Startup Karamba Security on June 6 debuted its flagship Carwall security platform, designed to help protect cars, old and new, from potential cyber-attacks. The Carwall platform is aimed at securing vehicles’ electronic control units (ECUs), which could be exposed externally to threats.
Karamba’s approach to protecting the ECU has multiple elements, including technology that helps check the authenticity of the running code.
“The way we protect the code is by sealing it,” David Barzilai, executive chairman and co-founder of Karamba Security, told eWEEK. “We automatically learn what the factory settings are for code so we can identify what is foreign code that is trying to interrupt a process.”
As part of the Karamba process, the Carwall technology also constructs what Barzilai referred to as a function calling sequence in which it can see all the normal functions that a given car process normally will perform. An outlier, or a function that isn’t part of the normal function calling sequence, can be identified as a potential risk.
“When a process starts on the car, the process will go through Karamba’s Carwall, and we’ll check the authenticity of the process,” Barzilai said. “If there is code that wasn’t in the factory build of the software, then clearly, it’s malware.”
Unlike a traditional computing system, such as a desktop or even a smartphone, users don’t have the same options to manipulate and install code on their own inside cars, Barzilai said. As such, it’s somewhat more obvious to identify unauthorized code. That said, not everything can be blocked on a car, even if potentially malicious code is found, he explained.
“The automotive industry is very afraid of false positives, as a false positive could be life-threatening,” Barzilai said. “If an air bag doesn’t deploy because a command was mistakenly interpreted to be malicious, it could cost a person’s life.”
If there are bugs on a piece of automotive software, the Carwall platform can create an overlay policy that seals and protects against potential security issues from software bugs.
The Karamba approach focuses on the car’s ECU’s as opposed to the CAN-Bus, which is the Controller Area Network architecture design used in cars to control the various electronic systems. A modern vehicle might have more than 100 ECUs, but in reality, only three to seven ECUs are actually at risk from attack, Barzilai said.
“What makes the car at risk are the externally connected ECUs,” Barzilai said. “That’s very different than an enterprise server where almost everything is connected externally.”
In a car, most systems are contained and typically the ECUs that are exposed externally are the infotainment, telematics (GPS) and on-board diagnostics ports.
The Karamba Carwall technology is not yet in production vehicles, but the company plans to retrofit cars that are already on the road. “We enable retrofitting with a software update that can be installed by a car dealer,” Barzilai said. “The goal that we have with the retrofitting is to accelerate the time to production to secure existing cars.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
