Blog

Container Security

Karamba Security | February 8, 2024
sw protection

Why application containers are used, and how they can be secured

Read more

The Challenges of SDV Application Security

Karamba Security | October 5, 2023
Software-Defined Vehicles

Why third-party suppliers need to be concerned.

Read more

How to Fast-Track Your Penetration Testing Capabilities

Karamba Security | July 5, 2023
Penetration testing

Why are OEMs and Tier-1 suppliers outsourcing the pen-testing process?

Read more

The Cyber Security Management System (CSMS)

Karamba Security | May 16, 2023
SOC

Implementing CSMS as per the ISO/SAE 21434 standard and the UN R155 regulation.

Read more

Cybersecurity Challenges for the Software-Defined Era

Karamba Security | April 18, 2023
car-design

The evolution of connected cybersecurity for EVs and SDVs.

Read more

The Milestones for Compliance with the ISO/SAE 21434 Standard

Karamba Security | March 27, 2023
Standards

Which of these milestones has your organization reached, so far?

Read more

Bolstering Cybersecurity According to the Cyber Resilience Act

Karamba Security | March 15, 2023
Cyber Shield

Ensuring a cybersecurity framework throughout the lifecycle, and enhancing transparency.

Read more

Interpreting the SBOM for the Automotive Industry

Karamba Security | March 02, 2023
Firmware

Why SBOM libraries are so important in the SDV age, and how to assess the risks and mitigate them according to the ISO/SAE 21434 standard.

Read more

The Electric Vehicle (Smart Charge Point) Regulations 2021

Karamba Security | February 23, 2023
vehicle charging station

Overviewing UK’s EV charging stations and energy grid regulations regarding cybersecurity protection and consumption stability.

Read more

Strategic Automotive Cybersecurity Labs for SDVs

Karamba Security | February 15, 2023
Data visuals - automotive

How Automotive cybersecurity labs are filling the knowledge gap for OEMs and Tier-1 suppliers

Read more

SDV – Software-Defined Vehicles

Karamba Security | December 30, 2022
cloud and roads

The future of innovation. Vehicle next generation.

Read more

Act now on software integrity in Critical Infrastructure

Tal Ben-David | August 8, 2022
solar panels

Recently, HP announced implementing Karamba Security’s XGuard CFI into its business printers in order to protect against zero-day vulnerabilities. This new layer, embedded into the most secure printer in the world, provides protection against Return-oriented programming (ROP) attacks. In the extremely exposed world of connected office printers, this security control decision is a very reasonable one.

Read more

Top 7 Cyber Items for EV OEM & Tier1 to Achieve UNR155-ISO21434 Compliance

Assaf Harel | January 30, 2022
electricity on the road

We are sharing our customers’ aggregated experience of the most risky components in connected EVs.

Read more

Tractor – IN, Scooter – OUT: The legislation mandating automakers to protect against hackers has hit the road

Udi Etsion, for Calcalist | January 14, 2022
on-the-road

By Udi Etsion. Originally published on Calcalist, January 14, 2021

Starting in July, protection against cyber attacks will be mandated for all new vehicles in Europe. The head of the UN group that led the legislation clarifies why it is important to protect even a tractor – but not a scooter. Israeli cybersecurity companies are inundated with inquiries from manufacturers.

Read more

Software Composition Analysis vs. Binary Analysis - What are the differences?

Assaf Harel | July 29, 2021
sca vs binary analysis

While one started as a way to map open-source components for license compliance purposes, the other started as a penetration tester’s tool, helping white-hat hackers analyze binary files of embedded systems.

Read more

Why We Offer Software Bill of Materials (SBOM) Generation and Alerts for Free

Karamba Security | July 21, 2021
supply chain

Following the increase of supply chain attacks, Karamba has recently launched a free Software Bill of Materials (SBOM) analysis and free relevant CVE alerts tool. In this blog post we will explain why it is the right time to manage an SBOM and stay on top of new vulnerabilities.

Read more

The Darknet – A Haven for Criminals Under Your Nose

Nir Yehoshua, Security Researcher | May 30, 2021
Dark network

The anonymity of the Darknet has attracted criminals, including cybercriminals and threat actors who offer attack services, research and development of vulnerabilities of websites and recently - more and more IoT devices.

Read more

Tesla X Remotely PWNed by Fuzzed 0-days Bypassing Stack Protections

Assaf Harel, Chief Scientist | May 5, 2021
vehicle on the road

The team chained zero day vulnerabilities, bypassing stack protection and achieving remote code execution to exploit a Tesla X with those vulnerabilities.

Read more

John Deere's Response to a Researcher's Vulnerability Disclosure

Karamba Security | May 2nd, 2021
tractor

John Deere’s cybersecurity response to a discovered vulnerability was good. But a vulnerability on one of their six-figure autonomous farm vehicles that affects safety could be much worse.

Read more

Five Key Elements of a Product Security Program

Assaf Harel, Karamba Security Chief Scientist | April 19th, 2021
binaries

So, you’ve just been hired as Product Security Director at the hottest Automotive company out there. What should you do?

Read more

Securing Product Security: The Verkada Security Breach

Assaf Harel, Karamba Security Chief Scientist | March 19th, 2021
headlights

The recent Verkada security breach should help move our industry in the right direction.

Read more

The Product Security Journey

Amir Einav, Karamba Security CRO | January 4th, 2021
highway

“With great power comes great responsibility”. Internet connectivity in devices, combined with more powerful software capabilities, introduces cyber risks that are inherent to the IoT world.

Read more

GitPaste-12 Swiss-Army-Knife Malware Compromises IoT Devices Using 12 Common Vulnerabilities

Karamba Security | November 11, 2020
gitpaste12

The worm uses GitHub and Pastebin to download its malicious code (Dropper) – hence its name. GitHub and Pastebin are two well-known websites that usually are not blocked by enterprises, and their connections are encrypted.

Read more

How Vehicles Right to Repair will Expose Massachusetts Residents to Cyberattacks

Assaf Harel | September 29, 2020
right-to-repair

The initiative passed with overwhelming voter support on November 6, 2012, with 86% for and 14% against. Motivation was clear: to enable vehicle owners to repair their cars and light trucks anywhere they’d like, hence reduce repair costs.

Read More

Shipping Secured Products by Taking the Sting Out of Remote Code Execution

David Barzilai | September 10, 2020
CVEs_Free

With the increase in sophistication of connected products and IoT devices, manufacturers face an increasing number of Common Vulnerabilities and Exposures (CVEs) reported.

Read more

UN-ECE-WP.29 Cybersecurity Management System Requirements

Guy Sagy | June 30, 2020
UNECE

UN-ECE-WP.29 Cybersecurity Management System Requirements and Karamba Security Product & Services Supports According to ISO/SAE-21434

Read more

The Emerging Role of the Product Security Officer

David Barzilai | May 17, 2020
CISO

As product manufacturers are required to secure their devices, a new, specialized, role is emerging: Chief Product Security Officer (CPSO)

Read more

How Lack of Product Security Caused Zoom Customers’ Defection

Assaf Harel | May 12, 2020
Zoom

In the past two months, Zoom’s users experienced multiple cybersecurity breaches due to Zoom’s lack of product security. Those breaches enabled hackers to intervene in online meetings and compromise the security and privacy of Zoom’s users. Therefore, dozens of companies and organizations banned their employees from using Zoom.

Read more

Karamba Listed as a Top Privately-Held Cybersecurity and IT Infrastructure Vendor

Karamba Security | March 18, 2020
Grid

We at Karamba Security are honored to be listed in the JMP Securities LLC Elite 80 report

Read more

Closing 2019 with CES2020 – A Milestone Year for Karamba Security, and Here Comes 2020

Amir Einav, VP Marketing | January 7th, 2020
Looking back and forward

Like clockwork, CES starts tomorrow and marks the beginning of our annual technology cycle. This is the opportunity to look back at what’s been a big year for Karamba, and imagine what’s coming.

Read more

Amazon Blink XT2 Vulnerabilities Show the Need for Built-In Cybersecurity

Karamba Security | December 17th, 2019
fiber optics

Amazon has released a series of patches for the security camera, but relying on customers to install updates and notice rogue commands is no recipe for security.

Read more

The FBI Agrees – IoT Devices Post Hacking Risks, and Better Cybersecurity Vigilance is Needed

Karamba Security | December 11th, 2019
smarthome

The FBI statements put the onus on the consumer to secure the device, but these devices often come with default passwords and customers can’t always be relied upon to carry out the over-the-air updates the companies send for their devices.

Read more

Survey: Consumer IoT Customers Expect Manufacturers to Embed Security in Devices

Karamba Security | December 8th, 2019
surveyheadline

The survey, entitled “Consumer Attitude Towards IoT Security” found that 74% of respondents expected their consumer “Internet of Things” devices to be secured by manufacturers, and as much as 87% believe it is the responsibility of manufacturers to do so.

Read more

What is Host IDPS built with Control Flow Integrity (CFI)?

Karamba Security | November 4th, 2019
birds eye view

There is no such thing as a hermetically sealed connected device and attackers are always looking for vulnerabilities in code and ways to exploit them. With host IDPS built with Control Flow Integrity though, vehicle ECUs have a state-of-the-art cybersecurity tool to defend themselves.

Read more

For Cybersecurity, it’s That Time of the Year Again

Assaf Harel, Karamba Security Chief Scientist | October 6th, 2019
blue squares

The “hacking season” follows DEFCON and BlackHat each Summer, as hackers work to exploit newly-disclosed vulnerabilities before customers can install patches. This cycle gives hackers a clear advantage and it’s time for a paradigm shift.

Read more

Why Control Flow Integrity is More Important Than Ever

Assaf Harel, Karamba Security Chief Scientist | September 26th, 2019
bus

With billions of resource-limited, connected vehicles and devices set to hit the market in the coming years, there is a clear and present need for CFI that can be seamlessly embedded into these devices without performance drag, false positives, or delays in go to market.

Read more

Marquee BlackHat Presentation Shows the Need for Control Flow Integrity in Automotive Cybersecurity

Karamba Security | September 10th, 2019
traffic at night

It is no longer sufficient to have reactive cybersecurity tools. With CFI, manufacturers have the most effective and state-of-the-art runtime threat detection tool at their disposal to ensure that connected machines adhere solely to their factory settings.

Read more

A Fish out of Water at DEFCON: What Made the Car Hacking Village a Good Time, and My Takeaways about the Challenges of Securing Connected Devices

Adili Shimoni | August 27th, 2019
defcon banner

Earlier this month in Las Vegas, Karamba’s Adili Shimoni had a classic fish out of water experience at DEFCON. In this post, she looks back on an eye-opening week in Vegas, and her takeaways about what it all means for the world of connected devices.

Read more

URGENT/11 Vulnerabilities in VxWorks Show the Difference between IT and OT - And When They Come Together as IoT

Karamba Security | August 8th, 2019
headlights

Of the 11 zero-day vulnerabilities found by Armis, six “are critical and enable Remote Code Execution (RCE).” In this post, we examine how this discovery indicates the importance of embedded security.

Read more

The Karamba Product Security Blog: Remote Code Execution

Karamba Security | August 7th, 2019
patterns

RCE is one of the most devastating cyber threats and requires the urgent updating of security patches anytime a vulnerability is found that can open the door to such an attack.

Read more

“There Must Be No False Positives”

Karamba Security | July 29th, 2019
car in tunnel

Last month, Karamba Security’s Director of PMO, Helen Buchumensky spoke at the German Association of the Automotive Industry (VDA) conference about the importance of cybersecurity in safety critical systems, and why it is crucial that it doesn’t clash with Automotive functional safety requirements. This post is based on her presentation.

Read more

Cyber Warfare in the Middle East Highlights the Need For Deterministic Cybersecurity

Amir Einav | July 28th, 2019
globe

Recent cyberattacks launched by the US and other militaries are a reminder of the vulnerabilities that all connected systems have, no matter how sophisticated or highly-classified they are.

Read more

IoT Devices Present New Security Challenges with No Equivalent in Conventional IT, Government Report States

Karamba Security | July 10th, 2019
city lights

NIST report states that IoT devices must be able to verify software, firmware, and information integrity in order to stay secure.

Read more

‘Jeep Hackers’ Cybersecurity Solutions are Smart, but Don't Address In-Memory Fileless Attacks

Assaf Harel, Karamba Security Chief Scientist | July 9th, 2019
car wheel

When looking over the security architecture designed by Charlie Miller and Chris Valasek, we see some overlooked attack vectors.

Read more

The Writing is on the Wall: Product Security Must be Built in by Manufacturers

Ami Dotan, Karamba Security CEO and Co-Founder | July 8th, 2019
lights

A series of recent publications in the US and Europe indicate that the industry - and government - are starting to take note, and realize the importance of embedded security for connected products.

Read more

IoT Cyber Threats Take Center Stage at Cyberweek 2019

Karamba Security | June 25, 2019
cubes pic

Day 2 of Cyberweek 2019 hosted a fascinating conference on the threats facing IoT devices - and all of us.

Read more

Small Country, Big (Smart Mobility) Dreams

Karamba Security | June 13th, 2019
ecomotion

There’s an elite class of world cities that stand apart from the rest. Cities like Tokyo, Shanghai, London, New York, and San Francisco, which drive the global economy and chart the course of human progress. There are also cities like Tel Aviv that punch above their weight when it comes to innovation, talent, and the ability and desire to shake things up a bit.

Read more

Karamba Hosts Ford Motor Company Chairman Bill Ford for Cybersecurity Demo

Karamba Security | June 12th, 2019
circle

Ford and the Karamba team discussed the importance of cybersecurity as the automated car revolution picks up speed.

Read more

Intel Shadow Stack – A Bridge Too Far for the Tech Giant?

Karamba Security | June 11th, 2019
green lines

Intel has yet to deploy its Control-Flow Enforcement Technology (CET) in its for-market processors, yet another testament to the importance of control flow integrity (CFI) for addressing in-memory cyberattacks.

Read more

Renault-Nissan-Mitsubishi Alliance Opens New Innovation Center in Tel Aviv

Karamba Security | June 10th, 2019
headpost

Karamba Security is among the select group of Israeli hi-tech companies that the alliance has chosen to work with on joint prototyping projects.

Read more

For Third Straight Year, Karamba Security Wins Big at TU-Automotive Detroit

Karamba Security | June 6th, 2019
gold lines

It is the latest in a long line of accolades for Karamba Security, which provides embedded, deterministic security for automotive, Industry 4.0, enterprise edge, and IoT connected systems.

Read more

How Karamba XGuard Can Help You Meet NIST Cybersecurity Guidelines

Karamba Security | June 3rd, 2019
nistarticle

A quick look at recent NIST reports on cybersecurity reveals how Karamba’s Carwall and XGuard security suites can help systems and companies meet these federal guidelines for cybersecurity.

Read more

What 'Knight Rider' Got Wrong About Automotive Cybersecurity

Karamba Security | May 30, 2019
knightrider

This 1983 episode of “Knight Rider” shows an early TV depiction of a remote hack of an autonomous car — and it gets almost everything wrong. Let’s take it step by step.

Read more

In Baltimore Cyberattack, the Blueprint for Ransomware Mayhem

Karamba Security | May 27, 2019
skylinecity

Imagine your data and the keys to your operating system have been seized in the hands of faceless, nameless hackers who caught you slipping. They’ve named their price and the clock is ticking – pay up or lose all access to your system.

Read more

Let Hackers in and Shine a Spotlight on Them – How Karamba’s ThreatHive works

Aviv Sinai, Karamba R&D engineer | May 22nd, 2019
ThreatHivee

Imagine a home security system that lets burglars in through the front door - and records their every move. Now you have an idea of what Karamba is doing with ThreatHive.

Read more

The Sheer Volume of Attacks on Connected Vehicles: What You Need to Know

Karamba Security | May 22nd, 2019
Fireworks

If you have a connected vehicle, then by the time you finish reading this post it may be targeted by more than three dozen attack attempts.

Read more

Automobiles - The Ultimate Manufactured System

Karamba Security | May 13, 2019
brightlights

At some point, the most sophisticated, earth-shattering hacking campaign could be launched from your fridge.

Read more

Why Karamba Security is Expanding

Ami Dotan, CEO and Co-Founder | May 13th, 2019
Fireworks

Karamba CEO and Co-Founder Ami Dotan explains the decision to expand into the wider world of connected systems – from Industry 4.0 to consumer IoT, and enterprise edge devices.

Read more

Q&A Twitter Session with Assaf Harel

Marketing Team at CES | January 10, 2019
CES 2019 Booth

Answering our Twitter followers’ questions on Automotive Cybersecurity and More.

Read more

Why 2019 Will Be a Great Year

Amir Einav, VP Marketing | December 31, 2018
city lights

As we close 2018 let me share a prediction- Karamba Security, and Automotive Cybersecurity in general, are heading towards a great year.

Read more

Karamba, Check Point, and Mobileye to Represent Israeli Industry in First-Ever Israel-Taiwan High-Tech Forum

Amir Einav, VP Marketing | August 24, 2018
computer code

Karamba Security, Mobileye (INTC), and Check Point Software (CHKP) were selected as the three companies invited to present the Israeli high-tech industry in a business-to-businees forum held by the Taiwan External Trade Development Council (TAITRA) this week.

Read more

Karamba Security's Challenge of RiCAN Morty at DEFCON's Car Hacking Village

Roi Inbar, Innovation Engineer | August 16, 2018
RiCAN Morty banner

DEFCON is one of the biggest Hacker conferences – a blend of curious, creative, geeks and professionals come to one place with the aim of looking at the things we use every day in a different way and making them act differently than they were designed for.

Read more

The Hacking Challenge of the Year - RiCAN Morty - at DefCon 26 2018

Assaf Harel, Chief Scientist & Co-founder | July 23, 2018
RiCAN Morty banner

Are you ready for DefCon 26? We are! If you want to participate in our challenge we recommend you to sign up on time.

Read more

Researchers Identify Multiple Vulnerabilities in Connected Systems in BMW models

Assaf Harel, Chief Scientist & Co-Founder | May 24, 2018
Autonomous Security

Vulnerabilities represent another example of how important it is to ensure that in-vehicle software is not tampered with after it leaves the factory.

Read more

In-Memory Protection and the Recently-Discovered Vulnerability Exploits

Assaf Harel, Chief Scientist & Co-Founder | May 2, 2018
Vehicle Security

This week’s research news: A Vulnerability in Infotainment Systems used in VW and Audi Models

Read more

At CES, Preventing Cyber Attacks Drove OEM & Tier-1 Interest in Karamba’s Autonomous Security

David Barzilai, Chairman & Co-Founder | January 22, 2018
CAN car banner

Karamba Security Suite, CES 2018, Las Vegas, NV.

CES started as a B2C tradeshow and B2B is now equally important. For the automotive industry, cybersecurity was one of the major areas of interest among OEMs and Tier-1s who came to Las Vegas to learn about attack vectors and prevention.

Read more

How to Build a CAN Sniffer

Itay Khazon & Eli Mordechai | January 18, 2018
CAN car banner

Overview

CAN Bus - Controller Area Network bus - is a high-integrity serial bus system for networking intelligent devices adopted by the automotive industry and, in 1993, it became the international standard known as ISO 11898.

Read more

Extracting the Content of a QNX IFS Image

Evgeny Dratva | October 19, 2017
QNX banner

How to approach dumping a QNX Image

While integrating Karamba protection into a QNX IFS image, I found that I first needed to extract the contents of a ready IFS image in order to inspect the binaries on the build machine for Karamba whitelisting purposes. I needed to know what those binaries would look like in their “final” form, after they’ve been stripped of debug symbols and otherwise modified by the IFS building utility.

Read more

Changing CAN Protocol isn’t a Solution – ECU Hardening Is

David Barzilai, Chairman and Co-Founder | September 12, 2017
Trend Micro CAN Protocol

CAN Protocol Vulnerability

Recently, Trend Micro published a technical brief discussing a vulnerability they found in the CAN protocol, which enabled denial of service (DoS) attacks to be invisible to CAN-based intrusion detection solutions. In the technical brief, they recommended that car manufacturers change CAN protocol in their vehicle, in order to make cars immune to such DoS attacks.

Read more

Snatching a Self-Driving Vehicle With an ipad

Karamba Security | August 31, 2017
Car Driving banner

An exposition participant for an annual conference event on robotics and new technologies (We’ll call them ICORP) convened with Karamba to create a joint demo presentation.

Read more

Netflix’s iBoy Shows the Dangerous Possibilities of Car Hacking

Karamba Security | August 24, 2017
iboy banner

iBoy is a sci-fi movie set in near-future London. A teen traveling to see his friend after school finds robbers in his friend’s house; he is shot in the head before he can escape.

Read more

The Connected Car Security Seminar Tokyo, Japan

Karamba Security | July 16, 2017
city lights

Asgent, Inc., Sumimoto’s SCSK Corporation, and Karamba Security hosted the Connected Car Security Seminar on Autonomous Security Products in Tokyo, Japan on July 3rd, 2017. The Seminar featured methodologies behind security protection of Autonomous Vehicles focused on Electronic Control Units (ECUs).

Read more

What Happens When Car Scrapping Goes Wrong?

Karamba Security | July 13, 2017
swirly lines

While it’s nice to think that all cars go to Car Heaven, in reality they go through a scrap metal recycling process. In order to recycle the remains of your vehicle, you need to get a special permit and find an Authorized Treatment Facility (ATF).

Read more

Karamba Steps up to Cross-industry Calls on Autonomous Car Security

David Barzilai, Chairman & Co-Founder | June 08, 2017
Test pic

Implementations to Automotive Connectivity

Connected cars increasingly rely on computer processors and upwards of 100 million lines of computer code to operate. With the proliferation of processors and vehicle software the cyberattack surface and sophistication of hacks has grown.

Read more

Introducing a Different Cybersecurity Solution - EcoMotion

Karamba Security | May 18, 2017
Ecomotion Logo

EcoMotion 2017

EcoMotion is a community with over 700 affiliated organizations related to the Smart Transportation sector. EcoMotion’s 2017 Main Event presented a showcase of vehicle technology companies and a variety of panels and presentations. Ami Dotan, CEO & Co-Founder of Karamba Security, was invited to participate at the “Cyber for Cars” panel to answer paramount questions that concern the automotive cyber security industry.

Read more

A Different Auto Cyber Security

Assaf Harel, CTO & Co-Founder | May 16, 2017
Test pic

Security bugs in the connected vehicle

In A hacker’s guide to fixing automotive cybersecurity, Charlie Miller puts in perspective which cyber security challenges exist for the automotive industry. The article’s conclusion is that all software -even the most reliable- contains security bugs. Even the ones coming from software mammoths such as Microsoft, Google and Apple. The ramifications of these vulnerabilities in cars, evidently, can be severe.

Read more

Want to learn more?

Contact Us
Loc

Israel

24 HaNagar Street
Hod Hasharon
45277-13
Tel: +972 9 88 66 113

Loc

USA

41000 Woodward Ave
Building East, Suite 350
Bloomfield Hills, MI 48304
Tel: +1 833 4KARAMBA

Loc

Germany

Wasserburger
Landstr. 264, Munich
81827
Tel: +49 892 1547 7583