Karamba Security, an autonomous cybersecurity solutions provider today announced Autonomous Security for connected and autonomous vehicles. The solution is designed to empower the electronic control units (ECUs) of connected cars to protect them from hackers.
The company claims that Autonomous Security is an extension of its Carwall ECU security platform, that enables automotive technology providers to achieve the goals set out in the U.S. Department of Transportation’s guidelines for the safe deployment of autonomous cars.
“The risk of a car hack is lost lives. Any security approach that’s vulnerable to false positives or delayed decision making isn’t providing sufficient security. ECUs have to be able to protect themselves to prevent intrusions. Karamba’s Autonomous Security hardens ECUs with a complete security solution that no one else offers,” said Ami Dotan, CEO and Co-founder, Karamba Security.
How Carwall Autonomous Security works?
Karamba Security explains that its Autonomous Security technology allows any car’s ECU to protect itself from cyberattacks by automatically locking it down to the ECU’s factory settings. The ECU then blocks operations that aren’t part of its factory settings, with a negligible performance impact, which prevents hackers from accessing the car’s safety systems and commandeering them.
All the combat decisions are taken locally on the ECU without requiring it to be connected to protect itself, nor does it need anti-malware updates.
Today, the company has also added a new capability called in-memory protection, as part of its Autonomous Security suite. With in-memory protection, the ECU autonomously blocks memory-based attacks such as buffer overrun and return oriented programming (ROP). ROP is a computer security exploit technique that allows an attacker to execute code in the presence of security defenses.
No risk of false positives
Since Karamba Security’s Autonomous Security works by locking down the ECU to instructions that are known to be good, it does not have to “guess” about a command it may not have seen before, thus avoiding the risk of false alarms, or false positives, inherent in other approaches. False positives, the company explains, can lead to legitimate car commands failing to execute, consequently risking lives.
In the report, “Autonomous Automotive Cybersecurity,” Sam Abuelsamid, Senior Research Analyst, Karamba Security concludes that solving cybersecurity problems is critical for achieving a growth in autonomous vehicles, and one key risk he singles out is the probability of having false positives. With today’s network-based approaches, approximately two of every 100 commands suspected as malicious on the car’s CAN bus network will be mistakenly blocked.
“The fatality risk of such frequent blocking of valid operations is something the automotive industry cannot tolerate,” he said.
Separately, Karamba Security also announced a new strategic investment round led by Fontinalis Partners, a firm solely focused on investing in and scaling technology companies that are advancing next-generation mobility solutions. Fontinalis Partners led the $2.5 million round, with participation from existing investors YL Ventures and GlenRock.