Subscribe Now

* You will receive the latest news and updates on the Canadian IT marketplace.

Trending News

Blog Post

Ay Karamba! Malware protection for your car?
SECURITY

Ay Karamba! Malware protection for your car? 

Take heart, a Tel Aviv-based start-up named Karamba Security is offering an anti-malware solution designed primarily for the automobile industry.

After raising US$2.5 million in seed funding from investors led by YL Ventures, Karamba announced today that its engine control unit (ECU) software which is designed to protect cars from cyber attacks, is finally “coming out of stealth mode.”

RELATED CONTENT

Securing IoT devices

Encourage better product design

The company claims that Karamba can protect automobiles from cyber threats by hardening the vehicle’s ECUs which are open to external access via The Internet, Wi-Fi, Bluetooth and other means so that hackers will not be able to break into a car’s computer system.

“BY stopping attacks at the ECU, attackers can’t make it inside the car’s network, which means the car’s ongoing operations are safe,” said Ami Dotan, CEO of Karamba Security. “Our early warning and malware and prevention capabilities allow car companies to provide drivers smart vehicles that will get them where they want to go, safely.”

Most modern automobiles have more than 100 controllers or ECUs that run the vehicle’s function such as steering, engine, braking, airbag and navigation systems. White hat hackers have successfully demonstrated that ECUs in vehicles such as the Jeep Cherokee, Tesla Model S. Toyota Prius, Nissan Leaf and others can be broken into.

Some of the manufacturers, like Chrysler, has had to recall 1.4 million vehicles to fix the flaw while Tesla has had to release software updates for its electric cars.

According to Karamba, hackers will typically use a “dropper” – a small piece of malicious code that is implanted into a vehicles system via Internet, WI-Fi, or Bluetooth – to hijack the computer system.

With Karamba, vehicle manufacturers and ECU system providers can define the settings for each ECU. The solution will allow them to generate a policy that creates a whitelist of ECU-permitted program binaries, process, scripts, network behaviours and others. This will ensure that only “explicitly allowed code and behaviour” may run in the vehicle, according to Karamba.

Other benefits include:

  • No False Positives — allowing only the code and applications that have explicit permission to run on the controller. This creates no ambiguity – either the code is part of the factory settings or not.
  • No Updates — always providing security for the current version of the software in the car. The solution is embedded in the development cycles of the controller; only when the controller is updated, Karamba is updated to reflect the new factory settings.
  • Short Quality Check — Karamba’s software is part of the ECU software. When embedding Karamba into a car, only the system that runs Karamba (e.g. the infotainment) should be checked if it performs according to its specifications. No need to test the entire car.

The solution does not only stope malware at the gate, it can also provide manufacturers an early warning when suspicious behaviours or code are detected as well.

Related posts