As the number of connected vehicles on the road continues to rise, fending off cyberattacks is becoming an increasingly important part of ensuring driver safety. A startup called Karamba Security Ltd. said today it has raised $12 million in funding to help the auto industry address the challenge.
The two-year-old breach prevention provider sells a toolkit for protecting the electronic control units that power the digitized functions of a connected vehicle. Dubbed Carwall, the software can restrict each ECU to the limited set of tasks it’s designed to perform on a day-to-day basis, such as unlocking doors and managing fuel injection. An embedded agent automatically stops actions that don’t comply with the rules, including potential hacking attempts.
Karamba claims that Carwall enforces policies all the way down to individual code elements involved in an operation so it can stop attackers from exploiting potential design flaws. The same mechanism blocks external files that are installed on an ECU in violation of factory settings, which protects the hardware against more advanced attacks.
In the background, the controller can keep performing its regular activities as usual. According to Karamba, Carwall doesn’t generate false positives like traditional security tools that use statistical approximation methods to identify threats, which prevents interference with a vehicle’s key functions.
Carwall’s core policy enforcement mechanism is complemented by a number of other security features designed to block potential attack vectors. The software places strict restrictions on any external devices that are attached to a vehicle and regulates ECUs’ Internet connections to prevent remote exploitation. According to Karamba, that last feature can block unauthorized access attempts while letting through updates from the manufacturer.
The startup’s value proposition is attracting a great deal of attention in the auto industry. Karamba claims to have engaged with 16 car parts suppliers since unveiling the software last April, momentum that today’s funding is intended to fuel. The round was led by existing investors YL Ventures and Fontinalis Partners with support from five other backers, including a subsidiary of insurance giant of Liberty Mutual Group Co.