View Original

Trillium thwarts connected vehicle hackers

See this content in the original post

Connected vehicle technology has incredible potential for the transportation industry: we’ve been promised everything from truck platoons to smart roads helping to eliminate traffic jams and diesel engines uploading performance data back to the OEM. There’s an elephant in the room, though. Will connected cars be secure? How easily can they be hacked? We live in a world where everyone’s data is on the internet, and none of it is truly secure. Your credit history has been hacked, and your credit card number along with it. Your mobile phone photos on the cloud have likely been compromised. In 2016, Hillary Clinton’s private email server was hacked, and so was the National Security Agency.

Consider for a moment the potential security threats that come along with connected vehicles: they run the gamut from stolen freight to corporate espionage and terrorist-caused wrecks and gridlock. In 2015, Charlie Miller and Chris Valasek remotely hacked a Jeep Grand Cherokee being driven 70 mph on the interstate by a Wired Magazine journalist. Miller and Valasek turned on the A/C, changed the radio station, soaked the windshield in wiper fluid, and finally killed the engine, parking the Jeep in the middle of the highway. None of the vehicle’s control systems responded to driver input. To add insult to injury, Miller and Valasek broadcasted a live feed of themselves hacking the car on the Jeep’s digital display. Fiat-Chrysler panicked, issued a recall for 1.5M cars, and ended up giving their customers a USB stick with a software patch.

Companies developing connected vehicle technology all make the standard promises about how they’re building robust security into the systems, but so did the banks, the credit card agencies, and the government. 

But what if someone developed a connected car technology that couldn’t be hacked? Trillium, an automotive cybersecurity company founded in Tokyo in 2014 and now located in Palo Alto, may have actually done it. Trillium’s patented software-based solution is called SecureIoT (Secure Internet of Things) and consists of multiple layers of encryption, authentication, key management, firewalls, over-the-air updates, and big data management modules. Trillium charges commercial vehicle fleets $10 a month per vehicle to protect them from cyber attacks.

How do we know it works? Last summer, Trillium took their system to the Car Hacking Village at DEF CON in Las Vegas. For the non-tech people reading this, DEF CON is the global hacker convention. Participants range from ethical, totally above-board ‘white hat’ cyber security professionals working in industry and government to so-called ‘grey hat’ hackers who sometimes break laws to discover vulnerabilities, but don’t exploit them maliciously, all the way down to the ‘black hat’ hackers who commit crimes for personal gain. This conference is the real deal: almost every year, the FBI is there, too, watching, listening, and sometimes making arrests, as they did with Marcus Hutchins as he attempted to board a plane after last year’s convention. 

Trillium challenged the hackers at DEF CON’s Car Hacking Village to one of the convention’s most famous contests—capture the flag. Teams of hackers competed with each other to break into Trillium’s SecureIoT product. All told, upwards of 700 hackers attacked SecureIoT. None of them made it past the first level of security. 

Since then, Trillium has taken their show on the road, winning awards at start-up competitions across the globe. This past December, Trillium was named Most Promising Startup at CB Insights’ A-ha! innovation conference in San Francisco; two days ago they were demonstrating their product in Tel Aviv. Watch their CB Insights Demo Day pitch below: 

Stay up-to-date with the latest commentary and insights on FreightTech and the impact to the markets by subscribing.

See this content in the original post