The connected car future is more or less becoming the connected car present, and with that changeover, cars are becoming more than they ever have been before. The next iteration of the automobile will be able to buy its own gas, download its own direction, make its own playlist suggestions and, perhaps someday soon, even drive and park itself. Much of the “more” in the era of connected cars is rightfully to be looked forward to — but the new era of cars wired to the web brings one not so welcome “more” with it. Connected cars are also more prone to cyberattack.
Which was something the world got an early glance at in 2015, when two hackers broke into a Jeep Cherokee via a bug in the Uconnect infotainment system. The goodish news in the case of that hack is that it wasn’t the bad guys — it was good guy hackers trying to find and expose bugs. The bad news is that next time the bug might not be found by one of the white hats first.
Hacked cars are a threat of a different color than hacked computers, consumer accounts or devices. Losing a card to a hacker that cracked one’s data is annoying; getting locked out by ransomware can be plainly destructive depending on the systems one finds themselves locked out of — but in either case, it is unlikely that anyone’s life is going to be on the line. Money can be lost and time will certainly be wasted, but data corruption and theft don’t generally have clear and present safety concerns.
Cars weigh over a ton and travel down a highway at 70 miles per hour — a hacker disruption can easily lead to a deadly accident.
This is where Israeli cybersecurity startup Karamba enters the picture, with its focus on treating connected cars with the unique security concerns that Co-Founder and Executive Chairman David Barzilai thinks they will eventually shape up to be.
“Dealing with consumer safety, and not just with data security, requires different security methods to protect our cars, in contrast to technologies that protect servers and enterprise networks,” Barzilai noted. “Using machine learning and artificial intelligence to identify malware after hackers infiltrate the car is too late. The approach must be to prevent an attack when hackers attempt to hack.”
Barzilai, along with co-founders Ami Dotan, Tal Ben-David and Assaf Harel, all come out of high-tech security background. Two of them, Ben-David and Harel, had previously served in an elite intelligence unit of the Israel Defense Forces (IDF).
Their underlying premise is simple — software and malware detection programs, while sufficient in other areas of digital security, is too slow to be really safely effective — and would require constant updates by developers trying to stay ahead in the arms race that will inevitably break out with cybercriminals. Fighting that kind of constant battle is suboptimal on face, according to Barzilai, and has the additional defect of possibly generating false positives and also causing safety risks.
But, developers still have a pretty big advantage according to Karamba — connected cars are in their early days of development, which means the electronic architecture is still be designed and built. Karamba’s cybersecurity software is designed to live in that architecture, embedded in a machine’s electronic command unit (ECU) and thus baked into the car’s factory setting and almost impossible to change. The system’s goal is to block off malware and other hack attempts at the point of intrusion, and keep the ECU sealed off from cyberattacks.
Karamba entered the summer with a $12 million Series B funding round that saw participation from Fontinalis Partners, a fund co-founded by Ford Motor Executive Chairman Bill Ford, Jr. The firm further reported that it has been in discussion with 16 suppliers and automakers in the past year — though, as yet, it has not announced news of any signed deals.
And there are questions as to whether Karamba can do what it says it can, given the nearly boundless determination and dedication of cybercriminals worldwide. Securing the ECU is a good start, observers have noted, but not the end of a security solution in the age of connected commerce.
“Vulnerabilities will be inadvertently designed into systems,” Sam Abuelsamid, a senior analyst for Navigant, a marketing research firm based in Boulder, Colorado, said in an interview with The MIT Technology Review.
Though blocking off the specific ports of entry will be important to the future of connected cars, more likely than not the connected future will be more about building layers of security both in devices and outside of them.
“You have to think of the car like you think of an Xbox or PlayStation or a mobile phone. You have software and data that are resident on the device, but also in the cloud. Increasingly, we have to think beyond the sheet metal to the entire enterprise. What Karamba does is an important component, but it’s not the whole thing,” said Glen De Vos, chief technical officer for the automotive parts maker Delphi Automotive.