Following the X-HUB kick-off event at which our sales team introduced Trillium’s solutions, Trillium is pleased to announce its selection for the prestigious X-HUB TOKYO program. The week-long program will include Trillium playing a leading role at follow-up events hosted by Plug and Play in Shibuya on the 20th and 22nd of February. As a global innovator in the automotive cyber security sector, Trillium will use this opportunity to further develop our presence in the European market, capitalizing on our customer and partner relationships in the region. Trillium would like to extend its sincerest thanks to everyone that helped to make this possible.
On December 12, Trillium participated in A-ha! 2017, a gathering of Fortune 1000 executives, investors, academics and startup founders. While more than 2,000 companies applied for the opportunity to pitch at Demo Day, Trillium Secure, Inc. was one of 40 companies chosen to present at the conference. Of those 40, Trillium Secure, Inc. is honored to have been chosen as the Most Promising Startup. CB Insights selected Trillium Secure, Inc. to participate in this event as part of an elite group of startups driving progress in artificial intelligence, fintech, health and bleeding-edge technologies. We thank the organizers of the event for making such an opportunity possible, and hope to see continued support from the CB community.
As the Techcrunch Disrupt Berlin 2017 conference comes to a close, Trillium would like to extend thanks to the event organizers, judges, and everyone else who contributed to the event.
Techcrunch Disrupt was an excellent event for Trillium, culminating in a Top 15 finish out of the 600+ startups in attendance. We are honored to receive this distinction, and would like to congratulate the overall winner of the Startup Battlefield, Lea, on their victory. We are honored to have been able to share the same playing field, and look forward to hearing of their continued success.
During TechCrunch Disrupt Berlin 2017, Trillium saw continued success in our networking and development efforts. Trillium’s President and CEO, David Uze, commented shortly after the event, noting the “immediate interest from the largest OEMs and Tier 1’s in Europe following the presentation of our Cyber Security as a Service (C-SaaS) revenue sharing business model”. Our advancement into the European market mirrors our progress in the Asian and North American markets. Trillium is committed to becoming the one-stop shop for automotive cybersecurity worldwide, and this event marks yet another milestone towards realizing that goal.
Hundreds of thousands of hours of research, development, and market research have gone into the development of Trillium’s portfolio, and to see that effort bear fruit is the best reward we could hope for. We are overjoyed at the overwhelmingly positive response to our C-SaaS model and multilayered cyber security approach shown by the TechCrunch community. This recognition on such a prestigious platform has fortified our resolve that our solution to automotive cyber security truly is the best. We look forward to the continued support of the startup community in our mission to make the streets of today and tomorrow cyber-safe.
Trillium is honored to announce that it has been selected as a finalist in TechCrunch’s Startup Battlefield at TechCrunch Berlin 2017. We are honored to receive this recognition from such a prestigious organization, and are deeply grateful for the continued support of the startup community. We extend our most sincere thanks to everyone who helped organize the event, and look forward to seeing continued support for Trillium and its products.
Between insurance, new technologies, and safety laws, smart cars bring up several complicated issues – though none are perhaps as challenging as the issue of cybersecurity legislation. The concerns surrounding automotive cybersecurity legislation lie largely with the issue of liability in the event of a hack, a subject that seems simple at first, but upon further inspection reveals a subjective, polarizing topic. In his article on ITProPortal, Jaeson Yoo elaborates on this complexity, highlighting the key challenges preventing any clear answer from being made.
Yoo begins by discussing the urgency of the matter, detailing the United States’ government’s motivations to quickly develop legislation governing automotive cybersecurity. He details how dangerous a car in the wrong hands can be, stating that “Cars, while convenient, have the potential to be deadly, as evidenced by the increasing number of terrorist attacks using automobiles. Vehicles can be used to run over a large group of pedestrians. They can even be used as a way to deliver suicide bombs in strategic situations to maximize catastrophic damage. In other words, ways to utilize the automobile for deadly means are practically limitless, a dilemma that is only certain to grow more complex as cars get even more connected and eventually start driving themselves.” The message is clear – transportation technology is critical to society, but in the wrong situation, cars can be used to cause profound destruction. As cars become more connected, the threat only becomes greater. A single car can already cause major damage. As the amount of connectivity and automation available increases, this already daunting threat has the potential to grow to control thousands of cars within a single fleet.
This reality is the driving motivation behind the new wave of legislation. Governments around the world are rushing to ensure that adequate legislation is in place in the event such a tragedy occurs, but this hastiness has highlighted a different problem – a lack of interest in the automotive industry to address this serious problem. OEM’s lack serious expertise on the subject of cybersecurity, and thus are reluctant to take a position at all. This cannot be the case, especially when lives are at risk.
Simply avoiding the issue of cybersecurity is unsustainable. Tesla’s Model 3 is an example of what the future looks like – every function is controlled via the central touch display, foregoing physical buttons and dials for a pure software experience. This futuristic, visionary design has resulted in a massive backlog of nearly 500,000 reservations for the Model 3. Consumers are demanding connectivity in cars today more than any other feature, a call that cannot be ignored without serious damage to traditional OEM’s business. It is clear that traditional OEM’s will have to adapt to remain competitive with newcomers such as Tesla. This adaptation cannot happen as long as OEM’s ignore cybersecurity.
Trillium’s broad portfolio of products & services empowers OEM’s to secure their products from the conceptual stage all the way through end-of-life support. From consulting to penetration testing to providing cybersecurity solutions, Trillium is uniquely positioned to provide a complete and total solution to all things cybersecurity.
This week in Los Angeles, California, Trillium is proud to announce that it has been selected as a recipient of the prestigious Red Herring Top 100 Global Startup award. We are honored by the Red Herring community’s continued support of Trillium and will strive to live up to the high hopes set for us by the international startup communityThis week in Los Angeles, California, Trillium is proud to announce that it has been selected as a recipient of the prestigious Red Herring Top 100 Global Startup award. We are honored by the Red Herring community’s continued support of Trillium and will strive to live up to the high hopes set for us by the international startup community.
As an industry that thrives on the weaknesses of human drivers, automotive insurance is facing a difficult problem in the coming of autonomous cars. Not only are autonomous cars themselves proven to be safer drivers than humans, but they, in turn, create a safer driving environment for people not piloting an autonomous vehicle. This reality will no doubt lead to car insurance premiums falling as smart and self-driving cars begin to populate the roads of the world. Tesla motors, a pioneer in the autonomous vehicle sector, has recognized this concern and has taken steps to capitalize on it.
Earlier in October, Electreck posted an article informing that in a partnership with Liberty Mutual Insurance, Tesla’s “InsureMyTesla” insurance program was coming to the United States and Canada, after successful implementation in Hong Kong and Australia. The unique insurance package offers Tesla customers features such as a guaranteed rate for one year, 24-hour roadside assistance, genuine replacement parts, and others. Each of the items detailed in InsureMyTesla are designed to augment the autonomous capabilities of the cars, giving incentive to enroll in specialized insurance. In retrospect, it seems obvious – new cars need new insurance. A big part of that insurance is no doubt going to be cyber security insurance.
The revolution of the car insurance industry is already on the way. With safer streets and cars that need less maintenance, traditional insurance models will fall out of favor in place of plans that offer solutions to the new problems cars face. Data analytics, user-based insurance, and cyber security are features Trillium expects to see top the list of desired outcomes from insurance providers. With vehicle hacks being the largest area of concern regarding autonomous vehicles, the need to feel safe from such a threat will no doubt manifest itself in the inclusion of cyber security in insurance packages. To boot, according to a 2016 Kelly Blue Book study 50% of people surveyed were willing to pay $9 monthly for automotive cyber security as insurance or a subscription software. These signs all point to cyber security becoming a highly sought-after quality in any provider’s insurance package.
To meet this demand, Trillium has developed it’s Cyber Security as a Service (CSAAS) business plan, utilizing a B2B2B2C market strategy. This allows for the maximum amount of input from both automotive manufacturers and insurance providers, leading to the best user-oriented solution possible. Trillium’s SecureIOT is optimal for this implementation, covering every important aspect of autonomous car insurance. SecureSKYE provides advanced data analytics, leading to more refined user-based insurance policies, while SecureOTA allows for the swift implementation of necessary software updates. As the autonomous insurance landscape develops further, the value of SecureIOT’s multilayered protection will make itself clear, leading the way to a safer tomorrow.
Brakes, steering, accelerator. When asked to name some of a vehicle’s most crucial components, these are some prominent ones that come to mind. The amount of control that they provide to the vehicle’s function is indisputable; any technology linked to them must be scrutinized heavily before it is allowed to be deployed. Such careful evaluation is necessary in producing systems that have minimal vulnerabilities, so it is no surprise that the aforementioned systems are some of the robust. There is, however, one system that holds just as much importance yet has been compromised – airbags.
On October 10th, a vulnerability report was submitted to the Natural Vulnerability Database (NVD) detailing an exploit in passenger vehicles manufactured in 2014 or later that could lead to the airbag being intentionally detonated outside of expected circumstances. The CAN vulnerability, labeled CVE-2017-14937, stems from the lack of security governing the security access needed to detonate the airbags.
According to the published technical report, the ISO standard 26021 represents the only barrier to unauthorized detonation of the pyrotechnical charges linked to the airbags. This protection consists only of a key and seed pair that can be calculated via a weak algorithm that complies with ISO 26021. Since the algorithm is available to anyone with access to the ISO, the proper key can be easily calculated.
Furthermore, a brute-force attack can also cause the detonation of the airbag – as the key proposed by ISO 26021 is only of two bytes. This results in only 65536 different possible keys, a small list for any script to exhaust. This is further magnified by the fact that, according to the ISO standard, “There is no time period which needs to be inserted between access attempts,” meaning that a brute force attack on the system will take place in a miniscule amount of time.
Ironically, the first of these bytes is also mandated to include the definite version number (0x01) of the implemented load detonation method – a reality that, in practice, leaves only one variable byte for the key. With the number of possible keys reduced to a mere 256, the threat this vulnerability poses cannot be underestimated. This guarantees that even without access to the algorithm provided in ISO 26021, the vulnerability can still be exploited at the expense of the passengers.
This discovery points out a dire flaw in the automotive industry’s approach to the security of its in-vehicle networks. The security access originally designed to prevent such premature deployment of a car’s airbags has been turned into a weapon against the consumer – one that could cause severe injury or death. As vehicles continue to rely more and more upon computer systems, appropriate levels of security must be developed in tandem. Without multiple robust layers of protection at every level, smart cars are little more than moving time bombs.
“The digital world offers unprecedented opportunities. Nevertheless, opportunity comes with risks, and one of these is the threat of a direct cyberattack on your car or indeed a whole fleet of vehicles. Keeping cybersecurity risks for connected vehicles in check is therefore of crucial importance.”
These words, spoken by Erik Jonnaert, Secretary General of the European Automobile Manufacturers’ Association (ACEA) perfectly summarize the hurdle facing connected cars that is cyber terrorism. The ACEA represents 14 Europe-based car, van, truck, and bus makers – including Volvo, Daimler, and Volkswagen among others. The consensus of their members on automotive cybersecurity is clear indication of its importance to the industry.
The limitless opportunities stemming from the increased connectivity of connected cars host a slew of vulnerabilities that, if exploited, will threaten personal data, public and private property and human life.
In order to bring these threats into focus, the ACEA published six key principles of automotive cybersecurity for the industry to adhere to. These principles establish a foundation for more developed, specific guidelines to build upon in the future. As reported by Automotive World, they are as follows:
1. Cultivating a cybersecurity culture
2. Adopting a cybersecurity life cycle for vehicle development
3. Assessing security functions through testing phases
4. Managing a security update policy
5. Providing incident response and recovery
6. Improving information sharing amongst industry actors
The principles echo many valuable sentiments put forth by other legislative bodies over the past year, drawing emphasis to the necessity of a cybersecurity culture and secure update policies. The call for appropriate incident response procedures is also familiar, with the United Kingdom’s “Key Principles of Vehicle Cyber Security for Connected and Automated Vehicles” identifying the same need.
While an important step in the development of best practices and in-depth cyber security guidelines for vehicles, the principles laid out by the ACEA serve as a valuable foundation. Instead of serving as a standard for the quality of the security needed in the industry, the ACEA’s principles provide guidance for the path manufacturers should take in developing their automotive cyber security. The framework set by the principles will likely grow to include specific technical requirements for cybersecurity as the industry matures. In time, more data will be available in this yet-blooming field, driving forward the new age of safety policy and legislation.
This past Monday, at the Autotech Council of North America’s “Silicon Valley Reinvents the Wheel” conference, Trillium had the honor of presenting its technology and business strategy to a gathering of industry and VC executives from around the world. Our novel and multilayered approach to automotive cyber security was well-received by council and audience members alike. In addition, Trillium had a great showing in the Council’s Science Fair, showcasing our SecureCAR technology in tandem with our BrainBox In-Vehicle-Network facsimile. We wish to extend our heartfelt thanks to the organizers of the event and the Autotech Council for making such an opportunity possible.