By 2020, an estimated 75 percent of cars will be internet-connected worldwide, according to estimates from the FBI, Department of Transportation and the National Highway Traffic Safety Administration. That connectivity will allow drivers to tap into life-saving safety features and make self-driving cars a reality. But it also makes vehicles vulnerable to malicious hackers.
There hasn’t been a malevolent hack against connected cars en masse yet. And one Israeli startup called Karamba Security wants to keep it that way. Karamba has raised a $12 million Series B round of funding led by the company’s existing investors, Fontinalis Partners, which is Bill Ford’s mobility-focused fund, as well as YL Ventures, a firm that backs Israeli startups aiming to grow their business in the U.S. Karamba also added new investors in their Series B round, including Paladin Capital Group, Liberty Mutual Strategic Ventures, Presidio Ventures and Asgent.
Paladin’s Managing Director Chris Inglis, who previously served as the deputy director and COO of the National Security Agency, said: “There are enormously positive transformational changes tech is bringing about. Think about the things autonomous cars will do for us! But we have to build security in from the beginning, not as an applique afterwards.”
He lauded Karamba’s approach to securing vehicles, as well as the fact that the company treats connected cars differently than general purpose computing devices, which are designed to run someone else’s code. Predecessors to Karamba focused more on intrusion detection systems for vehicle security that mimicked the systems used for PCs.
Karamba’s software is built-in to a car, and can prevent hacks on an embedded system, explained the company’s co-founder and chairman David Barzilai. Specifically, it is installed in a vehicle’s ECUs, which are tiny computers that control various functions inside a car, from the brakes to the navigation and on-board entertainment systems. Karamba’s software locks down the ECU’s factory settings, preventing the execution of any programs that would deviate from those settings.
Barzilai said the company has raised three rounds of funding within about one year, bringing its total capital raised to $17 million to date. Karamba has begun working with 16 new customers in the past 15 months in the cost-sensitive industry of automotive manufacturing. The company will use some of its funding to set up offices in Michigan, near major U.S. automakers, but most of it will go to hiring, continued research and development and performance testing of vehicles.
Barzilai said Karamba’s goal is to keep malevolent hacks from ever affecting cars. Already, security researchers have demonstrated myriad ways to exploit apps and systems in vehicles to mess with drivers and their car’s behavior.
Fiat Chrysler had to issue a Jeep Cherokee recall after Charlie Miller and Chris Valasek demonstrated their cars’ vulnerabilities. And Tesla had to issue major security upgrades after Tencent security researchers demonstrated a way to exploit the Wi-Fi in a Tesla S to remotely activate the car’s brakes while the car was still in motion. But a mass attack, Barzilai hopes, does not have to be an eventuality.