Blog
Our Case Study: VCode for Securing Automotive Supply Chains
Karamba Security | November 14, 2024
Karamba’s binary scanning tools, for safer trucks and accelerated ISO/SAE 21434 compliance
NHTSA Recalls Telematics Units in 140,000 Vehicles
Karamba Security | October 30, 2024
Highlights from the recent Auto-ISAC Conference
Making Legacy ECUs ISO Compliant
Karamba Security | September 30, 2024
A tier-1 automotive supplier is using XGuard On-Board Security software to secure its legacy ECUs.
Bolt-On Device Security with XGuard
Karamba Security | September 9, 2024
Software/Firmware images, including those with third-party components, can be hardened even after the build.
Preventing CrowdStrike-Type Global Issues
Karamba Security | July 31, 2024
Enhancing IoT Cyber Resilience with Deterministic Protection
Safer Trucking, Thanks to Control Flow Integrity
Karamba Security | June 10, 2024
How Karamba’s XGuard Protects ECUs from Known and Unknown Vulnerabilities
Surveying the 2023 Threat Landscape – Lessons Learned
Karamba Security | May 9, 2024
Vulnerabilities detected by Karamba’s VCode binary analysis tool and during Penetration Testing projects, and how they can be addressed
How to Fast-Track Your Penetration Testing Capabilities
Karamba Security | July 5, 2023
Why are OEMs and Tier-1 suppliers outsourcing the pen-testing process?
The Cyber Security Management System (CSMS)
Karamba Security | May 16, 2023
Implementing CSMS as per the ISO/SAE 21434 standard and the UN R155 regulation.
Cybersecurity Challenges for the Software-Defined Era
Karamba Security | April 18, 2023
The evolution of connected cybersecurity for EVs and SDVs.
The Milestones for Compliance with the ISO/SAE 21434 Standard
Karamba Security | March 27, 2023
Which of these milestones has your organization reached, so far?
Bolstering Cybersecurity According to the Cyber Resilience Act
Karamba Security | March 15, 2023
Ensuring a cybersecurity framework throughout the lifecycle, and enhancing transparency.
Interpreting the SBOM for the Automotive Industry
Karamba Security | March 02, 2023
Why SBOM libraries are so important in the SDV age, and how to assess the risks and mitigate them according to the ISO/SAE 21434 standard.
The Electric Vehicle (Smart Charge Point) Regulations 2021
Karamba Security | February 23, 2023
Overviewing UK’s EV charging stations and energy grid regulations regarding cybersecurity protection and consumption stability.
Strategic Automotive Cybersecurity Labs for SDVs
Karamba Security | February 15, 2023
How Automotive cybersecurity labs are filling the knowledge gap for OEMs and Tier-1 suppliers
SDV – Software-Defined Vehicles
Karamba Security | December 30, 2022
The future of innovation. Vehicle next generation.
Act now on software integrity in Critical Infrastructure
Tal Ben-David | August 8, 2022
Recently, HP announced implementing Karamba Security’s XGuard CFI into its business printers in order to protect against zero-day vulnerabilities. This new layer, embedded into the most secure printer in the world, provides protection against Return-oriented programming (ROP) attacks. In the extremely exposed world of connected office printers, this security control decision is a very reasonable one.
Top 7 Cyber Items for EV OEM & Tier1 to Achieve UNR155-ISO21434 Compliance
Assaf Harel | January 30, 2022
We are sharing our customers’ aggregated experience of the most risky components in connected EVs.
Tractor – IN, Scooter – OUT: The legislation mandating automakers to protect against hackers has hit the road
Udi Etsion, for Calcalist | January 14, 2022
By Udi Etsion. Originally published on Calcalist, January 14, 2021
Starting in July, protection against cyber attacks will be mandated for all new vehicles in Europe. The head of the UN group that led the legislation clarifies why it is important to protect even a tractor – but not a scooter. Israeli cybersecurity companies are inundated with inquiries from manufacturers.
Software Composition Analysis vs. Binary Analysis - What are the differences?
Assaf Harel | July 29, 2021
While one started as a way to map open-source components for license compliance purposes, the other started as a penetration tester’s tool, helping white-hat hackers analyze binary files of embedded systems.
Why We Offer Software Bill of Materials (SBOM) Generation and Alerts for Free
Karamba Security | July 21, 2021
Following the increase of supply chain attacks, Karamba has recently launched a free Software Bill of Materials (SBOM) analysis and free relevant CVE alerts tool. In this blog post we will explain why it is the right time to manage an SBOM and stay on top of new vulnerabilities.
The Darknet – A Haven for Criminals Under Your Nose
Nir Yehoshua, Security Researcher | May 30, 2021
The anonymity of the Darknet has attracted criminals, including cybercriminals and threat actors who offer attack services, research and development of vulnerabilities of websites and recently - more and more IoT devices.
Tesla X Remotely PWNed by Fuzzed 0-days Bypassing Stack Protections
Assaf Harel, Chief Scientist | May 5, 2021
The team chained zero day vulnerabilities, bypassing stack protection and achieving remote code execution to exploit a Tesla X with those vulnerabilities.
John Deere's Response to a Researcher's Vulnerability Disclosure
Karamba Security | May 2nd, 2021
John Deere’s cybersecurity response to a discovered vulnerability was good. But a vulnerability on one of their six-figure autonomous farm vehicles that affects safety could be much worse.
Five Key Elements of a Product Security Program
Assaf Harel, Karamba Security Chief Scientist | April 19th, 2021
So, you’ve just been hired as Product Security Director at the hottest Automotive company out there. What should you do?
Securing Product Security: The Verkada Security Breach
Assaf Harel, Karamba Security Chief Scientist | March 19th, 2021
The recent Verkada security breach should help move our industry in the right direction.
The Product Security Journey
Amir Einav, Karamba Security CRO | January 4th, 2021
“With great power comes great responsibility”. Internet connectivity in devices, combined with more powerful software capabilities, introduces cyber risks that are inherent to the IoT world.
GitPaste-12 Swiss-Army-Knife Malware Compromises IoT Devices Using 12 Common Vulnerabilities
Karamba Security | November 11, 2020
The worm uses GitHub and Pastebin to download its malicious code (Dropper) – hence its name. GitHub and Pastebin are two well-known websites that usually are not blocked by enterprises, and their connections are encrypted.
How Vehicles Right to Repair will Expose Massachusetts Residents to Cyberattacks
Assaf Harel | September 29, 2020
.jpg)
The initiative passed with overwhelming voter support on November 6, 2012, with 86% for and 14% against. Motivation was clear: to enable vehicle owners to repair their cars and light trucks anywhere they’d like, hence reduce repair costs.
Shipping Secured Products by Taking the Sting Out of Remote Code Execution
David Barzilai | September 10, 2020
With the increase in sophistication of connected products and IoT devices, manufacturers face an increasing number of Common Vulnerabilities and Exposures (CVEs) reported.
UN-ECE-WP.29 Cybersecurity Management System Requirements
Guy Sagy | June 30, 2020
UN-ECE-WP.29 Cybersecurity Management System Requirements and Karamba Security Product & Services Supports According to ISO/SAE-21434
The Emerging Role of the Product Security Officer
David Barzilai | May 17, 2020
As product manufacturers are required to secure their devices, a new, specialized, role is emerging: Chief Product Security Officer (CPSO)
How Lack of Product Security Caused Zoom Customers’ Defection
Assaf Harel | May 12, 2020
In the past two months, Zoom’s users experienced multiple cybersecurity breaches due to Zoom’s lack of product security. Those breaches enabled hackers to intervene in online meetings and compromise the security and privacy of Zoom’s users. Therefore, dozens of companies and organizations banned their employees from using Zoom.
Karamba Listed as a Top Privately-Held Cybersecurity and IT Infrastructure Vendor
Karamba Security | March 18, 2020
We at Karamba Security are honored to be listed in the JMP Securities LLC Elite 80 report
Closing 2019 with CES2020 – A Milestone Year for Karamba Security, and Here Comes 2020
Amir Einav, VP Marketing | January 7th, 2020
Like clockwork, CES starts tomorrow and marks the beginning of our annual technology cycle. This is the opportunity to look back at what’s been a big year for Karamba, and imagine what’s coming.
Amazon Blink XT2 Vulnerabilities Show the Need for Built-In Cybersecurity
Karamba Security | December 17th, 2019
Amazon has released a series of patches for the security camera, but relying on customers to install updates and notice rogue commands is no recipe for security.
The FBI Agrees – IoT Devices Post Hacking Risks, and Better Cybersecurity Vigilance is Needed
Karamba Security | December 11th, 2019
The FBI statements put the onus on the consumer to secure the device, but these devices often come with default passwords and customers can’t always be relied upon to carry out the over-the-air updates the companies send for their devices.
Survey: Consumer IoT Customers Expect Manufacturers to Embed Security in Devices
Karamba Security | December 8th, 2019
The survey, entitled “Consumer Attitude Towards IoT Security” found that 74% of respondents expected their consumer “Internet of Things” devices to be secured by manufacturers, and as much as 87% believe it is the responsibility of manufacturers to do so.
What is Host IDPS built with Control Flow Integrity (CFI)?
Karamba Security | November 4th, 2019
There is no such thing as a hermetically sealed connected device and attackers are always looking for vulnerabilities in code and ways to exploit them. With host IDPS built with Control Flow Integrity though, vehicle ECUs have a state-of-the-art cybersecurity tool to defend themselves.
For Cybersecurity, it’s That Time of the Year Again
Assaf Harel, Karamba Security Chief Scientist | October 6th, 2019
The “hacking season” follows DEFCON and BlackHat each Summer, as hackers work to exploit newly-disclosed vulnerabilities before customers can install patches. This cycle gives hackers a clear advantage and it’s time for a paradigm shift.
Why Control Flow Integrity is More Important Than Ever
Assaf Harel, Karamba Security Chief Scientist | September 26th, 2019
With billions of resource-limited, connected vehicles and devices set to hit the market in the coming years, there is a clear and present need for CFI that can be seamlessly embedded into these devices without performance drag, false positives, or delays in go to market.
Marquee BlackHat Presentation Shows the Need for Control Flow Integrity in Automotive Cybersecurity
Karamba Security | September 10th, 2019
It is no longer sufficient to have reactive cybersecurity tools. With CFI, manufacturers have the most effective and state-of-the-art runtime threat detection tool at their disposal to ensure that connected machines adhere solely to their factory settings.
A Fish out of Water at DEFCON: What Made the Car Hacking Village a Good Time, and My Takeaways about the Challenges of Securing Connected Devices
Adili Shimoni | August 27th, 2019
Earlier this month in Las Vegas, Karamba’s Adili Shimoni had a classic fish out of water experience at DEFCON. In this post, she looks back on an eye-opening week in Vegas, and her takeaways about what it all means for the world of connected devices.
URGENT/11 Vulnerabilities in VxWorks Show the Difference between IT and OT - And When They Come Together as IoT
Karamba Security | August 8th, 2019
Of the 11 zero-day vulnerabilities found by Armis, six “are critical and enable Remote Code Execution (RCE).” In this post, we examine how this discovery indicates the importance of embedded security.
The Karamba Product Security Blog: Remote Code Execution
Karamba Security | August 7th, 2019
RCE is one of the most devastating cyber threats and requires the urgent updating of security patches anytime a vulnerability is found that can open the door to such an attack.
“There Must Be No False Positives”
Karamba Security | July 29th, 2019
Last month, Karamba Security’s Director of PMO, Helen Buchumensky spoke at the German Association of the Automotive Industry (VDA) conference about the importance of cybersecurity in safety critical systems, and why it is crucial that it doesn’t clash with Automotive functional safety requirements. This post is based on her presentation.
Cyber Warfare in the Middle East Highlights the Need For Deterministic Cybersecurity
Amir Einav | July 28th, 2019
Recent cyberattacks launched by the US and other militaries are a reminder of the vulnerabilities that all connected systems have, no matter how sophisticated or highly-classified they are.
IoT Devices Present New Security Challenges with No Equivalent in Conventional IT, Government Report States
Karamba Security | July 10th, 2019
NIST report states that IoT devices must be able to verify software, firmware, and information integrity in order to stay secure.
‘Jeep Hackers’ Cybersecurity Solutions are Smart, but Don't Address In-Memory Fileless Attacks
Assaf Harel, Karamba Security Chief Scientist | July 9th, 2019
When looking over the security architecture designed by Charlie Miller and Chris Valasek, we see some overlooked attack vectors.
The Writing is on the Wall: Product Security Must be Built in by Manufacturers
Ami Dotan, Karamba Security CEO and Co-Founder | July 8th, 2019
A series of recent publications in the US and Europe indicate that the industry - and government - are starting to take note, and realize the importance of embedded security for connected products.
IoT Cyber Threats Take Center Stage at Cyberweek 2019
Karamba Security | June 25, 2019
Day 2 of Cyberweek 2019 hosted a fascinating conference on the threats facing IoT devices - and all of us.
Small Country, Big (Smart Mobility) Dreams
Karamba Security | June 13th, 2019
There’s an elite class of world cities that stand apart from the rest. Cities like Tokyo, Shanghai, London, New York, and San Francisco, which drive the global economy and chart the course of human progress. There are also cities like Tel Aviv that punch above their weight when it comes to innovation, talent, and the ability and desire to shake things up a bit.
Karamba Hosts Ford Motor Company Chairman Bill Ford for Cybersecurity Demo
Karamba Security | June 12th, 2019
Ford and the Karamba team discussed the importance of cybersecurity as the automated car revolution picks up speed.
Intel Shadow Stack – A Bridge Too Far for the Tech Giant?
Karamba Security | June 11th, 2019
Intel has yet to deploy its Control-Flow Enforcement Technology (CET) in its for-market processors, yet another testament to the importance of control flow integrity (CFI) for addressing in-memory cyberattacks.
Renault-Nissan-Mitsubishi Alliance Opens New Innovation Center in Tel Aviv
Karamba Security | June 10th, 2019
Karamba Security is among the select group of Israeli hi-tech companies that the alliance has chosen to work with on joint prototyping projects.
For Third Straight Year, Karamba Security Wins Big at TU-Automotive Detroit
Karamba Security | June 6th, 2019
It is the latest in a long line of accolades for Karamba Security, which provides embedded, deterministic security for automotive, Industry 4.0, enterprise edge, and IoT connected systems.
How Karamba XGuard Can Help You Meet NIST Cybersecurity Guidelines
Karamba Security | June 3rd, 2019
A quick look at recent NIST reports on cybersecurity reveals how Karamba’s Carwall and XGuard security suites can help systems and companies meet these federal guidelines for cybersecurity.
What 'Knight Rider' Got Wrong About Automotive Cybersecurity
Karamba Security | May 30, 2019
This 1983 episode of “Knight Rider” shows an early TV depiction of a remote hack of an autonomous car — and it gets almost everything wrong. Let’s take it step by step.
In Baltimore Cyberattack, the Blueprint for Ransomware Mayhem
Karamba Security | May 27, 2019
Imagine your data and the keys to your operating system have been seized in the hands of faceless, nameless hackers who caught you slipping. They’ve named their price and the clock is ticking – pay up or lose all access to your system.
Let Hackers in and Shine a Spotlight on Them – How Karamba’s ThreatHive works
Aviv Sinai, Karamba R&D engineer | May 22nd, 2019
Imagine a home security system that lets burglars in through the front door - and records their every move. Now you have an idea of what Karamba is doing with ThreatHive.
The Sheer Volume of Attacks on Connected Vehicles: What You Need to Know
Karamba Security | May 22nd, 2019
If you have a connected vehicle, then by the time you finish reading this post it may be targeted by more than three dozen attack attempts.
Automobiles - The Ultimate Manufactured System
Karamba Security | May 13, 2019
At some point, the most sophisticated, earth-shattering hacking campaign could be launched from your fridge.
Why Karamba Security is Expanding
Ami Dotan, CEO and Co-Founder | May 13th, 2019
Karamba CEO and Co-Founder Ami Dotan explains the decision to expand into the wider world of connected systems – from Industry 4.0 to consumer IoT, and enterprise edge devices.
Q&A Twitter Session with Assaf Harel
Marketing Team at CES | January 10, 2019
Answering our Twitter followers’ questions on Automotive Cybersecurity and More.
Why 2019 Will Be a Great Year
Amir Einav, VP Marketing | December 31, 2018
As we close 2018 let me share a prediction- Karamba Security, and Automotive Cybersecurity in general, are heading towards a great year.
Karamba, Check Point, and Mobileye to Represent Israeli Industry in First-Ever Israel-Taiwan High-Tech Forum
Amir Einav, VP Marketing | August 24, 2018
Karamba Security, Mobileye (INTC), and Check Point Software (CHKP) were selected as the three companies invited to present the Israeli high-tech industry in a business-to-businees forum held by the Taiwan External Trade Development Council (TAITRA) this week.
Karamba Security's Challenge of RiCAN Morty at DEFCON's Car Hacking Village
Roi Inbar, Innovation Engineer | August 16, 2018
DEFCON is one of the biggest Hacker conferences – a blend of curious, creative, geeks and professionals come to one place with the aim of looking at the things we use every day in a different way and making them act differently than they were designed for.
The Hacking Challenge of the Year - RiCAN Morty - at DefCon 26 2018
Assaf Harel, Chief Scientist & Co-founder | July 23, 2018
Are you ready for DefCon 26? We are! If you want to participate in our challenge we recommend you to sign up on time.
Researchers Identify Multiple Vulnerabilities in Connected Systems in BMW models
Assaf Harel, Chief Scientist & Co-Founder | May 24, 2018
Vulnerabilities represent another example of how important it is to ensure that in-vehicle software is not tampered with after it leaves the factory.
In-Memory Protection and the Recently-Discovered Vulnerability Exploits
Assaf Harel, Chief Scientist & Co-Founder | May 2, 2018
This week’s research news: A Vulnerability in Infotainment Systems used in VW and Audi Models
At CES, Preventing Cyber Attacks Drove OEM & Tier-1 Interest in Karamba’s Autonomous Security
David Barzilai, Chairman & Co-Founder | January 22, 2018
Karamba Security Suite, CES 2018, Las Vegas, NV.
CES started as a B2C tradeshow and B2B is now equally important. For the automotive industry, cybersecurity was one of the major areas of interest among OEMs and Tier-1s who came to Las Vegas to learn about attack vectors and prevention.
How to Build a CAN Sniffer
Itay Khazon & Eli Mordechai | January 18, 2018
Overview
CAN Bus - Controller Area Network bus - is a high-integrity serial bus system for networking intelligent devices adopted by the automotive industry and, in 1993, it became the international standard known as ISO 11898.
Extracting the Content of a QNX IFS Image
Evgeny Dratva | October 19, 2017
How to approach dumping a QNX Image
While integrating Karamba protection into a QNX IFS image, I found that I first needed to extract the contents of a ready IFS image in order to inspect the binaries on the build machine for Karamba whitelisting purposes. I needed to know what those binaries would look like in their “final” form, after they’ve been stripped of debug symbols and otherwise modified by the IFS building utility.
Changing CAN Protocol isn’t a Solution – ECU Hardening Is
David Barzilai, Chairman and Co-Founder | September 12, 2017
CAN Protocol Vulnerability
Recently, Trend Micro published a technical brief discussing a vulnerability they found in the CAN protocol, which enabled denial of service (DoS) attacks to be invisible to CAN-based intrusion detection solutions. In the technical brief, they recommended that car manufacturers change CAN protocol in their vehicle, in order to make cars immune to such DoS attacks.
Snatching a Self-Driving Vehicle With an ipad
Karamba Security | August 31, 2017
An exposition participant for an annual conference event on robotics and new technologies (We’ll call them ICORP) convened with Karamba to create a joint demo presentation.
Netflix’s iBoy Shows the Dangerous Possibilities of Car Hacking
Karamba Security | August 24, 2017
iBoy is a sci-fi movie set in near-future London. A teen traveling to see his friend after school finds robbers in his friend’s house; he is shot in the head before he can escape.
The Connected Car Security Seminar Tokyo, Japan
Karamba Security | July 16, 2017
Asgent, Inc., Sumimoto’s SCSK Corporation, and Karamba Security hosted the Connected Car Security Seminar on Autonomous Security Products in Tokyo, Japan on July 3rd, 2017. The Seminar featured methodologies behind security protection of Autonomous Vehicles focused on Electronic Control Units (ECUs).
What Happens When Car Scrapping Goes Wrong?
Karamba Security | July 13, 2017
While it’s nice to think that all cars go to Car Heaven, in reality they go through a scrap metal recycling process. In order to recycle the remains of your vehicle, you need to get a special permit and find an Authorized Treatment Facility (ATF).
Karamba Steps up to Cross-industry Calls on Autonomous Car Security
David Barzilai, Chairman & Co-Founder | June 08, 2017
Implementations to Automotive Connectivity
Connected cars increasingly rely on computer processors and upwards of 100 million lines of computer code to operate. With the proliferation of processors and vehicle software the cyberattack surface and sophistication of hacks has grown.
Introducing a Different Cybersecurity Solution - EcoMotion
Karamba Security | May 18, 2017
EcoMotion 2017
EcoMotion is a community with over 700 affiliated organizations related to the Smart Transportation sector. EcoMotion’s 2017 Main Event presented a showcase of vehicle technology companies and a variety of panels and presentations. Ami Dotan, CEO & Co-Founder of Karamba Security, was invited to participate at the “Cyber for Cars” panel to answer paramount questions that concern the automotive cyber security industry.
A Different Auto Cyber Security
Assaf Harel, CTO & Co-Founder | May 16, 2017
Security bugs in the connected vehicle
In A hacker’s guide to fixing automotive cybersecurity, Charlie Miller puts in perspective which cyber security challenges exist for the automotive industry. The article’s conclusion is that all software -even the most reliable- contains security bugs. Even the ones coming from software mammoths such as Microsoft, Google and Apple. The ramifications of these vulnerabilities in cars, evidently, can be severe.
Want to learn more?
Contact Us
Israel
24 HaNagar Street
Hod Hasharon
45277-13
Tel: +972 9 88 66 113
USA
41000 Woodward Ave
Building East, Suite 350
Bloomfield Hills, MI 48304
Tel: +1 833 4KARAMBA
Germany
Wasserburger
Landstr. 264, Munich
81827
Tel: +49 892 1547 7583