Karamba Security raises $2.5 million to keep hackers out of connected cars

GPS navigation. Entertainment systems that offer streaming music. Bluetooth door locks. As vehicles are increasingly connected to the internet, they also become vulnerable to hacker attacks.

Now, a Tel Aviv-based startup called Karamba Security has raised $2.5 million in seed funding to bring cybersecurity solutions to the automotive industry.

According to Karamba co-founder David Barzilai, the startup’s technology can head off hackers at the pass by “hardening” the controllers, or small computers, within a vehicle that are externally-connected.

Most operations in a car have their own designated controller, also known as an ECU (electronic control unit). Some controllers manage things like a car’s navigation and entertainment systems, while others manage more critical systems like braking and fuel injection.

A connected car’s controllers all operate on one network, self-contained within the vehicle. Barzilai said, “If hackers gain access to just one of these controllers, they can get to all of them.”

Karamba’s security software is installed on the controllers, either as a retrofit, or before the controllers are built into new cars.

The software locks in the factory settings of each controller, and prevents any foreign code or banned behaviors from running on them. This essentially blocks a hacker’s ability to reach into a car’s CAN Bus, and mess with the car’s critical functions.

Karamba has not yet scored a contract with top automotive suppliers making ECU’s, like Continental, Robert Bosch, Delphi Automotive, or Panasonic. But it has only just emerged from stealth and begun to shop its security software around.

YL Ventures led Karamba’s seed round, joined by GlenRock.

Yoav Andrew Leitersdorf, Managing Partner of YL Ventures, said this investment is his fund’s first foray into automotive tech. Prior deals have been in enterprise IT and cybersecurity.

The investor said he became interested in the automotive industry after white hat hackers successfully attacked a Jeep Cherokee and Tesla Model-S, in two separate incidents last summer.

Chrysler issued a recall on 1.4 million vehicles after the Jeep hack, mailing software updates to many of its customers on USB sticks by snail mail. Tesla offered patches remotely to its customers who could accept them with a swipe of a screen.

“Those hacks left everyone feeling spooked,” Leitersdorf said, “but we started looking for investments in auto cybersecurity.”

Barzilai said that if malicious software and ransomware is unleashed on the owners of a popular vehicle model, the impact to drivers’ lives, and national security could be profound.

Hackers or terrorist organizations could, for example, mess with people’s brakes, power or other critical systems for any range of horrific reasons, he suggested.

With a business development office in Detroit, Tel Aviv-based Karamba Security– co-founded by Ami Dotan, Tal Ben-David, David Barzilai and Assaf Hare—closed its seed round of funding in March this year.

Leitersdorf said he expects Karamba to use the funds for hiring, research and development and to lock in early customers. By next year, he said, Karamba should start inking full-year contracts with major automotive suppliers.