Israeli startup says its new software would have prevented Tesla hack

Karamba raised another $2.5M in a series A1 funding round

Israeli startup Karamba Security today announced a new product for securing the electronic control units (ECUs) of connected and self-driving vehicles that it said could have prevented a recent Tesla hack.

Karamba's Carwall software uses a vehicle's factory software settings to discover noncompliant code in a car's ECUs and automatically creates security policies in real time to block the code.

Karamba also announced a $2.5 million second series funding round from venture capital firm Fontinalis Partners.

A modern car has dozens of computers, known as electronic control units (ECUs) with as much as 100 million lines of code. For every 1,000 lines of code, there are as many as 15 bugs that are potential doors for would-be hackers.

In real time, Carwall detects and prevents anything not explicitly allowed to load or run on an ECU, including in-memory attacks, according to David Barzilai, Karamba's executive chairman and co-founder.

Karamba claims its software is incapable of ambiguity that could result in false alarms, or could fail in detecting and preventing attackers who try to exploit vulnerabilities and get into the car's network.

"With our autonomous security, when we learn the factory settings of ECUs, we also learn function sequence," Barzilai said.

For example, a sensor may detect an object in a roadway, which would begin a series of sub-second actions across a vehicle's BUS that would result in the brakes being applied.

"When functions are called, we check them to ensure they're in the right sequence. If it's the wrong sequence, we know someone's manipulating the process," Barzilai said. "So we abort the process and the hack is wiped from memory."

karamba autonomous security chart Navigant Research

Last week, researchers from China's Keen Security Lab demonstrated what they said were multiple security vulnerabilities in a Tesla Model S that allowed them to remotely control the sedan in parking and driving mode. From up to 12 miles away, the security experts were able to wirelessly access the vehicle's systems through the control area network (CAN) by using a web browser.

A vehicle's CAN enables various ECUs to communicate with each other. For example, a CAN would connect a vehicle's exterior cameras or sensors with the automatic braking system or the backup camera to the infotainment screen.

The Tesla hack, Barzilai said, was a form of "in-memory attack", a more sophisticated attack vector where hackers manipulate operations that only run in an ECU's memory.

In park mode, the Tesla's security holes allowed the researchers to open the vehicle's door and sunroof, adjust the seat positions, control the infotainment system and find destinations on the car's GPS. In driving mode, the researchers were able to control the windshield wipers, fold-in side mirrors, open the hatchback and engage the vehicle's brakes.

"We pwned Tesla Model S remotely (no physical contact) with a complex exploit chain," Keen Lab wrote on Twitter last week. "It is worth to note that we used an unmodified car with latest firmware."

Keen Security Lab autonomous Tesla S Keen Security Lab

Researchers from Keen Security Lab demonstrated what they said were multiple security vulnerabilities in a Tesla Model S that allowed them to remotely control everything from the sunroof to the brakes. Here, the security experts show how they're able to lock out the vehicle's infotainment system.

Tesla CEO Elon Musk responded with his own tweet announcing his company had patched the security holes and the breach could only work if the car's driver was logged in to a "malicious hotspot and used a browser."

"No customers were hacked," Musk wrote.

Keen Lab shot back on Musk's comment thread: "Not agree the mal-hotspot part. If you agree, we can disclose now, and let community judge."

The Keen Lab hack occurred on the same day the Obama administration rolled out security policies for self-driving vehicles. The policies include a checklist for carmakers developing new models, as well as guidelines for states on regulating the new technologies.

According to Navigant Research, there will be 188 million connected vehicles with built-in telematics on roads by 2020. By 2025, completely autonomous cars will account for 15% of all cars shipped globally each year, and 70% of all shipped cars will have level 2 or higher autonomous capability.

Gartner predicts that 220 million connected vehicles will be on the roads by 2020.

adas self-driving autonomous cars ABI Research

Securing vehicles from cyberattacks is becoming a big business.

Along with Karamba, a flurry of companies have sprung up in Israel, including Argus Cyber Security and TowerSec. But not every company is taking the same approach to securing vehicles.

For example, Argus offers an intrusion detection and prevention module that ties into a vehicle's CAN. TowerSec offers software that is embedded in existing ECUs.

Karamba's previous software used heuristic scanning of a vehicle's data traffic, rather than the traditional antivirus approach, where it's looking for virus signatures, according to Sam Abuelsamid, an analyst with Navigant Research.

The new software relies not only knowledge of a manufacturer's factory settings but it also focuses on systems open to external, wireless attacks, such as a vehicle's telematics or global positioning system (GPS).

"When hackers look for ways to hack into cars, their only way is through is one of the externally connected controllers," Barzilai said. "Our software allows an ECU to detect the hack itself locally, and it's not dependent on the cloud."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags Automotive

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucas Mearian

Computerworld (US)
Show Comments



Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >

Victorinox Werks Professional Executive 17 Laptop Case

Learn more >



Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?