Karamba gets funding to fuel automotive cybersecurity efforts

Israel-based Karamba Security, among the firms helping vehicle OEMs and auto makers to comply with new cybersecurity standards, recently announced $10 million in new funding in an extension to its B Round of financing. 

New models of cars increasingly are being compared to data centers, smartphones and edge IoT devices on wheels. Along with those comparisons come all of the cybersecurity concerns that companies operating in those other networked environments know all too well.

Vehicle hacking already is a growing problem, and thieves aren’t just trying to access cars with the intention of stealing them, according Michal Petran, head of automotive vulnerability research at Accenture, who spoke on the issue during a Karamba Security webinar this week. Petran said protection efforts also need to focus on a vehicle OEM’s connected backend systems, which if hacked can give hackers access to user credentials and to software binaries that could allow them to reprogram the vehicle.

Electric vehicle power charging systems also have vulnerabilities between the vehicle and the power grid, where user details could be intercepted and then used to charge another vehicle for free, he said. These vulnerabilities could originate in a number of ways, such as from the common auto industry practice of using old chips to power some vehicle systems

“You might be inheriting by your design choices vulnerabilities you don’t know about,” Petran said

New regulations, such as the U.S. Executive Order on Improving the Nation’s Cybersecurity, and new standards, such as ISO/SAE 21434 and UN R155, are emerging to make sure vehicle cybersecurity is an issue addressed during engineering. 

And these firms are starting to invest in better protection schemes. For example. Karamba’s new funding round was led by VinFast, a maker of electric vehicle systems and a member of Vingroup, the largest private conglomerate in Vietnam. VinFast is quickly expanding from its home region to target North America and Europe. The company said that it sees the ability for Karamba’s vehicle system security software, which focuses on end-to-end system security rather than individual endpoint security, to help it address cybersecurity vulnerabilities.

Other investors in Karamba include SVIC, a leading corporate VC from South Korea, and YL ventures, Fontinalis Partners, Liberty Mutual, Presidio Ventures, Glenrock, Paladin Group and Asgent.

David Barzilai, vice president of sales and marketing at Karamba, said the company already has established relationships with car makers in the U.S., Asia and Europe. In addition to automotive, Karamba also plans to target the renewable energy and enterprise edge sectors.

RELATED: NXP certified to support supply chain standard for automotive security