BLOOMFIELD HILLS — Karamba Security, a developer of automotive cybersecurity software with offices in Bloomfield Hills and Hod Hasharon, Israel, announced the launch of a new product, SafeCAN.
The company says SafeCAN prevents malicious code from being introduced into a vehicle’s computer networks from a variety of vectors. One recent example — researchers compromised the computer network of a Toyota by installing the code through a thumb drive provided by Progressive Insurance, part of a wave of insurers offering discounts to drivers who allow their driving habits to be monitored by a thumb drive installed in the car’s network.
The company also notes that solving this problem is made even more difficult because in-car networks, and especially the CAN bus, are saturated and cannot add authentication data, which consumes network throughput. The resulting lack of in-car authentication leaves the car’s safety systems exposed to malicious commands sent due to such dongle-based attacks or hacked over-the-air (OTA) in-vehicle updates.
“We listened to our OEM customers, and innovated to meet the challenges they identified with the unsolved problem of in-car communication security,” said Ami Dotan, CEO and co-founder of Karamba Security. “Car manufacturers are concerned with physical hacks as well as the use of OTA technology to get secure cloud-to-vehicle communications, but their security ends at the entrance to the car. We cover the last yard, communication to and from safety ECUs, to make sure only legitimate messages from any entry point are accepted throughout the car network, and that safety will not be compromised.”
Company officials say SafeCAN is the industry’s first cybersecurity software to offer in-vehicle network authentication with zero network overhead. It can be implemented without overtaxing the car’s internal communications to protect and authenticate CAN bus communications.
In addition to hardening the car networks against physical attacks, SafeCAN enables secure over-the-air (OTA) updates from the cloud to any electronic control unit (ECU) in the car. OTA products use secure channels from the automaker’s cloud systems to the primary ECU, which serves as the OTA’s entry point in the car. However, due to lack of network authentication, attackers may hack the car, impersonate an OTA update and deploy malicious software on safety ECUs. By hardening the network between the OTA primary ECU to the in-vehicle safety systems, target ECUs will not accept changes, unless it was authenticated by SafeCAN.
The company says SafeCAN complements and extends Karamba’s Autonomous Security Carwall product. Carwall hardens externally connected ECUs by sealing their binaries according to factory settings. This prevents cyberattacks and in-memory attacks from compromising the car ECU’s, while eliminating false positives that risk consumers’ safety.
Karamba has been invited to join the Automotive Inforamtion and Sharing Analysis Center (Auto-ISAC) and will make a presentation at the first annual Auto-ISAC Summit, Dec. 13 and 14 in Dearborn.
Karamba will also exhibit at CES 2018 (formerly known as the International Consumer Electronics Show) Jan. 9-12, in a suite at the Bellagio Hotel.
According to the website Crunchbase, Karamba has raised $17 million in venture capital in three rounds since its 2015 founding. It says it is currently working with 16 automakers and Tier 1 suppliers on automotive cybersecurity.
In November of 2017 Karamba Security was named by CNBC to its list of most innovative startups. In addition, Karamba Security was unanimously recognized with TU-Automotive’s Best Cybersecurity Product/Service for 2017 and the 2017 North American Frost & Sullivan Award for Automotive New Product Innovation.
More at www.karambasecurity.com.