CEO David Uze is Charged and Ready for Hack Across America

Trillium Secure CEO David Uze is hitting the road again to raise awareness among ordinary drivers, students, and major players in the automotive industry about the clear and present danger of car hacking. He departs this morning from Trillium headquarters in Sunnyvale and is headed to Mobile World Congress in Los Angeles to run the company’s booth in Hall West (Stand W.224C).

 

Just this week, Wired reported that KU Leuven researchers recently discovered wide-open vulnerabilities in several high-end car makers’ key fobs. To address how cybersecurity technology and secure data services can be implemented to prevent these types of attacks, Mr. Uze will be driving cross-country in a Trillium-branded electric vehicle and making a series of stopovers at research institutions.

 

The first stopover for this phase of Hack Across America will be the University of California Los Angeles, where Mr. Uze will meet with members of the Engineering Society and encourage students to learn more about the booming automotive cybersecurity industry. He will also talk about recruitment opportunities and how talented, curious, and driven students can gain experience in entrepreneurship and hands-on technology development. During the engagement, Trillium engineers will introduce the company’s cloud-based PassGO Hacking Challenge and invite passionate students to test their white hat skills.

 

Check back regularly to see if David and his colleagues will be stopping by a university near you!

Your Company’s EV Charging Station is a Prime Target for Car Hackers

Electric vehicle charging stations are the latest workplace perks used to attract the hottest engineering talent (are you the Tesla guy at your company?). But did you know that the charging port is one of the most vulnerable attack surfaces on your car?

 

A simple skimming device, similar to the ones used in ATM fraud, can easily be made and deployed on a charging station by a motivated attacker. When an unsuspecting employee plugs-in his or her electric vehicle and heads into the office, the skimming device can gain access to the private information stored on the electric vehicle’s onboard computers. This type of hacker exploit has been identified by cybersecurity experts as a weakness for charging providers.

 

Yaroslava Ryabova wrote an excellent article on the vast range of problems related to infrastructure cybersecurity due to industry players rushing unsecured charging stations to market. Some of your most private information can be viewed, modified or even deleted from your car’s in-vehicle network. In addition, an increasing number of cars are adding cell phone mirroring dashboards that enable drivers to project mobile content to the vehicle’s infotainment system. If a car hacker gained access to your infotainment system via the charging port, they could theoretically view your music playlist, frequently visited locations and, of course, your credit card information. Moreover, a chain of vulnerabilities could allow the car hacker to gain access to your company’s information from your Bluetooth connected company phone, including work-related emails, text messages, and stored files. Potential motives may include financial gain through a ransomware attack or to steal trade secrets.

 

The most horrific consequences of an electric vehicle hack could be tricking the car’s battery into thinking it has not been fully charged. Disabling the surge management system could trigger a powerful explosion causing significant damage to the car, the surrounding area, and its occupants.

 

Thankfully, Trillium’s engineering team has developed SecureIXS, one component of the company’s multi-layered cybersecurity solution that prevents would-be cyber-attackers from gaining access to your electric vehicle’s onboard computers. SecureIXS uses a firewall and machine learning algorithms to detect anomalous data patterns, such as an unauthorized request to access your private data while charging. Cutting-edge solutions like SecureIXS are a critical piece to the widespread adoption of electric vehicles and the nation-wide deployment of charging infrastructure.

Your Car is a Data Goldmine

Once upon a time, our private data was simply a paper trail that grew with every signature we made. Today, all of us are kicking up little storms of data in the wake of our journey through life – every swipe, click, face ID scan, or Sunday afternoon drive produces a ton of information that is analyzed and monetized. Private data has always been sacred, but it’s now become a valuable resource that’s sought by social media companies, automakers and, unfortunately, cyber-thieves. That’s why your private data must be kept confidential, it should remain anonymous, and it needs to be secured.

 

One rich, and often overlooked, source of private data is your car. As Zeljka Zorz mentions in her HelpNetSecurity.com article, “Smart cars gather sensitive data such as location, the driver’s daily route, apps that are used…[opening] consumers to dangers they weren’t susceptible to before.” On the surface level, corporations can leverage the potency of today’s data analytics technology to deliver unwanted ads on your infotainment system or produce other driving distractions. But if you investigate deeper, it becomes clear that our smart cars’ connectivity is an attractive target to bad actors who can easily gain access to compromising information or even the mission-critical motor functions of your vehicle.

 

To guard against these contingencies, Trillium has developed a suite of cybersecurity products to protect your safety and the integrity of your data throughout the vehicle’s lifecycle. For example, Trillium SecureIXS software uses machine learning algorithms to detect anomalous data patterns in your car’s network communications to prevent hackers from stealing your data. Trillium’s products also ensure that fleet operators are following GDPR regulations, which mandates all companies securely manage their customers’ private data.

 

The car on the open road is a staple of Americana – it represents the joy of free movement and expression. Don’t let cyber-thieves hamper this freedom. Keep your connected car safe and your private data confidential.

Trillium Wins the Government Innovation Award

Trillium received the Government Innovation Award and joined the ranks of a select list of private-sector companies which government considers vital to its IT community. This year’s Industry Innovator award recipients were recognized as disruptors, innovators, and emerging leaders in the IT industry.

Trillium’s leadership role in the vehicle cybersecurity and secure data lifecycle management industries continues to be acknowledged at conferences, trade shows and competitions around the world. Join us at the Government Innovation Awards dinner on November 8th at the Ritz-Carlton Tysons Corner!

Why Securing Your Fleet’s Data is the Secret Sauce

More data is collected from a vehicle than you can imagine – all the basics, like real-time location, fuel levels and odometer readings, are easily accessible and ready for analysis by fleet owners. But there are hundreds of other data points which fleet owners can tap into to learn where their real competitive advantages lie. For example, fleet owners can decisively reduce their operational costs (and enhance safety!) by gaining insights on whether drivers are wearing seatbelts, how long each engine has idled, and if a blinker was engaged before turning. As Christina Rogers wrote in her article with the Wall Street Journal, this large data set can be contextualized, analyzed and leveraged to drive profitability and growth.

 

Vehicle data should be secured and properly managed throughout its entire lifespan just like any other closely guarded trade secret. Numerous auto-makers and their affiliated services are already monetizing this rich, new source of data. For example, McKinsey & Co. estimates data from connected cars will be valued at up to $750 billion by 2030. This trend will only accelerate as newer vehicle models come equipped with cellular modems, driver assistance devices, and other digital services. Fleet owners, such as delivery truck or car rental companies, stand to benefit the most from this sea change beginning with enhanced operational efficiencies and new opportunities for employee training.

 

On the other side of the equation, there are inherent risks with unsecured data points generated by vehicle fleets. For example, the GPS coordinates of individual vehicles can be spoofed, or worse, malicious code can be dropped into vulnerable infotainment systems leading to catastrophic system failures. To mitigate these risks and deter motivated cyber-attackers, subscribing to a cybersecurity service is a sound business judgment to secure data and to ensure fleets are operating nominally.

 

Trillium is a leader in providing secure data lifecycle management and cybersecurity solutions for vehicle and fleet operators. In addition to ensuring the integrity, authenticity and security of fleets’ data, Trillium Secure anonymizes it for fleet operators’ peace-of-mind when it comes to regulatory compliance. In other words, Trillium works to protect your data – that is – your secret sauce!

DefCon 2018: The Best Until the Rest

As the sun sets on Las Vegas, so ends the final day of DefCon 26. This year’s rendition of the hacking convention was just as full of content as its predecessors, with more speakers, workshops, vendors and villages than ever before. The coveted “Black Badges,” prizes given to winners of the best hacking competitions have found their homes in the hands of the best hacking teams from around the world.

Despite not being a Black Badge competition, the iconic Car Hacking Village too saw its best year yet. The Capture the Flag challenges this year featured disembodied head units, decapitated dashboards, riveting reverse-engineering challenges an escape from a Ford Escape and more. The challenges construed by experts in automotive cybersecurity such as GRIMM, Intrepid Control Systems, and Rapid7 gave the audience of newcomers and long-time enthusiasts plenty of material to explore in every aspect of automotive security engineering. The fierce competition was only outmatched by the enthusiasm shown by the teams as they pitted themselves against one another to compete for the first prize – a full size Polaris ATV.

All in all, Trillium is proud to have participated once again in this year’s Car Hacking Village, bringing our own CTF to the table for the best in the industry to test their skills against. As was the case last year, however, the Pass GO challenge remains uncracked. We look forward to the CHV community’s continued interest in our products and services through our up and coming automotive cyber-security sandbox environment to be released in October. Thanks again for a great event, DefCon, and we’ll see you again next year!

PassGO Holds Strong!

The second full day of the Car Hacking Village has come to an end, seeing hours of attempts at the Trillium PassGO challenge. Despite the efforts of so many participants, the challenge has yet to see defeat. Stay tuned for the exciting conclusion of this year’s Car Hacking Village!

Donkey Cars? That’s What They Call Them!

This year’s Car Hacking Village featured a race between Donkey Cars – the newest “build your own” autonomous car fad in the industry. Teams brought their own home-grown self driving cars to race on an obstacle course designed to push the cars’ autonomy to its limit. Many thanks to the Car Hacking Village for always keeping things exciting year to year!

Car Hackers at Work: DefCon CTF Challenges in Full Swing

A staple part of the DefCon experience, the Car Hacking Village and its Capture the Flag challenge is going strong into its second day. The competition is fierce, with teams from all over the world competing for the grand prize – a Polaris ATV! Stay tuned for more updates from the floor.

 

Car Hacking Village: A Fruitful First Day

After a long day of car hacking the Hack Across America brigade rests under palm trees and the starry sky of Las Vegas. See you again tomorrow, DefCon!