Hack Across America’s Latest Stop is the University of Detroit Mercy

Cybersecurity is a hot subject area on university campuses nationwide. In particular, schools in the state of Michigan are refining curricula to produce professionals capable of defending against the increasingly complex nature of cybercrime and intrusion in both government and industry.

 

That’s why Trillium’s latest stop on the Hack Across America tour was the University of Detroit-Mercy (UDM). The school is a Department of Homeland Security (DHS) and National Security Agency (NSA) designated Center of Academic Excellence in Cyber Defense (CAE-CD). Over forty students attended the engagement on UDM’s campus on November 8th, 2019.

 

During the presentations given by Trillium’s sales engineer and cloud engineer on the need for securing the data generated by connected vehicles, UDM students were engaged and asked many questions. They exhibited a strong grasp of encryption technologies, familiarity with CAN bus networks, and deep interest in work placements at Trillium’s Ann Arbor office location. The two-hour discussion which followed the presentations was marked by intense curiosity about Trillium’s multi-layered cybersecurity solution, its online car hacking simulation called PassGO, and how a trusted mobility platform and data management services can be deployed to make connected vehicles safe.

 

To find out where the next CAE-CD stop of Hack Across America will be, follow Trillium Secure on LinkedIn, or visit www.trilliumsecure.com.

Vehicle Safety is Synonymous with Vehicle Security

Drivers used to think of vehicle safety systems as strictly mechanical elements like seat belts, brakes, and crunch zones. But today, safety systems have become completely dependent on electronics and sensors – airbags, ABS, blind spot indicators, cruise control, lane departure warning, automatic emergency braking, just to name a few. This makes sense considering how rapidly safety tech has evolved, the value of marketing the assurance of safety in a vehicle, and the countless lives saved by automated safeguards.

 

But what happens when the integrity of data generated by safety tech comes into question? Who is liable if a hacker manipulates the data sent by a blind-spot detection safety system and the orange or red indicator remained unlit as a car sped past? This issue is very important because of the overriding need to be safe and to feel safe when on the road. The damage to a vehicle brand, and the liability to a business that sells unsafe vehicles, is long and far reaching. In some cases, it is unrecoverable. Therefore, as modern vehicles become more connected and automated, the biggest reason for security is safety.

 

Many fundamental driver controls, such as headlamps or automatic door locks, have a dual purpose as a safety device. What is not well understood in the mobility industry is that vehicle security also has a dual purpose as a safety device. This is true because safety devices are vulnerable to attacks and indeed threaten driver and passenger safety, as detailed in Andy Greenberg’s article in Wired.

 

Another aspect of vehicle safety that is often overlooked is data privacy. As automakers increasingly market themselves as technology companies, it’s important to note that tech titans, such as Microsoft CEO Satya Nadella and Apple CEO Tim Cook, view data privacy as a human right and welcome stringent privacy standards. When it comes to connected vehicles, safety and data privacy are two sides of the same coin. For example, many modern vehicles feature real-time GPS information – it takes just a short stretch of the imagination to consider the consequences of an angry spouse who is able to easily track the location of a person fleeing from domestic abuse. In other words, leaders in the mobility industry who are concerned about driver safety must consider data privacy, in addition to security, as a benchmark for evaluating vehicle systems.

 

The mobility industry is connecting vehicles in all sorts of ways via Bluetooth, WiFi, LTE, and OBD-2 to name a few. Each of these access surfaces are a magnet for hackers and bad actors. What is still in the process of becoming better understood is the mounting liabilities associated with vulnerable safety systems and unprotected driver data. Trillium’s trusted data management platform mitigates the risks of operating connected vehicle fleets. Learn more about Trillium’s secure platform as a service at www.trilliumsecure.com

Who Has Access to Data From Connected Vehicles?

In an informative article written by Bryan Jonston, it’s made clear that there’s a disconnect between consumers and vehicle manufacturers about who should have exclusive access to vehicle data, according to a survey conducted by Ipsos.

86 percent of vehicle owners and lessees believe car owners should have full access to and control of their vehicle’s data, including maintenance and repair information, says a survey released by the Auto Care Association. Additionally, 88 percent of consumers believe a vehicle’s owner should decide who has access to this data.

It’s true that the public has a low level of awareness regarding driver and vehicle data, known as telematics; however, people still feel entitled to accessing the data that their vehicles generate despite not having a clear idea about what is being collected and sent to the cloud. On the other hand, there has been clear indications that commercial fleet owners have begun tapping into this lake of data.

Having the means to securely access and confidently analyze vehicle-generated data is the key to keeping personal information private or reducing the cost of operating fleets of vehicles. Automakers and fleet owners are in advantageous positions to leverage data for monetization purposes, but also have the responsibility to secure telematics systems against cyber-attack.

Infotainment system suppliers like Harman can also access connected car data, especially when assisting law enforcement for digital forensics. A myriad of new use-cases is being spawned right now, including advanced remote diagnosis and enhanced driver safety, as the goldmine of vehicle data is further explored.

What’s needed to bridge this information divide between consumers and the automotive industry is trust. Widening the number of parties that can drink from the firehose of data being generated by connected cars will unleash a new wave of innovation. This untapped market will grow faster thanks to Trillium’s leadership in creating a trusted ecosystem for connected vehicles and next-generation mobility services. Trillium – championing the cause of making connected cars safe.

Trillium Spotlights Security and Data Monetization at CEATEC Japan 2018

The Trillium team harkened back to its roots in Japan during the CEATEC (Combined Exhibition of Advanced Technologies) 2018 event, which took place from Oct. 16 – 19 at Makuhari Messe. Much has changed since Trillium began as a small outfit of engineers working towards securing IoT devices using lightweight encryption technology – the proliferation of connected devices, and the explosion of data they generate, has brought a wealth of opportunities and conveniences to all aspects of life. As such, Trillium used its presence at this year’s CEATEC to highlight the company’s leadership position in automotive cybersecurity, and its unique position to enable the growing number of monetizable services arising from connected car data.

CEATEC Japan was the perfect stage for Trillium to show the world how it’s fueling the trusted mobility revolution – the event attracts close to 700 exhibitors and over 150,000 attendees each year. Trillium took the spotlight a total of three times, first during the Plug and Play Startup Pitch event (Mobility); next, at the Cutting-Edge U.S. Technology Showcase (Cybersecurity) in Co-Creation Park; and during the CEATEC Cybersecurity Keynote Sessions when CEO David Uze addressed the audience on “Security, Safety and Monetization Opportunities in the Connected Vehicles Era” alongside speakers from Symantec, Crowdstrike, and Lookout.

Mr. Uze put into context well-known car hacks such as the Jeep whose brakes and steering were demonstrated to be vulnerable to remote take-over, and what it meant for internet connected vehicles: innovation is a wonderful thing until someone gets injured or worse. Where human safety is concerned both inside and outside the vehicle, basic common sense tells us that particularly with regards to mobility, innovation requires trust. That trust extends not only to all of the complex features and functions associated with connectivity and self-driving capabilities, but also to the resilience of the vehicle against cyber threats and bad actors.

Mr. Uze shared how Trillium will lead the trusted mobility revolution by securing vast amounts of data harvested from connected cars for a growing number of monetizable services. He teased Trillium’s data management dashboard called SecureSKYE, which will be demonstrated at CES 2019, to draw implications for fleet operators, automotive OEMs, insurance companies and network service providers on the game-changing nature of trusted access to vehicle data.

Trillium benefited from participating at CEATEC, a showcase for innovative solutions to society’s problems, because a highly-receptive audience understood Mr. Uze’s main point: smart tech does not evolve without secure tech. Indeed, vulnerable smart tech translates directly into a “high-value target” for hackers since there is more reward. Moreover, there’s enormous unrealized revenue if connected vehicle data is secured and extracted in a protected way through Trillium’s innovative technologies.

Reporting Live from Global Sales Summit Japan

It’s early-October and the morning air is pleasantly crisp in Tokyo. Over twenty-five Trillium employees have flown from all over the world – Ann Arbor, Silicon Valley, Belfast, Paris, Shanghai – to gather in the France-Japan Chamber of Commerce boardroom to discuss what we’ve accomplished, the challenges we face, and the roadmap to making Trillium Secure an incredible success.

 

The Global Sales Summit (GSS) is a biannual four-day marathon of progress reports, project proposals, and brainstorming sessions to get all global team members on the same page. For example, Ross Hirschi, Trillium’s Director of Engineering, gives a detailed account of multiple innovative products that are in the pipeline. Next, Dan Viza, Director of Global Business Development and Strategy, presents a farsighted overview of Trillium’s ambitious goals in the connected vehicle data industry. And, David Uze, Trillium’s tireless president and CEO, paces to-and-fro while actively providing feedback on sales funnels, giving encouragement for upcoming pitch competitions, and getting excited when new requirement use-cases are identified for blue ocean opportunities. For ten hours straight. Then we all hit the town together, get some rest, and do it again.

 

There are rules, but they can be bent. Like how a new policy for granting cash rewards to high-performing engineering teams was swiftly proposed and approved. We raise our hands when a colleague asks for help because they’re like family – at 1 AM, you can find ten Trillium team members sitting in a row outside a ramen shop, slurping and cooing with pleasure over delicious broth. We work hard as hell, but we play hard too. Like how David Uze takes his calls while listening to world-class jazz musicians in Roppongi Hills and turns on a mobile hot spot for the phalanx of global employees around him – his Hawaiian shirt stands out from the crowd of white, blue and plaid shirts and he snaps rhythmically while discussing a new office opening in Belfast, Northern Ireland with his Head of Finance.

 

It’s safe to say that GSS is like nothing I’ve experienced before – it’s a methodical, creative, and expansive exercise in how a tough company like Trillium is disrupting industries that increasingly depend on secured data. But more importantly, GSS is the chance to experience, contribute to, and embrace other Trillium team members’ expertise to propel the company into the stratosphere. Despite the grueling schedule, I’m hungry for more. And it’s only day 3!

Team Trillium Sponsors InsureTech Connect 2018

The conversations at InsureTech Connect 2018 (ITC 2018), the world’s largest gathering of insurance leaders and innovators, always veered back to data and cybersecurity –Trillium Secure was the only vehicle cybersecurity company that sponsored ITC 2018 as part of the Plug and Play cohort.

 

The event took place in Las Vegas’ MGM Grand between October 2-3. ITC 2018 attracted 6,000 attendees and Team Trillium engaged numerous high-value partners and clients who are concerned about how the proliferation of connected car data will impact their businesses. Trillium’s main message was that insurance companies must have a cybersecurity partner to analyze vehicle-generated data, and to succeed in the autonomous-driven future.

 

“We are definitely coming back next year to InsureTech Connect,” said David Uze, CEO of Trillium. “The insurance community is searching for the right solution to protect, harvest, and analyze data from connected vehicles and Trillium’s trusted mobility services captivated the attendees at ITC 2018.”

 

Usage-based insurance was a big theme at this year’s event and many participants were interested in how to complement their vehicle health data sets with additional data points on driver behavior. Trillium’s sponsorship of ITC 2018 shed critical light on how valuable vehicle data, once secured against cyber-attack, enables insurance companies to build innovative new products in a changing market space where the number of automobile accidents decrease as self-driving car technology matures.

 

“Trillium’s subscription-based model for providing lifecycle protection, threat management and data analytics generated huge interest at ITC 2018,” said Dan Viza, vice president, global business development and strategy. “Our holistic, multi-layered vehicle cybersecurity platform struck a chord with key players in the insurance and telecommunications industry.”

The Urgent Need for Key Fob Cybersecurity

As Phoebe Wall Howard writes in her excellent Detroit Free Press article, car key fobs are extremely vulnerable to cyber-attacks.

 

“There’s technology out there that allows people to [walk up to a car and remotely open it],” said former Macomb County sheriff Mark Hackel. Mr. Hackel fell victim to a key fob hack this past May, when a criminal gained access to his vehicle and stole a pistol that was stored in the console. What’s more alarming is that car hackers can remotely start your car’s engine, and even extract your personal information by exploiting fundamental flaws in key fob and keyless entry technology.

 

These flaws are being exploited by bad actors who employ man-in-the-middle (MITM) and relay attacks – the two most common ways to take advantage of an unsecured key fob. Man-in-the-middle attacks involve a radio device that intercepts, clones, and replays communications between two endpoints. The ease with which car hackers can perform MITM attacks is being widely publicized, especially after researchers from the University of Birmingham and the German engineering firm Kasper & Oswald revealed that over 100 million Volkswagen vehicles have vulnerable keyless entry systems.

 

The other common method of compromising a key fob’s security is a relay attack, which is executed by detecting and amplifying the keyless entry system’s signal. Signal amplification can trick a vehicle into thinking the key fob is much closer than it actually is, triggering doors to open, starting the car’s engine, and enabling a car hacker to drive away without a trace. These are a significant sub-set of cyber-attacks that the automotive industry faces today. But, leaders in the cybersecurity industry are developing technologies to head off this threat.

 

“Trillium is developing end-to-end cybersecurity solutions that mitigate the risks of key fob vulnerabilities, and protect data generated by vehicles for its entire lifecycle,” said David Uze, President and CEO of Trillium Secure at the Auto-ISAC Cybersecurity Summit in Detroit.

 

As a Trusted Mobility Services provider, Trillium is developing technologies to protect drivers’ key fobs against MITM and relay attacks. Trillium secures data from its origin to its retirement for all mobility, transportation, and vehicle services. To learn more about how Trillium’s cybersecurity platform protects vulnerable data today and tomorrow, visit https://trilliumsecure.com.

Highlights from Mobile World Congress Americas 2018

Mobile World Congress Americas (MWCA), the world’s largest exhibitionfor the mobile industrytook place this year in Los Angeles between September 12-14. Last year’s show in San Francisco brought in around 22,000 attendees, and the organizers expect this year’s show to easily top that.

 

Trillium exhibited in the 4 Years From Now (4YFN) section, a specialized area that celebrates innovative startups whose technologies will impact the world in the near future. This program returned for a second year at #MWCA18, enabling startups, investors, corporations and public institutions to connect and launch new ventures together from all around the world.

 

“We met a broad spectrum of valuable partners and had the chance to hold in-depth conversations with representatives from wireless carriers and the investment community,” said David Uze, CEO of Trillium. “I communicated to the right audience about 5G and IoT vulnerabilities, and personally met with dozens of talented engineering recruits and seasoned business development candidates.”

 

The theme of this year’s event was “Imagine a Better Future,” and the bustling atmosphere of the exhibition floor reflected the optimism and excitement expressed by keynote speakers from AT&T, Verizon and Nokia. Sprint’s Executive Chairman Marcelo Claure headlined the event saying, “There are three reasons why 5G is a quantum step forward in connectivity performance: ultra-high speeds, ultra-low latency, and the Internet of Things for billions of devices. And there are many amazing use cases that will enable a number of consumer innovations.”

 

5G was one of the biggest talking points at the event, all over the exhibition floor, and in most keynote sessions. There were several interesting use cases of the new radio access technology on display at Innovation City, and the conference program featured over 400 speakers highlighting other topics such as artificial intelligence, IoT, cybersecurity, content and media, drones, blockchain, policy and regulation. Team Trillium engaged with a Tier-1 mobile operator about autonomous driving and V2X use cases as some of the key drivers of their 5G investments and network rollout.

 

It’s difficult to closely examine what happened at the mobile industry’s key event in Los Angeles without talking about Hollywood and the entertainment industry at-large. Entertainment is one of the leading drivers of the mobile telecom industry; moreover, content distributors such as Facebook, YouTube, Netflix and Amazon Prime already make up a gigantic part of mobile network traffic. With the U.S. set to lead the 5G revolution, the three largest mobile operators are already touting new mobile 5G networks as the foundation for video consumption everywhere.

 

While the potential benefits of nationwide 5G deployment dominated MWCA 2018, many representatives from the automotive, aerospace, maritime, and drone industries visited Trillium’s booth to learn more about its multi-layered cybersecurity platform and secure data lifecycle services.

 

“The amount of interest in our technology, from people of so many industries and backgrounds, really hit home how important data security is to every aspect of society,” said Kamel Ghali, field applications engineer at Trillium.

 

“The most exciting portion of MWCA for me was meeting with a representative from the Department of Homeland Security,” said Zoran Kehler, vice president and director of aerospace and defense programs at Trillium. “We learned a lot about DHS’ advanced research organizations and advanced research programs and discussed how Trillium can become involved in many more U.S. homeland security projects through DHS.”

 

There were also many MWCA attendees from the investment banking and public sector who gave their attention to Trillium’s holistic and multi-layered approach to protecting vehicles from cyber-attack and keeping private information confidential.

 

Dan Viza, vice president and director of strategy at Trillium added, “Our first participation at MWCA was a great success and a significant milestone for us to be selected to participate in the 4YFN exhibit which recognized Trillium as a disruptor in the cybersecurity space. We engaged with many new, high-quality contacts, including productive meetings with key players in the mobile industry and investment banks.”

 

After three full days manning the booth at MWCA, Team Trillium is headed next to the Automotive ISAC Summit in Detroit from September 25-26.

CEO David Uze is Charged and Ready for Hack Across America

Trillium Secure CEO David Uze is hitting the road again to raise awareness among ordinary drivers, students, and major players in the automotive industry about the clear and present danger of car hacking. He departs this morning from Trillium headquarters in Sunnyvale and is headed to Mobile World Congress in Los Angeles to run the company’s booth in Hall West (Stand W.224C).

 

Just this week, Wired reported that KU Leuven researchers recently discovered wide-open vulnerabilities in several high-end car makers’ key fobs. To address how cybersecurity technology and secure data services can be implemented to prevent these types of attacks, Mr. Uze will be driving cross-country in a Trillium-branded electric vehicle and making a series of stopovers at research institutions.

 

The first stopover for this phase of Hack Across America will be the University of California Los Angeles, where Mr. Uze will meet with members of the Engineering Society and encourage students to learn more about the booming automotive cybersecurity industry. He will also talk about recruitment opportunities and how talented, curious, and driven students can gain experience in entrepreneurship and hands-on technology development. During the engagement, Trillium engineers will introduce the company’s cloud-based PassGO Hacking Challenge and invite passionate students to test their white hat skills.

 

Check back regularly to see if David and his colleagues will be stopping by a university near you!