliers. Karamba says that its software can prevent the same type of digital attack that let researchers to remotely shut down a Jeep on the highway, as well as the in-memory hacks that researchers carried out last year on a Tesla vehicle.
Karamba claims to be zigging where other cybersecurity firms have zagged, said Ami Dotan, one of Karamba’s founders and its chief executive. Karamba’s software runs counter to traditional network security solutions, which are based on statistical modeling and are vulnerable to false positives, he said. Those false alarms could cause brakes to fail because legitimate code is blocked as malicious.
“Prevention is key. Our technology makes sure that only [what is] part of the factory settings can run. Once the system recognizes foreign code, or an in-memory attack, it prevents [the code] from executing,” Dotan said in a statement. He added that “an after-the-fact technique that creates safety risks.”
That scenario is not only a nightmare for automakers, it is also concerning for insurers. Experts say that thorny questions still exist for assigning responsibility in accidents caused by hacking into connected or self-driving cars. Karamba’s funding round shows that these looming issues are insurers’ minds.
“Not only is it a consumer safety issue, but any incident could also burden car manufacturers with recall costs and owners with increasing premiums against the risks,” said Russ MacTough, a managing director of Liberty Mutual Strategic Ventures, one of Karamba’s latest investor, in a statement.
David Barzilai, one of Karamba’s founders and its chairman, said that the company is using the funds to fuel expansion. Barzilai told technology news site TechCrunch that the cybersecurity firm is planning to open offices in Michigan, hire additional employees, and expand vehicle testing.
Last year, Karamba raised $2.5 million not long after the National Highway Traffic and Safety Administration issued guidance urging automotive firms to share data about self-driving vehicle failures, including security concerns. Also last year, the F.B.I. issued a warning about vehicle hacking, asking drivers to update software and be careful when plugging third-party devices into their cars.
“Car security is about consumer safety, not data security,” said Chris Inglis, the managing director of Paladin Capital Group and a former deputy chief of the National Security Agency, in a statement. “We can no longer afford to simply react to this phenomenon.”