Meet Trillium at Con Car Expo 2018

Excerpts from escar USA 2018: Making the Michigan Market

Known as one of the first regular, automotive cyber security-focused events, the escar conference series has made itself a key part of the automotive security ecosystem. Showcasing new products, strategies, and research from industry veterans and newcomers alike, escar brings cutting-edge developments together in every major automotive market. As in previous years, Trillium attended the conference alongside its industry partners and customers to help spur the innovation of the automotive cyber-security and data management field.

Escar USA 2018 is no exception, gathering automotive and security industry professionals in the Metro Detroit for the sixth year in a row. The myriad of thoughtful presentations held at the venue came from both industry and academic experts, detailing possible technological solutions to problems facing connected and autonomous vehicles, new innovative technologies, and in-depth analysis of hacks performed on vehicle subsystems by researchers.

A trend that saw a significant rise in popularity at escar is the use of cyber-security methods at relatively lower abstraction levels. This includes hardware and digital signal analysis-based intrusion detection and protection systems, such as the analysis and subsequent phishing attack on clock-based intrusion detection systems by researchers at the University of Michigan, Dearborn. The university was not the only one bringing attention to hardware, with industry players also giving lectures on low-level, highly integrated embedded design analysis.

The sheer number and variety of talented individuals present at this year’s escar USA is all the proof needed to vouch for Michigan’s importance in the development of automotive cyber-security. Serving as the crossroads for the traditional automotive industry in Motor City and the new-age artificial intelligence research done in the Ann Arbor area, the mitten in the Midwest is poised to distinguish itself on a global scale. This reality is the driving motivation behind the opening of Trillium’s new Midwest Development and Operations Center. With a base of operations from which critical partnerships will be nurtured and maintained, Trillium hopes to be a leader in the advancements to come from the Great Lakes State.

Trillium Opens Michigan Cybersecurity Operations and R&D Center

Midwest Location Established to Meet Customer Demands

ANN ARBOR – June 21st – Trillium Secure, Inc., the global leader in cybersecurity platforms for vehicles and fleets, today announced the establishment of its Midwest Operations and R&D Center in Ann Arbor, Michigan.

“Trillium is exactly the kind of high-tech company we want here,” said Phil Santer, Senior Vice President for Ann Arbor SPARK, one of the area’s premier economic development organizations. Ann Arbor SPARK helped the company establish itself in downtown Ann Arbor.
“Customer demand for our products and services is fueling this expansion to Southeast Michigan,” said David Uze, Trillium President and CEO. “The Michigan R&D center enables us to support our growing list of automotive and fleet customers in the region. We provide commercial and government clients with lifecycle cybersecurity protection for their vehicles, fleets and vehicular data, a solution which none of our competitors can claim to deliver. We don’t claim it, we deliver it. This is our corporate mission.”
The new Operations and R&D center is led by John Davis, a University of Michigan graduate and native Michigander. Over the past 25 years, Davis has successfully launched three start-ups in the U.S. and overseas.

“Ann Arbor gives us close proximity to connected and autonomous vehicle testing sites and university research programs,” said Davis. “I’m thrilled to join the Trillium team.”

About Trillium Secure, Inc.

Trillium delivers a vehicular data lifecycle cybersecurity assurance solution. Its Trillium Secure platform provides a multi-layered solution for hardening connected and autonomous vehicles against cyber-attacks. It also provides authenticated operational and threat management data from fleet vehicles that preserves privacy, confidentiality and anonymity of data while at rest and in motion. Value-added service providers rely on secure and authentic data from Trillium for digital forensics, UBI, preventive maintenance, telematics, car sharing and other services. Trillium design centers and fleet security operation sites are located in Silicon Valley, Ann Arbor, Ho Chi Minh City and Tokyo. For more information, please visit www.trilliumsecure.com.

 

Penetration Testing: Beating Hackers to the Chase Through Offensive Security

As a basic rule of any defense system, knowledge of the opponent is imperative. In The Art of War, Sun Tzu states that “He who knows his enemy and knows himself need not fear the result of a hundred battles.” The wisdom behind these words undoubtedly applies to defense in the cyber realm as well. Hackers trained to exploit and break into a system think in entirely different ways from a system engineer, programming a cyber-security system. Given that someone with that set of skills is the most likely party to break through one’s cyber-defense, would a complete defense strategy be complete without the hacker’s perspective?

This reality is what spurs the penetration testing industry – an amplification of cyber defense based on offensive defense. By employing professional hackers to intrude upon one’s system, companies have the opportunity to discover weaknesses in their security in a controlled environment well in advance of product finalization. Defects discovered after deployment of a product can lead to expensive recalls if they can’t be remotely patched. In areas as heavily regulated as the automotive industry, heavy penalties can be incurred and the damage to the affected brand’s reputation may persist for years.

As new connectivity platforms get added to vehicles, the previously isolated internal networks become exposed to a sea of threats, many of which have never been explored in an automotive environment. The marriage between resource-constrained, streamlined ECU designed to only perform a limited number of tasks to the dynamic environment that is long-range wireless communications has brought about large numbers of unforeseeable data vulnerabilities. This has fueled a slew of programs dedicated to training personnel capable of testing these new connected car systems for exploits.

The demand for automotive penetration testing services is today high and is only expected to grow. With legislation threatening heavy fines for misuse of consumer data like the GDPR becoming more common, automotive OEM and fleet owners are more wary than ever. The long-term benefits to investing in pre-market penetration testing of automobiles and their accessories far outweigh the initial costs.

In order to ensure the integrity of any security solution, it must be as a high priority from the outset of any product design. By involving experts trained in the hacking and exploiting vulnerabilities early on in the phase of any project the risk of a costly exploit being found later on is heavily mitigated.

Trillium’s secure platform is built with a hacker first mind-set and the SecureGO, SecureIXS, SecureOTA and SecureSKYE modules are perpetually tested by an internal Red Team, the Car Hacking Community at conventions like Defcon and on-going partnerships with external actors. Continuous work with eco-system partners allow Trillium to ensure that its platform is the market leading solution for keeping connected and autonomous vehicles safe from hacker attacks.

Trillium and the Tanks: Cyber Security for Defense

This week in Detroit, Michigan, Trillium Secure, Inc. is attending the Vehicle Electrification Forum held by the US Army’s Tank Automotive Research Development and Engineering Center (TARDEC).
“TARDEC is identifying technologies and solutions for prompt deployment, as well as those to be used 30 years into the future. Vehicular cybersecurity is viewed as an enabler for most future technologies and military vehicles, from electrification, through autonomous vehicles, to robotics,” said Zoran Kehler, Trillium’s director of global strategy & aerospace and defense sales. “The goal is not to make vehicles unhackable—but rather to create cost-prohibitive barriers to hacking vehicles. Trillium, has been invited as a thought leader in our space, to provide our perspective on the threat spectrum and solutions that harden the vehicles.”

With its multiple flexible layers of security, Trillium’s solutions are primed to cyber secure the mission-critical military assets of the US armed forces and their allies. We look forward to further cooperation with our partners in the defense sector towards a military safe from cyber terrorism.

Trillium CEO Embarks On “Hack Across America” Tour

Six-month Campaign Raises Awareness About the Threat of Vehicular Cyber Attacks

SUNNYVALE, CA -June 4, 2018 – Trillium President and CEO David Uze is embarking tomorrow on a six-month road trip to publicize the reality of automotive cyber-attacks, commonly known as car hacking, an intrusion often done remotely using a digital device. The threat is real, and it exists today across industry sectors from cell phones to home computers to autonomous and connected vehicles.

Trillium’s mission is to provide lifecycle cybersecurity protection for vehicular data, whether for the family on vacation in their car or for the mechanisms in a military vehicle, designed to protect America’s interests on the battlefield. Uze and his fellow “cyber warriors” at Trillium are committed to educating the public about their multi-layered solutions that provide real-time protection in all types of vehicles from cars to trucks to military tanks.

Driving a Trillium-branded Tesla, Uze will crisscross America on several road trips, talking to drivers about their vehicles as “computers on wheels” that need cyber protection; visiting universities to encourage engineering students to join the war against cyber thieves; and talking to university professors about how Trillium can support more research into effectively fighting cyber-crime.  Periodically, Uze plans to stop at American landmarks to push the message out to the American public beyond the occasional news story about ransomware or a huge cyber breach. He wants people to know that it can happen to them.

“If you don’t believe a hacker can get into your car remotely using a digital device, you could end up being sadly mistaken,” said Uze. “Last month, a county executive in Michigan had his gun stolen from his car parked in front of his home. The video taken from the home’s security cameras clearly shows how it happened. The thief didn’t need to touch the vehicle to access the interior.”

Uze’s first stop is Southeast Michigan where he will visit Ann Arbor and Detroit.

“Trillium has a growing customer base in Southeast Michigan,” said Uze. “The issue of cybersecurity is recognized by vehicle makers, but we need to broadcast the Trillium message to all drivers that they can be hacked. Without cybersecure software in place, hackers can penetrate a vehicle’s systems in seconds through any number of attack vectors. They can open vehicle doors and windows, but even more frightening, they can take over a vehicle’s steering, steal personal information from a GPS system or shut the car down altogether. Trillium products will stop them.”

Trillium is the global leader in vehicular lifecycle cybersecurity assurance platforms.  Uze and his management team see this campaign as the first step in their quest to broaden the cyber-protection conversation. For example, fleets of vehicles are vulnerable to remote hacking as are autonomous vehicles which are currently under development by both public and private companies. Trillium works with these industry sectors and with aerospace and defense companies. The Department of Homeland Security hacked into a Boeing 757 as recently as last year.

Through its “Hack Across America” project, Trillium is doing its part to alert American drivers to hidden cybersecurity risks. For Trillium, the future is now, and speed is crucial to raising the hacking work factor thereby discouraging cyber-criminals.

About Trillium Secure, Inc.

Trillium vehicular lifecycle cybersecurity assurance platform provides a multi-layered solution for hardening connected and autonomous vehicles against cyber-attacks. Trillium’s SecureIOT platform provides authenticated operational and threat management data from fleet vehicles that preserves privacy, confidentiality and anonymity of data while at rest and in motion. Value-added service providers rely on secure and authentic data from Trillium for digital forensics, UBI, preventive maintenance, telematics, car sharing and other services. Trillium design centers and fleet security operation sites are located in Silicon Valley, Ann Arbor, Ho Chi Minh City and Tokyo. For more information, please visit www.trilliumsecure.com.

 

Trillium at TU-Automotive in Detroit

This week, from June 6-7, Trillium will be attending the TU Automotive conference in Detroit, Michigan. We will be running an exhibition booth showcasing our automotive In-Vehicle Network security and will be actively networking with our customers and automotive industry partners in the Metro Detroit area.

To schedule a private demonstration or discussion, please contact adrian.sossna@trilliumsecure.com.

Hack for the Strap – Car Hack Results in Stolen Pistol

On May 31st, 2018, Michigan Macomb County Executive Mark Hackel was the victim of an unfortunate crime. At about 4:00 AM that morning, a thief broke into Hackel’s car, stealing his lawfully registered 40-caliber semi-automatic Glock from his car’s central console. If it wasn’t for his neighbor tipping him off, however, he may have never known to check his car – there were no signs of a break-in, after all.

Thanks to a recording of the incident on his security camera, Hackel was able to discern the nature of the crime. Using a device to mimic the signal from the car’s key fob, the perpetrator was able to easily unlock the vehicle and get inside. This type of hack is unfortunately rather common – with several incidents of luxury vehicles being broken into in this exact same fashion. The issue comes with the added features one gets access to with a higher-end vehicle, such as remote starting and climate control capabilities. Any interface that allows a vehicle to communicate with a device outside of its chassis has the potential to be exploited and abused, putting the vehicle and its owner at risk.

This incident serves as a stark reminder of the looming danger that is automotive cyber-crime. While the vast majority of the public isn’t aware of the threat, it is slowly making itself a reality by preying on those unaware vehicle owners vulnerable to such exploitation. With even a county executive falling victim to such a crime, the public can no longer ignore the fact that this threat is already at their doorsteps. The fight against car hackers is not a new one, however. With improved community awareness and cutting-edge innovations in the automotive cybersecurity field from Trillium, the fight against automotive cyber-terrorism is far from an unwinnable one.