Your Car is a Data Goldmine

Once upon a time, our private data was simply a paper trail that grew with every signature we made. Today, all of us are kicking up little storms of data in the wake of our journey through life – every swipe, click, face ID scan, or Sunday afternoon drive produces a ton of information that is analyzed and monetized. Private data has always been sacred, but it’s now become a valuable resource that’s sought by social media companies, automakers and, unfortunately, cyber-thieves. That’s why your private data must be kept confidential, it should remain anonymous, and it needs to be secured.

 

One rich, and often overlooked, source of private data is your car. As Zeljka Zorz mentions in her HelpNetSecurity.com article, “Smart cars gather sensitive data such as location, the driver’s daily route, apps that are used…[opening] consumers to dangers they weren’t susceptible to before.” On the surface level, corporations can leverage the potency of today’s data analytics technology to deliver unwanted ads on your infotainment system or produce other driving distractions. But if you investigate deeper, it becomes clear that our smart cars’ connectivity is an attractive target to bad actors who can easily gain access to compromising information or even the mission-critical motor functions of your vehicle.

 

To guard against these contingencies, Trillium has developed a suite of cybersecurity products to protect your safety and the integrity of your data throughout the vehicle’s lifecycle. For example, Trillium SecureIXS software uses machine learning algorithms to detect anomalous data patterns in your car’s network communications to prevent hackers from stealing your data. Trillium’s products also ensure that fleet operators are following GDPR regulations, which mandates all companies securely manage their customers’ private data.

 

The car on the open road is a staple of Americana – it represents the joy of free movement and expression. Don’t let cyber-thieves hamper this freedom. Keep your connected car safe and your private data confidential.

Trillium Wins the Government Innovation Award

Trillium received the Government Innovation Award and joined the ranks of a select list of private-sector companies which government considers vital to its IT community. This year’s Industry Innovator award recipients were recognized as disruptors, innovators, and emerging leaders in the IT industry.

Trillium’s leadership role in the vehicle cybersecurity and secure data lifecycle management industries continues to be acknowledged at conferences, trade shows and competitions around the world. Join us at the Government Innovation Awards dinner on November 8th at the Ritz-Carlton Tysons Corner!

Why Securing Your Fleet’s Data is the Secret Sauce

More data is collected from a vehicle than you can imagine – all the basics, like real-time location, fuel levels and odometer readings, are easily accessible and ready for analysis by fleet owners. There are also ELD devices that track the number of hours your drivers are working for. If they go over the allotted hours of service then they are breaking the law so if you don’t have them on your fleet then it is worth looking at this review to find the best one. But there are hundreds of other data points which fleet owners can tap into to learn where their real competitive advantages lie. For example, fleet owners can decisively reduce their operational costs (and enhance safety!) by gaining insights on whether drivers are wearing seatbelts, how long each engine has idled, and if a blinker was engaged before turning. Did yo know that there’s dedicated insurance for fleets too? As Christina Rogers wrote in her article with the Wall Street Journal, this large data set can be contextualized, analyzed and leveraged to drive profitability and growth.

Vehicle data should be secured and properly managed throughout its entire lifespan just like any other closely guarded trade secret. Numerous auto-makers and their affiliated services are already monetizing this rich, new source of data. For example, McKinsey & Co. estimates data from connected cars will be valued at up to $750 billion by 2030. This trend will only accelerate as newer vehicle models come equipped with cellular modems, driver assistance devices, and other digital services. Fleet owners, such as delivery truck or car rental companies, stand to benefit the most from this sea change beginning with enhanced operational efficiencies and new opportunities for employee training.

On the other side of the equation, there are inherent risks with unsecured data points generated by vehicle fleets. For example, the GPS coordinates of individual vehicles can be spoofed, or worse, malicious code can be dropped into vulnerable infotainment systems leading to catastrophic system failures. To mitigate these risks and deter motivated cyber-attackers, subscribing to a cybersecurity service is a sound business judgment to secure data and to ensure fleets are operating nominally.

Trillium is a leader in providing secure data lifecycle management and cybersecurity solutions for vehicle and fleet operators. In addition to ensuring the integrity, authenticity and security of fleets’ data, Trillium Secure anonymizes it for fleet operators’ peace-of-mind when it comes to regulatory compliance. In other words, Trillium works to protect your data – that is – your secret sauce!

DefCon 2018: The Best Until the Rest

As the sun sets on Las Vegas, so ends the final day of DefCon 26. This year’s rendition of the hacking convention was just as full of content as its predecessors, with more speakers, workshops, vendors and villages than ever before. The coveted “Black Badges,” prizes given to winners of the best hacking competitions have found their homes in the hands of the best hacking teams from around the world.

Despite not being a Black Badge competition, the iconic Car Hacking Village too saw its best year yet. The Capture the Flag challenges this year featured disembodied head units, decapitated dashboards, riveting reverse-engineering challenges an escape from a Ford Escape and more. The challenges construed by experts in automotive cybersecurity such as GRIMM, Intrepid Control Systems, and Rapid7 gave the audience of newcomers and long-time enthusiasts plenty of material to explore in every aspect of automotive security engineering. The fierce competition was only outmatched by the enthusiasm shown by the teams as they pitted themselves against one another to compete for the first prize – a full size Polaris ATV.

All in all, Trillium is proud to have participated once again in this year’s Car Hacking Village, bringing our own CTF to the table for the best in the industry to test their skills against. As was the case last year, however, the Pass GO challenge remains uncracked. We look forward to the CHV community’s continued interest in our products and services through our up and coming automotive cyber-security sandbox environment to be released in October. Thanks again for a great event, DefCon, and we’ll see you again next year!

PassGO Holds Strong!

The second full day of the Car Hacking Village has come to an end, seeing hours of attempts at the Trillium PassGO challenge. Despite the efforts of so many participants, the challenge has yet to see defeat. Stay tuned for the exciting conclusion of this year’s Car Hacking Village!

Donkey Cars? That’s What They Call Them!

This year’s Car Hacking Village featured a race between Donkey Cars – the newest “build your own” autonomous car fad in the industry. Teams brought their own home-grown self driving cars to race on an obstacle course designed to push the cars’ autonomy to its limit. Many thanks to the Car Hacking Village for always keeping things exciting year to year!

Car Hackers at Work: DefCon CTF Challenges in Full Swing

A staple part of the DefCon experience, the Car Hacking Village and its Capture the Flag challenge is going strong into its second day. The competition is fierce, with teams from all over the world competing for the grand prize – a Polaris ATV! Stay tuned for more updates from the floor.

 

Car Hacking Village: A Fruitful First Day

After a long day of car hacking the Hack Across America brigade rests under palm trees and the starry sky of Las Vegas. See you again tomorrow, DefCon!

Back to the Hack! Trillium at Defcon’s Car Hacking Village Two Years in a Row!

The Trillium team is back at Defcon’s Car Hacking Village, running the Pass GO CTF challenge and encouraging interest in automotive cyber security. Stop by for a chance to win an all-expenses paid week in Tokyo!

Educational Playtime: Penetration Testing Sandboxes

Cybersecurity is not an easy field to get into. The hours of training and prerequisite knowledge needed for one to fully participate in such an environment are daunting and often prohibitive of newcomers in the field. Despite being present for decades, the topic has seen some of the most rapid expansion and shift in scope of any technical field in history. While there is no shortage of resources detailing the ins and outs of all types of cyber-security, they are often locked behind thousands of dollars’ worth of classes and training. With the help of the internet, however, many firms around the world have begun sharing their experience through free, online “sandbox” systems that allow an aspiring hacker or cybersecurity developer to hone their skills.
One well-known example of this type of free-to-play sandbox is run by microcorruption.com, a website dedicated to teaching the basics of embedded software security. By giving the user a virtual disassembler to analyze embedded assembly code reverse-engineered from a mock target, the user gets to follow the entire process of cracking the password to a “warehouse” located somewhere in the world. The challenges are by no means easy, increasing in difficulty as the user proceeds through the levels, however they aren’t impossible either – every level has a way forward, it’s just up to the user to find their way through.
In line with our dedication to bring awareness to the need for cybersecurity in connected and autonomous vehicles, Trillium is developing an online remote penetration testing module specifically designed to introduce users to the basics of automotive security. By guiding the user through the process of discovering and exploiting vulnerabilities in an imaginary vehicle’s telematics unit and putting them in contact with the vehicle’s CAN bus, visitors will have the opportunity to see the security needs at every level in connected vehicle communications. By bringing the user to a terminal in contact with a real-life Trillium BrainBOX hardware module, the highest-quality user experience is achieved, along with a peek into the profound protection provided by Trillium’s SecureGO IVN security.
Community-driven, free-to-use educational platforms such as those listed above are the manifestation of what cybersecurity is all about – preparing the world to be safer and more secure for everyone. Without a culture of security by design emphasized at every level of society, humanity sees no greater threat to the connectivity-driven future than cyber-crime.