Trillium Featured in EETimes: The Emerging Automotive Cybersecurity & The Actors Enabling Secure Cars

Trillium was recently featured in a EETimes piece as a prime example of a Automotive cyber security vendor. Amongst the companies in the emerging automotive cybersecurity market, we are the only company mentioned to deliver disruptive technology that was “previously thought impossible” – realtime encryption and key management of the CAN Bus.

This specifically relates to our patent pending, SecureCAN technology, a key component of our SecureCAR cybersecurity software suite.

As always Trillium is excited to be part of the discussion about how to create truly safe cars for the future – it is our mission!

 

Trillium on The CHES 2016 Panel: Exploring The Future Of Cryptographic Hardware and Embedded Systems

Trillium’s President & CEO, David M.Uze was selected as a panelist for the Conference on Cryptographic Hardware and Embedded Systems (CHES) 2016 along with Gemma Galdon Clavell, Alex Gentian and Daniele Perito. The conference was held in Santa Barbra from the 17th to 19th of this month.The panel discussed the current problems faced and gave insight into the future of cybersecurity and cryptology driven safety. Automotive cybersecurity was recognized throughout the panelists as a major, pressing, issue.

The over all sentiment was that, while white hat hacking of cars generate significant world wide media interest, they represent a fraction of the actual attacks performed. Hacks purported by the grey-hat and black-hat community are far more concerning, especially considering the dynamic and well organised global community of not necessarily do-gooders that make up these forces.

Increasing government involvement was also discussed. Safety critical seatbelts and airbags only became a mandatory for cars after government regulation made it so. The historical slow moving nature of the automotive industry makes government regulation a necessity to protect people from the critical threats we are facing. On the other hand, there are some concerns with certain governments requiring technical backdoors into safe systems. There were discussions of the establishment of standards and of industry regulation, like the smart card industry, but ultimately it was agreed that government regulation is eminent.

The fundamental need for a layered approach to automotive cybersecurity was identified – multiple levels of security must be implemented throughout the automotive system.Trillium’s layered strategy, the SecureIOT suite, including SecureCAR, IVN (In Vehicle Networks) protection, SecureIXS, smart firewall and SecureOTA, for instant updates creates the needed eco-system – was presented and recognised by the expert panel and the audience. “

Hack a Car = Locked Up for Life?: Future Car Hackers in Michigan Facing Possible Life Sentence

As mentioned in a recent Computerworld article, a bill is currently being proposed in Michigan, that if passed into law, will make car hacking a felony punishable by life time imprisonment. As the automotive center of North America, it is not surprising to see the The Great Lakes State being at the forefront of providing safety to it’s citizens and keeping up with automotive innovations. On a broader scale, this is a clear indication that legislative bodies are beginning to recognise the severity of the risks that cyber attacks to cars pose. Country wide regulation of automotive cybersecurity is likely to follow suit. 

We at Trillium applaud this development – our solutions are made with the conviction that the malicious attacks on automobiles must be taken seriously – seeing that the justice system is on the same path is a great testament to the urgent need for cyberproof the transportation of the future. 

6 Ways Your Car is Being Targeted by Hackers: More Than Just Your Vehicle Is At Risk

The vulnerabilities of automobiles are continuously been exploited by tech savvy carjackers known as “connected car thieves” – a recent piece in CSO showcases 6 ways these criminals are manipulating vehicular computer systems – the result of which is not only limited to taking control of your car, but also stealing personal data, including credit card information and even social security numbers.

The long, 10+ year life cycle of cars, compared to the relatively short 2-3 years of a smart phone, give hackers more time to develop attacks and find entry points to compromise. Static security measures can therefore never keep up with continually evolving attacks – a dynamic security approach is needed in to tackle all the new threats that will emerge in the smart car landscape in coming years.

Trillium provides revolutionary technology through our cyber security suite, SecureCAR, SecureIXS and SecureOTA that effortlessly and continuously upgrades the security of any vehicle – enabling car owners to stay ahead Hacker efforts. Protecting the lives and property of people on the road is our number one concern.

 

A Quarter of All Car Vulnerabilities At “Critical Level”: The Need for a Completely New Approach to Automotive Cyber Security is Evident

Amongst all the IoT car vulnerabilities discovered in the last three years, 25 percent of them have been rated “critical” by security firm IOActive – meaning they can cause some serious damage if exploited.

Most of these flaws are unlikely to be resolved by or even able to be fixed by automakers – easily compromised vehicles, where simple hacks can have fatal results, will continue to roam our streets – which is entirely unacceptable.

This problem stems from the security philosophy Automotive OEM’s have had –  security is achieved though obscurity – keeping details of their system close guarded secrets. The back side to this closed off approach is the constant hunt for entry ports by the black mail fuelled hacker community. There is no doubt that, the published hacks make up only a fraction of the actual issues involved – only the tip of the ice berg. It’s not all bad though, we are finally beginning to see a shift OEM’s approach – a changing Automotive climate is forcing interaction with third party security firms.

The automotive industry needs security expertise from third parties like Trillium – together we can create solutions that will not only reduce the future issues but even fix the ones faced today. With our layered SW based approach we can even retrofit the cars currently deployed – significantly reducing the critical hacks at work today.

The Jeep Hack in Detail: How Hackers Easily Take Control of Your Car

 

The two automotive cybersecurity researchers responsible for the highly publicized Jeep hack – Charlie Miller and Chris Valasek – have published their work. They specifically focus on how to manipulate the CAN bus, which is the gate way to controlling the entire vehicle.

Their research clearly identifies the problem with the current system – the complete lack of security built in. Possibly fatal hacks are made possible, as the CAN bus today, in its native state, is completely unencrypted – with easy access to the root hackers can do literally what ever they want!

Trillium’s SecureCAR solution includes SecureCAN which provides encryption, authentication and key management for the CAN bus – in real time. SecureCAN protects the CAN bus from any and all exploits Valasek and Miller identified – with SecureCAN implemented the Jeep hacks would never have been possible.

The Dawn of a New Day in Computing is Here: NIST To Create Lightweight Cryptography Cipher Standard

As the advent of small, smart computing devices have exponentially increased in the last decade, the often compromised security aspect of these resource constrained devices can no longer be overlooked. With literarily hundreds of millions of smartphones, watches and cars vulnerable to simple hacks the time has come to act. Lack of protection comes from that conventional block ciphers, that are standardised today, typically are far too resource hungry and heavy for these memory weak systems and chips – alas Lightweight cryptography, a new branch of cryptography specifically designed for IoT systems is becoming increasingly important to solve the problems faced.

NIST recently published the “Report on Lightweight Cryptography” – a clear recognition of the need for standardisation also in this realm, representing a huge leap forward for the industry. The creation of a lightweight cryptography standards will have ripple effect through out the security landscape, improving safety in all leads.

Trillium has been using lightweight cryptography for our cybersecurity solutions, thanks to the many benefits, since inception – It is a great for us to have NIST on board, leading the way towards a new area of cyber security.

 

The Jeep Hackers Back in Action: The True Threat of Car Hacking

You may remember the notorious Jeep Cherokee hack back in  2015, that caused a massive 1.4 million vehicle recall for Chrysler and sparked world wide interest in car hacking – well now the two automotive cybersecurity researchers Charlie Miller and Chris Valasek, that performed the original hacks are back with new, even more severe, eye opening attacks.

In their previous hack, they were able to shut down, paralyse and disable the breaks – compromising the entire vehicle –  at low speeds remotely – a daunting  proportions to say the very least. The two researchers have continued their hacks on the Chrysler platform, in an attempt to highlight what  can happen if the Black Hat community commits to cause as much damage as possible – the results of these efforts are far worse than that of last year.

The new hacks, although not remote, are able to execute far more advanced actions – slamming the breaks, accelerating and even suddenly turning the wheel – all at high speed – which could easily cause the vehicle to tip over.  A recent WIRED piece focuses on these hacks, including a videos of the hacks in acton – forcing any skeptic to accept the fatal risks involved and the potent threat that car hacking represents.

These dangerous hacks were done by manipulating the CAN bus, one of the most common and vulnerable part of any connected car today – Trillium provides a unique, patent pending cybersecurity solution for this specific central port of the car called SecureCAN. These life threatening hacks would never be able to do harm a car that has our SecureCAN technology enabled.

Diffie & Hellman earn The 2015 Touring award

The two scientists that created a whole new section in the cryptography world has received a honorable award for this amazing achievement. The two scientists was bestowed the 2015 Touring award, which is considered the ‘nobel prize of computer science’.

Their work in asymmetric cryptography has revolutionized the computing landscape and has been in use for more than 20 years – a real leap in computing.

Many modern innovative technologies are based on their work – such as RSA and Bitcoin. Trillium also uses Diffie and Hellman’s work in our cryptographic solutions.

Trillium congratulates Diffie & Hellman for their achievement and praise them for what they have bestowed to society.!

Bitcoin also congratulated them and gave credit in the following article – read it here.

Black-hat car thieves arrested: 100+ vehicles stolen

With recent hype in media, automotive cybersecurity has really become a buzz concept – numerous automotive hacks have been widely published, often performed by white-hat security researchers. These technical vulnurabilities are usually resolved by the manufacturers with the help of the researchers before being known to the public.

In fact, the real threat are the malicious black-hat hacks that are executed covertly under our noses.

In a recent piece Security Affairs explores just such a hack – two black-hat hackers were arrested by Huston police, after hacking and stealing more than 100 cars! The hackers are suspected to have gained access to a database that held the key information needed to hack each and every individual vehicle. Any kind of database stored on a server is a easy targets for hackers.

Trillium’s SecureCAR technology has been fundamentally developed with the concept of generating keys within the car this eliminates any centralized database that holds important information. – enabling cars with SecureCAR immune to such an attack.

What really is alarming is the amount of black-hat hacks out there today that are not being publicized. The urgency for automotive cybersecurity today can no longer be ignored!