Karamba adds new in-memory attack prevention capabilities to its Carwall security platform with the goal of limiting vehicle security risks.
Vehicle security vendor Karamba Security today announced new features for autonomous car security as well as a new $2.5 million round of funding.Total funding to date for Karamba now stands at $5 million from investors including Fontinalis Partners, YL Ventures and GlenRock.Karamba first announced its Carwall security platform on June 16 as a platform to help protect electronic control units (ECUs) from potential security risks. Karamba is now enhancing Carwall with new capabilities to help defend against in-memory attacks as well as autonomous vehicle security.”We are adding in-memory protection, extending the security policy beyond just whitelists to function calling,” David Barzilai, executive chairman and co-founder of Karamba, told eWEEK.
Karamba’s new feature is timely given that security researchers from Chinese firm Tencent publicly disclosed on Sept. 20 that they were able to remotely hack a Tesla vehicle by way of an in-memory attack.
Tesla has since patched its software for the reported flaw.
Barzilai said that with an in-memory vulnerability, hackers are able to exploit bugs in a system process. Once attackers have some degree of control over a system process, they are able to send malicious packets.
Karamba’s new in-memory layer first establishes a baseline from factory settings of how memory is supposed to be used in a car, according to Barzilai.”Once we see something that is outside of what we know from the factory settings, we can abort the malicious process,” he said. “So our approach is to block attackers from getting into the ECU.”The basic premise behind Karamba’s technology is that a car’s operating system runtime should not be able to be changed by users, Barzilai said.
Any required change should only be permitted by the vehicle vendor in a controlled and inspected manner.In-memory attacks against vehicle ECUs follow the same basic methodology as in-memory attacks against desktops and servers.
The big difference though is that with embedded systems, for the most part, the same memory safety security controls are not present by default. On a typical Windows operating system there are Data Execution Protection (DEP) and Address Space Layout Randomization (ASLR) features that aim to reduce the risks of certain classes of memory attacks.
Barzilai noted that there aren’t enough system resources to run DEP or ASLR on an ECU.”The common denominator for all memory attacks is when a function call returns a different address than it does in the factory default,” he said. “That’s where we catch the malicious process and abort it.”The need for improved vehicle security is likely to grow in the coming decade as an increasing volume of autonomous vehicles get on the road loaded with multiple ECUs.
There are already some initial attempts at regulating autonomous vehicle security around the world as well.”I think that regulations are important,” Barzilai said. “I think regulators are looking for insights from vendors like Karamba about what can be done to protect the car and not endanger the driver.”Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com.
Follow him on Twitter @TechJournalist.