In 2015, researchers Charlie Miller and Chris Valasek remotely hacked into a Jeep Cherokee driven by Wired reporter Andy Greenberg in an attempt to warn the auto industry of their software’s potential pitfalls and inspire a automotive cybersecurity legislation. He did this and more. Fiat Chrysler, owner of Jeep, eventually recalled 1.4 million vehicles and paid the National Highway Traffic and Safety Administration $ 105 million in fines.
Aside from a blow to Jeep’s branding, Yoav Levy, co-founder and CEO of auto cybersecurity company Upstream, estimates that the blow cost the automaker more than $ 1 billion in losses due. to reminders. On Tuesday, Israeli company Upstream announced a $ 62 million Series C fundraiser that it will use to bolster its cloud-based car security to ensure such remote hacks do not occur.
“From the automaker’s cloud, we monitor all the data sent to the vehicle before it actually receives it, and if we do a good job, we can block those messages before they reach the car. Levy told TechCrunch. “We analyze data from connected cars and telematics data that is downloaded from vehicles, analyzing data from mobile phone apps or live updates and look for anomalies in the data. “
In addition to further developing its security operations, Upstream also intends to use the new funds to expand its offerings in data analytics, insurance telematics, predictive analytics and business intelligence, a declared the company. Levy said that Upstream often finds anomalies in the data it analyzes that are unrelated to cybersecurity and thinks it’s a chance to create additional applications for OEMs to provide additional insight.
That said, Upstream could very well focus on automotive cybersecurity, a market expected to grow from $ 1.9 billion in 2020 to $ 4 billion in 2025. Reinforcement mandates are partly responsible for this growth. The Global Forum for the Harmonization of Vehicle Regulations (WP 29) has published compliance with the e-vehicle regulations which require manufacturers selling cars in Europe, Japan and Korea to monitor their vehicles 24/7. / 7 with a vehicle security operations center (VSOC). A VSOC is like a control room filled with analysts monitoring infrastructure, cloud, data, and firewalls at all times. Although the United States has no cybersecurity mandate in place for the auto industry, automakers are still increasingly interested in producing their product and branding, lest they suffer the same fate. as Chrysler-Fiat.
Besides its cloud-based analytics tools and dashboard, VSOC is also a service offered by Upstream. The company currently has nearly four million connected vehicles from six different manufacturers on its platform in the United States, Europe and Japan, Levy said. He expects that number to continue to grow as more and more connected vehicles hit the streets.
“Cars are getting more connected every year and OEMs are doubling the amount of data they collect each year,” Levy said. “It’s not just the car and the cloud, but also the vehicle-to-vehicle infrastructure, much more sophisticated modules and computers inside the car that are making advanced computing, ADAS systems, computer vision, level two of autonomy and soon level three. So with the complexity of connectivity, it is inevitable that there are software bugs that could be exploited by hackers who will take control and inject their own code.
While the idea of someone hijacking your car from a distance and starting to scream music as it smashes you into a wall is scary, Levy says most hackers aren’t looking for violence, or even your car. . They want your data. This is especially important with fleets, and it often manifests as ransomware attacks.
“Think of it like it’s Christmas Eve and you’re a last mile delivery company, and suddenly you can’t unlock your doors or start your engines anymore,” Levy said. “It’s not good for business.”
Levy says this is where cloud-based security comes in handy as well. Rather than looking into one car at a time, you get an overview of the fleet and all connected devices, as well as any data coming in from the internet that could be malicious.
Upstream’s path to market is primarily driven by the conviction of automakers that this technology is needed, but Levy says fleets are the next big opportunity for the company within a year or so.
With this latest round, the company has raised a total of $ 105 million since its founding in 2017. Series C was led by Mitsui Sumitomo Insurance and was joined by new investors IDI Insurance, 57 Stars’ NextGen Mobility Fund and La House Partners. Existing investors Glilot Capital, Salesforce venture, Volvo Group Venture Capital, Nationwide, Delek US and others also participated in the round.
Levy said some of his historic investors are clients as well. Upstream is funded by Alliance Ventures (Renault, Nissan, Mitsubishi), Volvo Group Venture Capital, Hyundai, Nationwide Insurance, Salesforce Ventures, MSI, CRV, Glilot Capital Partners and Maniv Mobility.