Karamba Aims to Prevent Autonomous Car Hacks Before They Happen

Not so many years ago, self-driving cars seemed like little more than science fiction—a cool idea, but too difficult to translate into practical, everyday use. But as autonomous vehicles come closer to becoming a reality, the question is not if, it’s when. However, there are still a few major challenges to overcome before driverless cars hit the road, and security looms as one of the largest.

Karamba Security, an Ann Arbor, MI-based startup with an R&D office in Israel, has developed software  to address the autonomous security problem. The company refers to its software as the industry’s first security software expressly for autonomous vehicles and it’s designed to prevent hackers from exploiting security gaps by locking down the code that makes a connected car run.

David Barzilai, Karamba’s co-founder and executive chairman, says there are tens of millions of lines of code in a driverless car, and all of them represent a potential gateway for a hacker to get into a car’s operating system and cause mayhem. (Here are interesting facts Barzilai shared: The average fighter jet has 2 million lines of code; a mid-priced car has five times more than that, and a  luxury car has up to 50 times more. And by 2020, an estimated 188 million autonomous vehicles will be on the road.)

“Every connected car has hundreds or even thousands of security holes waiting to be exploited,” Barzilai explains. “To go back and flesh out the bugs is extremely hard.”

Making the issue more complicated is the fact that mitigating malware in a car is an exceptionally delicate endeavor. Manipulating the wrong pieces of code or falsely identifying harmful code may compromise the vehicle’s ability to operate normally, which could have deadly consequences.

So Karamba’s software instead “seals” off access to the electronic control units (ECUs) in autonomous cars, where hackers are likely to invade, to prevent hacks. (Think of ECUs as ports around the car with some kind of interface with the outside world, such as a WiFi or cellular phone connection.) If the car tries to run a piece of suspicious code that doesn’t conform to the manufacturer’s settings, the software prevents it. Karamba’s software can be installed before the car is sold or after, and the company’s customers are car companies and suppliers.

“External applications are enough to jeopardize the entire car,” Barzilai says. “The legacy approach is to protect data. Our approach is software automatically embedded in the controller, and pieces of code that are not part of the factory settings are blocked.”

The system’s advantage, Barzilai says, is it doesn’t depend on constant  software updates or heuristic analysis to detect and eliminate threats, and it doesn’t require intervention from an automotive software developer to “find a needle in a haystack.”

Barzilai claims Karamba’s software would have prevented the recent Corvette and Tesla attacks, and he’s a little impatient with the automotive industry’s delayed realization that impermeable security is vital to the success of autonomous vehicles. It is a matter of life and death, he says.

“The industry needs to insist on prevention—knowing hackers are out there is not enough,” he says.  “By 2025, 70 percent of cars are expected to be at least partially autonomous; it’s really mind-boggling. The industry is motivated to get the technology out there, but if, God forbid, there was a big attack, they would face the issue of trust and it could all come to a screeching halt. We need to make sure cars are hardened enough to protect against these kinds of attacks or the technology could be used against us, and that would be bad for society as well as the industry.”

Demand for Karamba’s technology has so far been “overwhelming,” Barzilai says. Karamba is currently testing its product with a number of auto manufacturers and suppliers—Barzilai declined to say who—and has just inked a deal with Tokyo-based security company Asgent to resell and distribute its software in Japan. Asgent has said it plans to deploy Karamba’s software both in the Internet of Things and automotive markets.

Karamba, which launched in 2015, has 14 employees at its offices in Michigan and Israel. So far, the company has raised a total of $5 million from investors, including Fontinalis Partners, YL Ventures, and Glenrock Capital.

Sarah Schmid Stevenson is the editor of Xconomy Detroit/Ann Arbor. You can reach her at 313-570-9823 or sschmid@xconomy.com. Follow @XconomyDET_AA

Trending on Xconomy