Karamba, an automotive security start-up that deploys digital roadblocks against hackers, has raised $12 million in funding. The firm's investors include a venture capital firm directed by a former deputy chief of the National Security Agency and the insurance giant Liberty Mutual.
Karamba's software seals off the code inside electronic control units, which enable everything from navigation programs to collision avoidance. The technology performs something of a lie detector test, checking that only factory authorized code is inside the control units. It blocks foreign code that could be trying to hijack the steering wheel, ignition, or other systems.
The two-year-old company claims to be in contact with sixteen automotive suppliers. Karamba says that its software can patch security holes like those that enabled researchers to remotely shut down a Jeep on the highway in 2015. Also preventable are the in-memory hacks that researchers carried out last year on a Tesla vehicle.
Karamba is zigging where other cybersecurity firms have zagged, said Ami Dotan, Karamba’s chief executive. Its software runs counter to network security solutions, which are based on statistical modeling and are vulnerable to false positives, he said. Those false alarms could cause brakes to fail because legitimate code is blocked as malicious.
"Prevention is key. Our technology makes sure that only what's part of the factory settings can run. Once the system recognizes foreign code, or an in-memory attack, it prevents it from executing,” Dotan said in a statement. He added that “an after-the-fact technique . . . creates safety risks.”
Hacking is not only a nightmare for automakers, it has also troubled insurers. Experts say that it is particularly difficult to calculate premiums after accidents caused by hacking into connected cars. Karamba’s funding round shows that these looming issues are insurers' minds.
“Not only is it a consumer safety issue, but any incident could also burden car manufacturers with recall costs and owners with increasing premiums against the risks,” said Russ MacTough, a managing director of Liberty Mutual Strategic Ventures, one of Karamba’s latest investors, in a statement.
David Barzilai, one of Karamba’s founders and its chairman, said that the company is using the funds to fuel expansion. Barzilai told technology news site TechCrunch that the cybersecurity firm is planning to open offices in Michigan, hire additional employees, and expand vehicle testing.
Last year, Karamba raised $2.5 million not long after the National Highway Traffic and Safety Administration issued guidance urging automotive firms to share data about self-driving cars, including security vulnerabilities. Also last year, the F.B.I. issued a warning about vehicle hacking, asking drivers to update software and be careful when plugging third-party devices into their cars.
“Car security is about consumer safety, not data security,” said Chris Inglis, the managing director of Paladin Capital Group and a former deputy chief of the National Security Agency, in a statement. He added: “We can no longer afford to simply react to this phenomenon.”