Upstart bags $2.5m to help put the brakes on self-driving car hackers

Sales of connected autonomous vehicles by 2025 projected to be 70% of light-duty vehicles

Robot drives a car. Conceptual illustration from Shutterstock

Israeli car security startup Karamba Security has banked $2.5m in fresh investment, which it plans to use to extend its technology to autonomous vehicles.

The tech will be geared towards protecting engine control units (ECUs) in robot cars from hackers and malware infections.

Miscreants typically infiltrate a vehicle by first compromising internet-connected infotainment or navigation systems, or by plugging a dongle into the onboard diagnostics port, and then traversing the CAN bus to the control unit to hijack the ride. An autonomous car is likely to have similar interfaces that are vulnerable to remote and local attack.

Karamba's tech aims to stop this from happening by locking down the ECU, thwarting potential hacking attacks in the process, as previously reported. The gear also defends against in-memory attacks such as the hack recently demonstrated against Tesla cars by Chinese security researchers.

Karamaba designed its technology, which it is selling to top-tier autonomous automakers as well as traditional car manufacturers, to minimize false alarms.

David Barzilai, chairman and co-founder at Karamba Security, told El Reg that the design of autonomous cars offers hackers even more ways to hack vehicles.

"There is one interesting difference between autonomous cars and other cars, from [a] hacker's point of view: To enable full autonomy, a car should have more externally connected electronic control units vs connected cars," Barzilai explained.

"To enable autonomy one should have vehicle-to-vehicle, vehicle-to-infrastructure, and vehicle-to-pedestrian sensors. All serve as additional attack surfaces to the ones you have in connected cars (telematics and infotainment).

"Fundamentally, autonomous cars' security needs are similar to connected cars'. Both are connected externally (via cellular network, wi-fi and bluetooth) and these external connectivity points serve as attack surfaces for hackers," he added.

Stephan A Tarnutzer, vice president, electronics at FEV North America, a Tier-1 global automotive supplier, praised Karamaba's approach.

"Experiencing false positives or detecting hacks on the CAN bus, only after the fact, are unacceptable risks in vehicle engineering," said Tarnutzer.

"FEV North America works with Karamba Security because we've seen the benefit of its Autonomous Security technology in securing our own ECUs. Karamba's technology doesn't require any developer resources to install or generate the security policy, and its CPU footprint is negligible. We are working with Karamba to integrate Carwall into our reference platform, which will allow us to present our automotive customers with a secure system out of the box."

The security upstart says its tech can help car makers to achieve compliance with US Department of Transportation guidelines for the safe deployment of autonomous cars.

Navigant Research estimates that sales of connected and fully autonomous vehicles will grow from 14 million annually in 2020, about 15 percent of annual car sales worldwide, to nearly 72 million in 2025 – accounting for nearly 70 percent of light duty vehicles. ®

Biting the hand that feeds IT © 1998–2019