Back in 2015, researchers Charlie Miller and Chris Valasek remotely hacked into a Jeep Cherokee driven by a Wired reporter, Andy Greenberg, in an attempt to warn the auto industry of potential pitfalls in their software and inspire legislation around automotive cybersecurity. It did that and more. Fiat Chrysler, which owns Jeep, ended up recalling 1.4 million vehicles and paying $105 million in fines to the National Highway Traffic and Safety Administration.
Aside from a massive hit to Jeep’s brand image, Yoav Levy, co-founder and CEO of automotive cybersecurity company Upstream, reckons this stunt cost the automaker more than $1 billion in losses from recalls. On Tuesday, Israel-based Upstream announced a Series C funding raise of $62 million that it will use to bolster its automotive cloud-based security to ensure remote hacks like this don’t happen.
“From the automaker’s cloud, we monitor all the data that is being sent toward the vehicle before the vehicle is actually getting it, and if we’re doing a good job, we can actually block these messages before they get to the car,” Levy told TechCrunch. “We analyze connected car data and telematics data that is being uploaded from the vehicles, analyzing data from mobile phone applications or over-the-air updates and we’re looking for anomalies in the data.”
Aside from scaling its security operations further, Upstream also intends to use the fresh funds to expand its offerings in data analytics, insurance telematics, predictive analytics and business intelligence, the company said. Levy said Upstream often finds anomalies in the data it analyzes that are unrelated to cybersecurity and thinks this is a chance to build out additional applications targeted at OEMs to provide further insights.
That said, Upstream might do just fine by focusing exclusively on automotive cybersecurity, a market that is projected to increase from $1.9 billion in 2020 to $4 billion in 2025. Reinforcement mandates are partially responsible for this growth. The World Forum for Harmonization of Vehicle Regulations (WP 29) has issued cyber vehicle regulation compliance that requires manufacturers selling cars in Europe, Japan and Korea to monitor their vehicles 24/7 with a vehicle security operations center (VSOC). A VSOC is a control room of sorts full of analysts monitoring the infrastructure, cloud, data and firewalls at all times. Although the U.S. doesn’t have any cybersecurity mandates in place for the automotive industry, automakers still increasingly want to produce their product and brand image, lest they fall prey to the same fate as Chrysler-Fiat.
Alongside its cloud-based analytics tools and dashboard, VSOC is also a service that Upstream offers. The company currently has close to four million connected vehicles from six different OEMs on its platform across the United States, Europe and Japan, said Levy. He expects that number to continue to grow as more connected vehicles hit the streets.
“Cars are getting more connected each year and OEMs are doubling the amount of data they collect every year,” said Levy. “It’s not only the car and the cloud, but also vehicle-to-vehicle infrastructure, much more sophisticated modules and computers inside the car that are doing edge computing, ADAS systems, computer vision, level two autonomous and soon level three. So with the complexity of connectivity, it’s inevitable that there’s going to be software bugs that could be exploited by hackers who will take control of and inject their own code.”
While the idea of having someone hijack your car remotely and start blaring music as it crashes you into a wall is scary, Levy says most hackers aren’t after violence, or even your car. They want your data. This is especially salient with fleets, and it often manifests in ransomware attacks.
“Think of it like it’s Christmas Eve and you’re a last-mile delivery company, and suddenly you cannot unlock your doors or start your engines,” said Levy. “This is not good for business.”
Levy says this is where cloud-based security comes in handy, as well. Rather than seeing into one car at a time, you get a bird’s-eye view of the fleet and all of the connected devices, as well as any data incoming from the internet that could be malicious.
Upstream’s path to market is mainly focused on convincing car manufacturers that this technology is necessary, but Levy says fleets are the next big opportunity for the company within the next year or so.
With this latest round, the company has raised a total of $105 million since its founding in 2017. The Series C was led by Mitsui Sumitomo Insurance and was joined by new investors I.D.I. Insurance, 57 Stars’ NextGen Mobility Fund and La Maison Partners. Existing investors Glilot Capital, Salesforce venture, Volvo Group Venture Capital, Nationwide, Delek US and others also participated in the round.
Levy said some of its historic investors are also customers. Upstream is privately funded by Alliance Ventures (Renault, Nissan, Mitsubishi), Volvo Group Venture Capital, Hyundai, Nationwide Insurance, Salesforce Ventures, MSI, CRV, Glilot Capital Partners and Maniv Mobility.