Ride-Sharing: Paving the Way for the Future of Transportation

Since their introduction into the transportation landscape, ride sharing companies such as Uber, Lyft, Gett, and MOIA have changed the way travel is viewed for an entire generation of riders. Filling a gap in the industry left by traditional public transportation and private vehicle ownership, ride sharing services are set to be a focal part of the transportation landscape of tomorrow. Their impact is already being seen today, with new buildings in cities like Chicago already accounting for people arriving through ride-share by reducing the number of parking spots made.

A large part of what makes fleets of ride share cars so powerful is their ability to gather large amounts of data over a long period of time. The data gathered includes that of routes traveled, time in transit, popular destinations/starting points, vehicle condition, and more. This is possible thanks to advancements in vehicle connectivity, allowing tire pressure monitors, GPS modules, and Electronic Control Units to send their data to a backend server through cellular networks and Wi-Fi.

Of particular use to fleet owners seeking to manage their vehicles is the diagnostic data that can be collected from the different components in the vehicles. Dashboard alerts that can sometimes be missed by drivers can be foregone in favor of direct notifications to the fleet management server, alerting the owner of the vehicle more effectively. This data can also be analyzed over long periods of time, and through the use of analytical algorithms pre-emptive maintenance can be applied, saving time and money by detecting potentially costly faults ahead of time.

With the ability to gather data from millions of vehicles at once, the mobility of the future will continue to be refined, leading to new innovative smart mobility solutions. With the efficiency provided by car-pooling-based ride sharing services, the transportation of tomorrow is set to improve the environment, human work rate, and overall community productivity.

GDPR and Your Connected Car

On May 25th 2018, the General Data Protection Regulation (GDPR) passed by the EU in 2016 will begin to take effect. This set of regulation standards for the handling of European citizens’ data is an unprecedented document in the history of data protection policy, bringing to these issues a level of clarity rarely seen in legislation.

The regulation dictates many policies for anyone that offers products or services to consumers in the EU, regardless of the location of the provider. All policies veer in favor of the consumer’s rights to their data. This includes prohibiting use of data without the owner’s consent, allowing the consumer to see what data is being used and how, and allowing consumers to request that their data be deleted from any service without question. Of equal importance is the GDPR’s strict policies regarding data breaches, stating that knowledge of a user’s data being compromised must be reported to them without “undue delay,” and that any breach must be reported to Data Protection Authorities within 72 hours. The penalty for non-compliance in the event of a breach is heavy, equaling 4% of a firm’s annual revenue or € ($23 million), whichever is greater.

This legislation will have a profound impact on the automotive industry in the coming decades. The vehicles of tomorrow process an enormous amount of user data every day for the purpose of connected car-enabled safety systems and user experience enhancements. The contents of this data ranges from phonebook data and call history to minute-by-minute location data provided through GPS. With real-time V2X technologies coming to fruition through Dedicated Short-Range Communication and 5G technology, even more venues in the vehicle will have access to sensitive user data.

The changes brought by the GDPR will motivate members of the automotive industry to pursue strategies that prioritize the security and accessibility of user data. This calls for all data collected from a vehicle to be securely aggregated and analyzed with around-the-clock safeguards in place to react to any data breaches. Vehicular cyber security must be implemented at every level from In-Vehicle Networks to back-end cloud servers, safeguarding the closed-loop data architecture that is key to the success of connected vehicle deployment. SecureIoT, Trillium’s multilayered automotive cyber security suite is made with this need in mind, having been built from the ground up for ensuring user and data protection in vehicular applications.

When Cars Talk: An overview of V2X Technologies

Cars are no longer self-contained mechanical modes of transportation. Thanks to added connectivity, they are interactive members of their environment, with the ability to communicate with other vehicles, surrounding infrastructure and more. This subset of connected car features are referred to as Vehicle to Everything (V2X) systems.
V2X systems require high-speed connectivity to implement the real-time functionalities they seek to implement. This connectivity is provided by DSRC, or Dedicated Short-Range Communications. DSRC uses a protocol similar to the IEEE Wi-Fi standard, using 75 MHz of spectrum in the 5.9 GHz band exclusively for intelligent transportation systems. These systems broadcast useful data about their host vehicle including GPS position, path data, velocity, future paths, and more. Broadcast over 300 meters away at a frequency of 10 Hz, this information can be picked up by other vehicles and connected infrastructure to implement advanced vehicle safety and convenience-enhancing systems.
Vehicle to Vehicle (V2V) systems let vehicles communicate with one another wirelessly in real time, allowing them to inform their drivers of upcoming threats and obstacles. This leads to improved road safety, as cars using DSRC can be alerted of emergency vehicles coming around a corner, cars travelling in their blind spots, or hidden cars occupying a pass lane. Even in a car driven by a human, notification of these conditions can greatly reduce the risk of an accident or other incident. In cars with autonomous driving capabilities, V2V communication can be used to implement efficient platooning, improving mileage and trip time for all cars in the platoon.
Vehicle to Infrastructure (V2I) technology can be used in similar ways to V2V, increasing road safety and enhancing driver experience. Traffic signals can broadcast their color and how much time remains before they change – giving drivers ample time to adjust their behavior before approaching an intersection. Parking areas can advertise open parking spots to vehicles over DSRC, reducing time wasted roaming a parking lot to find an empty space.
Apart from V2V and V2I systems, there exists another classification of systems called Vehicle to Pedestrian (V2P). These systems involve interacting with pedestrians around a vehicle, alerting them via smartphone notification of a passing emergency vehicle, the arrival of their rideshare, or where their vehicle is located.
These technologies are a clear example of the benefit to be gained from a transportation environment occupied by connected vehicles. Allowing vehicles to interact with their surroundings and users wirelessly and in real time improves both the safety and the quality of our roads and other transportation infrastructure. As vehicles move closer to perfect autonomy, the value of their ability to communicate will only increase. As cutting-edge technologies like 5G come to fruition, the scale on which these applications can be applied will widen drastically, and new ways to improve transportation will make their way into the world.

On-the-Road Improvements: The Value of Aftermarket Connectivity Solutions for Automobiles

The age of highly connected vehicles brings with it an armada of benefits, making use of the vehicles’ connectivity to share environmental and traffic information between cars, platooning services, and other cooperative systems that enhance the driving experience. Many of these systems also improve the safety of the roads, with collision detection and prediction systems being a key selling point of connected and autonomous vehicles.

From cars anonymously reporting what route they take in a given direction to later be used by another passenger to pick a quicker route to alerting vehicles in the area of an accident down a certain road, there is a lot of benefit to be obtained from being part of the grid. The reality is, however, that many of these systems are developed with a stringent minimum level of connectivity required in the vehicle – a level not met by many vehicles on the road today. This results in legacy vehicles becoming blind spots in a transportation environment thriving off data it gets from vehicles as they make their way throughout a city.

As the introduction of connected cars is still in its early stages, the majority of vehicles on the road will be legacy, unconnected ones. The ability for a vehicle to have internet access on the road is largely thanks to embedded telematics modules that use cellular networks to connect vehicles to cloud-based services. Services that don’t operate in real time, such as mileage statistics, diagnostic information, and over-the-air software updates can be accomplished using a home’s Wi-Fi connection, however most cars on the road today lack even this technology, much less dedicated SIM cards to provide data over cellular networks. The aforementioned benefits are ready to make their impression on society; however, the number of non-participating vehicles limits their effectiveness. For services like traffic prediction that rely on data aggregated from large numbers of vehicles, a low participation rate results in an ineffective system, putting the technology to waste. How then, can these innovations find their way into today’s society? Enter, after-market connectivity solutions.

The automotive after-market is a booming industry set to see a total net worth of close to $300 Billion by 2020, and added connectivity is a large driver of this trend towards growth. Automotive suppliers already offer advanced telematics modules that can seamlessly integrate to any vehicle, with many talking directly to the CAN bus to receive fuel economy information, data on driving patterns, vehicle diagnostics, and other data to be used in big data analytics. Many of these modules include over-the-air update capability, guaranteeing that they remain up to date with any innovations that take place in the connected automotive industry. Rather than invest several thousands of dollars on a new vehicle, drivers have the ability to purchase a new head unit or telematics box for a fraction of the price, letting them share the benefits as well as improve the quality of the services offered. Some connectivity add-ons don’t even require such an intrusive installation and can just be plugged into the OBD-II diagnostics port, offering vehicle location services, driving logs, and more.

Some providers offer connectivity solutions through OBD-II dongles that interact with the user’s smartphone. The phone becomes a high-functioning remote control for the car, giving access to remote features as well as data analytics. Others provide aftermarket devices that fill in the connectivity holes found in most mid-high grade vehicles on the road today such as Bluetooth cellphone connectivity and tire safety monitoring devices. Finally, several firms offer advanced telematics in the form of universally-adaptable head units, giving users cutting-edge connectivity for the fraction of the cost of a new car. These units communicate directly with In-Vehicle Networks such as CAN without use of the OBD-II port, giving them more customization options for each individual vehicle.

For users not willing or able to invest in a top-of the line connected vehicle, the aftermarket is a valuable source for the ability to participate in these user-experience and safety-oriented systems. Along with the outfitting of legacy vehicles with cutting-edge connectivity, however, is the concern of cyber security for those vehicles. Every new connection channel added to a vehicle is a potential attack vector, one that can lead to a loss of personal data, property, or life. The need for security alongside such connectivity cannot be ignored, and as such security measures that can co-exist with aftermarket add-ons are the only feasible solution.

As the features offered as a result of this connectivity increase, so will the value one gains from having a vehicle capable of integrating with them. The need for cars to be able to be retrofitted with connectivity options cannot be understated in the effort to improve road safety through connectivity-based strategies.

ACEA Takes Action: The Foundation of Automotive Cybersecurity in Europe

“The digital world offers unprecedented opportunities. Nevertheless, opportunity comes with risks, and one of these is the threat of a direct cyberattack on your car or indeed a whole fleet of vehicles. Keeping cybersecurity risks for connected vehicles in check is therefore of crucial importance.”

These words, spoken by Erik Jonnaert, Secretary General of the European Automobile Manufacturers’ Association (ACEA) perfectly summarize the hurdle facing connected cars that is cyber terrorism. The ACEA represents 14 Europe-based car, van, truck, and bus makers – including Volvo, Daimler, and Volkswagen among others. The consensus of their members on automotive cybersecurity is clear indication of its importance to the industry.

The limitless opportunities stemming from the increased connectivity of connected cars host a slew of vulnerabilities that, if exploited, will threaten personal data, public and private property and human life.

In order to bring these threats into focus, the ACEA published six key principles of automotive cybersecurity for the industry to adhere to. These principles establish a foundation for more developed, specific guidelines to build upon in the future. As reported by Automotive World, they are as follows:
1. Cultivating a cybersecurity culture
2. Adopting a cybersecurity life cycle for vehicle development
3. Assessing security functions through testing phases
4. Managing a security update policy
5. Providing incident response and recovery
6. Improving information sharing amongst industry actors

The principles echo many valuable sentiments put forth by other legislative bodies over the past year, drawing emphasis to the necessity of a cybersecurity culture and secure update policies. The call for appropriate incident response procedures is also familiar, with the United Kingdom’s “Key Principles of Vehicle Cyber Security for Connected and Automated Vehicles” identifying the same need.

While an important step in the development of best practices and in-depth cyber security guidelines for vehicles, the principles laid out by the ACEA serve as a valuable foundation. Instead of serving as a standard for the quality of the security needed in the industry, the ACEA’s principles provide guidance for the path manufacturers should take in developing their automotive cyber security. The framework set by the principles will likely grow to include specific technical requirements for cybersecurity as the industry matures. In time, more data will be available in this yet-blooming field, driving forward the new age of safety policy and legislation.

Smart Car Legislation: Time and Safety Critical

    Between insurance, new technologies, and safety laws, smart cars bring up several complicated issues – though none are perhaps as challenging as the issue of cybersecurity legislation. The concerns surrounding automotive cybersecurity legislation lie largely with the issue of liability in the event of a hack, a subject that seems simple at first, but upon further inspection reveals a subjective, polarizing topic. In his article on ITProPortal, Jaeson Yoo elaborates on this complexity, highlighting the key challenges preventing any clear answer from being made.

    Yoo begins by discussing the urgency of the matter, detailing the United States’ government’s motivations to quickly develop legislation governing automotive cybersecurity. He details how dangerous a car in the wrong hands can be, stating that “Cars, while convenient, have the potential to be deadly, as evidenced by the increasing number of terrorist attacks using automobiles. Vehicles can be used to run over a large group of pedestrians. They can even be used as a way to deliver suicide bombs in strategic situations to maximize catastrophic damage. In other words, ways to utilize the automobile for deadly means are practically limitless, a dilemma that is only certain to grow more complex as cars get even more connected and eventually start driving themselves.” The message is clear – transportation technology is critical to society, but in the wrong situation, cars can be used to cause profound destruction. As cars become more connected, the threat only becomes greater. A single car can already cause major damage. As the amount of connectivity and automation available increases, this already daunting threat has the potential to grow to control thousands of cars within a single fleet.

    This reality is the driving motivation behind the new wave of legislation. Governments around the world are rushing to ensure that adequate legislation is in place in the event such a tragedy occurs, but this hastiness has highlighted a different problem – a lack of interest in the automotive industry to address this serious problem. OEM’s lack serious expertise on the subject of cybersecurity, and thus are reluctant to take a position at all. This cannot be the case, especially when lives are at risk.

    Simply avoiding the issue of cybersecurity is unsustainable. Tesla’s Model 3 is an example of what the future looks like – every function is controlled via the central touch display, foregoing physical buttons and dials for a pure software experience. This futuristic, visionary design has resulted in a massive backlog of nearly 500,000 reservations for the Model 3. Consumers are demanding connectivity in cars today more than any other feature, a call that cannot be ignored without serious damage to traditional OEM’s business. It is clear that traditional OEM’s will have to adapt to remain competitive with newcomers such as Tesla. This adaptation cannot happen as long as OEM’s ignore cybersecurity.

Trillium’s broad portfolio of products & services empowers OEM’s to secure their products from the conceptual stage all the way through end-of-life support. From consulting to penetration testing to providing cybersecurity solutions, Trillium is uniquely positioned to provide a complete and total solution to all things cybersecurity.

Insure My Tesla: New Insurance for a New Age

As an industry that thrives on the weaknesses of human drivers, automotive insurance is facing a difficult problem in the coming of self driving car technology. Not only are autonomous cars themselves proven to be safer drivers than humans, but they, in turn, create a safer driving environment for people not piloting an autonomous vehicle. This reality will no doubt lead to car insurance premiums falling as smart and self-driving cars begin to populate the roads of the world. Tesla motors, a pioneer in the autonomous vehicle sector, has recognized this concern and has taken steps to capitalize on it.

Earlier in October, Electreck posted an article informing that in a partnership with Liberty Mutual Insurance, Tesla’s “InsureMyTesla” insurance program was coming to the United States and Canada, after successful implementation in Hong Kong and Australia. The unique insurance package offers Tesla customers features such as a guaranteed rate for one year, 24-hour roadside assistance, genuine replacement parts, and others. Each of the items detailed in InsureMyTesla are designed to augment the autonomous capabilities of the cars, giving incentive to enroll in specialized insurance. In retrospect, it seems obvious – new cars need new insurance. A big part of that insurance is no doubt going to be cyber security insurance.

The revolution of the car insurance industry is already on the way. With this being said, ensuring you have the right vehicle insurance is essential for any driver. As there are so many sites and companies who offer insurance, it is no surprise that customers want to make sure they get the best deals on the market, that’s why you should look for Cheap car insurance comparison sites as this will make it easier and quicker to find the best one that suits you. If you want to find out more in relation to comparison websites, you look into articles such as The Science Behind Insurance Comparison Websites. It just makes it a lot easier and simpler to find the right insurance to help protect you and your vehicle.

With safer streets and cars that need less maintenance, traditional insurance models will fall out of favor in place of plans that offer solutions to the new problems cars face. Data analytics, user-based insurance, and cyber security are features Trillium expects to see top the list of desired outcomes from insurance providers. With vehicle hacks being the largest area of concern regarding autonomous vehicles, the need to feel safe from such a threat will no doubt manifest itself in the inclusion of cyber security in insurance packages. To boot, according to a 2016 Kelly Blue Book study 50% of people surveyed were willing to pay $9 monthly for automotive cyber security as insurance or a subscription software. These signs all point to cyber security becoming a highly sought-after quality in any provider’s insurance package.

To meet this demand, Trillium has developed it’s Cyber Security as a Service (CSAAS) business plan, utilizing a B2B2B2C market strategy. This allows for the maximum amount of input from both automotive manufacturers and insurance providers, leading to the best user-oriented solution possible. Trillium’s SecureIOT is optimal for this implementation, covering every important aspect of autonomous car insurance. SecureSKYE provides advanced data analytics, leading to more refined user-based insurance policies, while SecureOTA allows for the swift implementation of necessary software updates. As the autonomous insurance landscape develops further, the value of SecureIOT’s multilayered protection will make itself clear, leading the way to a safer tomorrow.

Airbag Security Debunked – or Rather the Lack Thereof

Brakes, steering, accelerator. When asked to name some of a vehicle’s most crucial components, these are some prominent ones that come to mind. The amount of control that they provide to the vehicle’s function is indisputable; any technology linked to them must be scrutinized heavily before it is allowed to be deployed. Such careful evaluation is necessary in producing systems that have minimal vulnerabilities, so it is no surprise that the aforementioned systems are some of the robust. There is, however, one system that holds just as much importance yet has been compromised – airbags.

On October 10th, a vulnerability report was submitted to the Natural Vulnerability Database (NVD) detailing an exploit in passenger vehicles manufactured in 2014 or later that could lead to the airbag being intentionally detonated outside of expected circumstances. The CAN vulnerability, labeled CVE-2017-14937, stems from the lack of security governing the security access needed to detonate the airbags.

According to the published technical report, the ISO standard 26021 represents the only barrier to unauthorized detonation of the pyrotechnical charges linked to the airbags. This protection consists only of a key and seed pair that can be calculated via a weak algorithm that complies with ISO 26021. Since the algorithm is available to anyone with access to the ISO, the proper key can be easily calculated.

Furthermore, a brute-force attack can also cause the detonation of the airbag – as the key proposed by ISO 26021 is only of two bytes. This results in only 65536 different possible keys, a small list for any script to exhaust. This is further magnified by the fact that, according to the ISO standard, “There is no time period which needs to be inserted between access attempts,” meaning that a brute force attack on the system will take place in a miniscule amount of time.

Ironically, the first of these bytes is also mandated to include the definite version number (0x01) of the implemented load detonation method – a reality that, in practice, leaves only one variable byte for the key. With the number of possible keys reduced to a mere 256, the threat this vulnerability poses cannot be underestimated. This guarantees that even without access to the algorithm provided in ISO 26021, the vulnerability can still be exploited at the expense of the passengers.

This discovery points out a dire flaw in the automotive industry’s approach to the security of its in-vehicle networks. The security access originally designed to prevent such premature deployment of a car’s airbags has been turned into a weapon against the consumer – one that could cause severe injury or death. As vehicles continue to rely more and more upon computer systems, appropriate levels of security must be developed in tandem. Without multiple robust layers of protection at every level, smart cars are little more than moving time bombs.

A Vision for Safety 2.0: Automotive Cybersecurity

Autonomous vehicles are here today, and unbeknownst to many, they are already on public roads, test driving next to unsuspecting traffic – this is done before proper legislation to protect innocent bystanders is put into place.

This reality is one that causes great concern among the few who are aware of it. There is almost no regulation at a local level, and the technology is still very much in the development phase. Even worse, much of the development is conducted on public roads, right alongside human drivers. What will prevent an experiment from turning into an accident, potentially taking lives in the process?

Luckily, you will not have to fear for the safety of public roads much longer. On Tuesday, September 12th, the US National Highway Traffic Safety Administration (NHTSA) administered their updated guidelines on development of Autonomous Drive Systems (ADS). This document helps local governments develop their own regulations, as well as providing businesses developing ADS a clear message of what will and will not be tolerated.

It is no surprise that vehicle cybersecurity is listed as one of the 12 essential safety design elements. Without cybersecurity, a vehicle becomes a hacker’s plaything – allowing them to take complete control of the car, including steering, braking, and acceleration. The possibilities for malicious abuse of autonomous cars are endless, ranging from extortion to remote cyber terrorism. The NHTSA stresses the importance of cybersecurity, stating that entities developing ADS “should insist that their suppliers build into their equipment robust cybersecurity features. Entities should also address cybersecurity, but they should not wait to receive equipment from a supplier before doing so.” The message is clear and urgent; implement cybersecurity at every level, and do it quickly.

Trillium agrees, and we are ready to help suppliers, developers, and OEMs implement these guidelines today. Trillium has partnered with the world’s largest automotive IC vendor, NXP, to provide support for Trillium’s SecureCAR platform on NXP’s next-generation S32K automotive microcontrollers (MCU). Our modular, multilayered approach also allows for developers of ADS technology to add cybersecurity directly onto their existing hardware today – without requiring costly changes to their underlying systems.

It is essential that the industry adopts these guidelines quickly and immediately, especially as autonomous vehicles are deployed on an increasingly larger scale. As connectivity and reliance on machine learning increase, so will the damage hackers can cause. Autonomous cars are set to shift the entire transportation landscape, with companies rolling out entire fleets within the next ten years. One rogue autonomous car is a hazard, an army of hacker-controlled vehicles is an avoidable, unnatural disaster.

A Heart-Stopping Discovery: Pacemakers at Risk

“Software is eating the world” – perhaps no other phrase better sums up the era in which we live. In this increasingly interconnected world, new software-driven technologies continue to revolutionize every aspect of our lives. One important consequence of this innovation has been the rise of smarter medical devices, such as software-controlled pacemakers, which have contributed towards increasing the average life expectancy in the US every year for nearly the past quarter century. Now these life-giving devices, to which many owe their lives, are squarely in the crosshairs of hackers.

On August 29th, the US Food and Drug Administration issued a recall on St. Jude Medical pacemakers, stressing that the means to conduct an attack on these pacemakers are easily and commercially available today. Despite the reported ease of accessibility of the hack, the potential consequences are grim: hackers would have the ability to either drain the battery or administer incorrect pacing, with either attack resulting in a sudden cardiac arrest. Such an event can easily prove fatal if proper medical care is not administered immediately. This is why it might be helpful for more people to consider CPR training to be better equipped to deal with this kind of situation. Places like Richmond Hill C2C First Aid Aquatics location can provide useful CPR training to help those that might have their pacemaker hacked. Many public buildings are now implementing equipment to help in the immediate response to someone suffering a cardiac arrest. Churches have followed suit in order to care for members of their congregation who fall severely ill unexpectedly; experts recommend 3 specific AED models for church use and will hopefully go on to save many lives as a result of their implementation.

While no cases have been reported thus far, all pacemakers of the recalled model require an update to their firmware, one that allows only verified parties to make changes to its settings. This process will no doubt carry a hefty price, both in time spent and resources used to carry out the modification. The lack of a secure path to quickly update the settings of these devices is a key issue in this case, once again stressing the necessity for seamless over-the-air updates in modern technology.

The FDA has set a strong example: no longer shall cybersecurity be treated as an inconvenience. It is of utmost importance that device manufacturers, physicians, and patients all heed this warning. Trillium agrees, and looks forwards towards a world in which every device is safe from hackers, but until that day, we must strive to improve cybersecurity in not just one industry, but in every industry. Trillium’s portfolio of lightweight, scalable, and effective cybersecurity solutions were created with this goal in mind.