Karamba, a start-up that deploys digital roadblocks against hackers prying into connected cars, has raised $12 million from investors, including a venture capital firm directed by a former deputy chief of the National Security Agency and the insurance giant Liberty Mutual.
The firm’s software seals off electronic control units used for programs like navigation and roadside assistance, giving them something of a lie detector test. The technology checks that only factory authorized code is running inside the control units, blocking foreign code that could be trying to hijack the steering wheel, ignition, or brakes.
The two-year-old company claims to be in contact with sixteen automotive suppliers. Karamba says that its software can prevent the same type of digital attack that let researchers to remotely shut down a Jeep on the highway, as well as the in-memory hacks that researchers carried out last year on a Tesla vehicle.
Karamba is zigging where other cybersecurity firms have zagged, said Ami Dotan, Karamba’s chief executive. Its software runs counter to network security solutions, which are based on statistical modeling and are vulnerable to false positives, he said. Those false alarms could cause brakes to fail because legitimate code is blocked as malicious.
“Prevention is key. Our technology makes sure that only what’s part of the factory settings can run. Once the system recognizes foreign code, or an in-memory attack, it prevents it from executing,” Dotan said in a statement. He added that “an after-the-fact technique . . . creates safety risks.”
Hacking is not only a nightmare for automakers, it is also troubling insurers. Experts say that it is particularly difficult to calculate premiums after accidents caused by hacking into connected cars. Karamba’s funding round shows that these looming issues are insurers’ minds.
“Not only is it a consumer safety issue, but any incident could also burden car manufacturers with recall costs and owners with increasing premiums against the risks,” said Russ MacTough, a managing director of Liberty Mutual Strategic Ventures, one of Karamba’s latest investors, in a statement.
David Barzilai, one of Karamba’s founders and its chairman, said that the company is using the funds to fuel expansion. Barzilai told technology news site TechCrunch that the cybersecurity firm is planning to open offices in Michigan, hire additional employees, and expand vehicle testing.
Last year, Karamba raised $2.5 million not long after the National Highway Traffic and Safety Administration issued guidance urging automotive firms to share data about self-driving vehicle failures, including security concerns. Also last year, the F.B.I. issued a warning about vehicle hacking, asking drivers to update software and be careful when plugging third-party devices into their cars.
“Car security is about consumer safety, not data security,” said Chris Inglis, the managing director of Paladin Capital Group and a former deputy chief of the National Security Agency, in a statement. He added: “We can no longer afford to simply react to this phenomenon.”