Karamba Security raises $2.5M to protect cars from hackers

The company protects a car’s externally connected components by identifying attack attempts

Editor's Note: Our annual Vator Splash Spring 2016 conference is around the corner on May 12, 2016 at the historic Scottish Rite Center in Oakland. Speakers include Nigel Eccles (CEO & Co-founder, FanDuel), Andy Dunn (Founder & CEO, Bonobos), Mitch Kapor (Founder, Kapor Center for Social Impact); Founders of NextDoor, Handy, TubeMogul; Investors from Khosla Ventures, Javelin Venture Partners, Kapor Capital, Greylock, DFJ, IDG, IVP and more. Join us! REGISTER HERE.

Cars are becoming more connected, with Internet, connections to cell networks, Bluetooth, and WiFi. On top of that, you have the driverless car, which is coming closer and closer to being a reality. According to Gartner, within four years there will be a quarter of a billion connected cars.

This means that we are already vulnerable to cyber-hackings while we're driving around. Its a real problem already, and one that is only going to get bigger.

Karamba Security, an ECU endpoint cybersecurity company, emerged from stealth on Thursday with $2.5 million in seed funding to try to solve it. The funding came from YL Ventures and from GlenRock, Leon Recantai's private investment company.  

The company has built a solution that hardens the externally connected controllers within an automobile against hackers.

"A car is managed by more than 100 controllers, embedded systems that are responsible for different operations in the car. There's one for windshield wipers, one for brakes, air bags, the steering wheel, everything. They are all managed by a controller," David Barzilai, Executive Chairman and co-founder of Karamba Security, explained to me in an interview. 

These controllers are what hackers target when they want to target a vehicle, so what Karamba does is only focus on the externally connect controllers, the ones that have Internet connectivity, of which there are only around three of those 100. 

"We contain the problem to three controllers and we harden them. We integrate with the software development process and when the software is delivered we are like a gatekeeper. We sit on the gate of the controllers, and if a process wants to run, we check is if it legitimate or not. We see if it is part of the factory settings or not. Every time we identify a foreign code, one that is not part of the factory settings, we block it," said Barzilai.

The typical customer for Karamba is the system manufacturer, who buy those various controllers or systems, that make up the car.

"The system manufacturers are accountable for the security of the systems. If  someone is hacked, the recall will be done by the car company, but the system manufacturers has a legal obligation to cover the costs because it would be system's fault. We harden the system against those faults," Barzilai said. 

The solution can be used to protect both new and existing car models.

While someone hacking into your car may sound a little outlandish, it has already started to happen. There have already been incidents, including one last year with a Jeep Cherokee that led to 1.4 million cars being recalled.

So why hasn't anyone been addressing the problem yet? Actually, they have, Barzilai told me, but in the wrong ways.

"The problem was addressed, but in a somewhat one dimensional way. Security requires a multidimensional solution but while others were looking at the network of the car, and that's a good solution, it's only part of it," he said.

"Like enterprise, you have to address the before, during and after the attack. Being on the gate is before and during, while they sit after the attack. While those solutions are pretty good, that's only one aspect."

One company that was doing something similar to Karamba was Symantec, but the way they were doing it didn't fit the specific environment of an automobile. 

"They tried to port their enterprise solution to the automotive industry. We designed our product to be very low on resources, while Symantec tried to migrate very rich solutions, which run on desktops, so they had challenges in terms of performance. We saw that there was room for a new player that was designed for such environments."

The new funding will be used mainly for customer engagement. Ami Dotan, CEO of Karamba Security, is going to relocate to Detroit to be closer to Karamba's customers, Barzilai told me, and the money is going to be used for sales, as well as product completion, including packaging.

Ultimately, Karamba has an eye on bigger fish down the road, including the Internet of Things. 

"The Internet of Things has the same characteristics of the problem. We see IoT growing fast and we know requirements will emerge," Barzilai said. 

For example, electronic meters, if hacked, can cost a county millions of dollars. There was an incident like that in the United Kingdom, where someone hacked into a system and started lowering bills. Conversely, if someone is able to hack in and see that a person's electricity usage is unusually low, they can figure out who is out of town and break into their home.

For Karamba, car security is just the beginning.