Contact Us

AUTOCRYPT Launches Cybersecurity Testing Platform for UN R155/156 and GB Compliance.Learn More

Author: AUTOCRYPT

11 January, 2024 . 2 mins read

AUTOCRYPT Gains Attention at CES 2024 with Vehicle Fuzzing Solution, CSRO Wins SDV Innovator Awards

LAS VEGAS, Jan. 11, 2024 — Automotive cybersecurity and mobility solutions company AUTOCRYPT showcased its embedded systems and V2X security solutions for software-defined vehicles (SDV) at CES 2024, gaining attention with its smart fuzzing solution dedicated to automotive protocols.

AUTOCRYPT’s capability in vehicle fuzzing is also recognized by industry professionals. On the evening of the event’s opening day, AUTOCRYPT’s Chief Security Research Officer (CSRO), Dr. Jonghyuk Song, was announced winner in the “Experts” category of the 2024 MotorTrend SDV Innovator Awards, recognized for his groundbreaking research and leadership at AUTOCRYPT.

As Director of AUTOCRYPT’s Vehicle Threat Research Lab, Dr. Song has led the lab into developing one of the world’s first fuzzing tools designed for vehicular protocols, including UDS, CAN, Wi-Fi, Bluetooth LE, and the Ethernet. This differentiates AutoCrypt Security Fuzzer from conventional fuzz testers, allowing it to detect vulnerabilities at exceptionally high accuracy with much lower time consumption.

Throughout 2023, the VTR Lab has also collaborated with RWTH Aachen University to develop AutoCrypt Security Fuzzer for HIL, enabling fuzzing in hardware-in-the-loop (HIL) simulations. The team also conducts regular offensive security testing on vehicle ECUs, and is recognized by major manufacturers as experts in ethical hacking.

“The goal of the VTR Lab is to improve the effectiveness and efficiency of vehicle testing within and beyond the established framework of UN R155 and ISO/SAE 21434,” said Dr. Song. “I’m honored to be recognized – it allows for more attention and focus on the need for cybersecurity for software-defined vehicles. Ultimately, we want to help OEMs and suppliers eliminate such risks and bring safe, secure mobility for all road users.”

About Autocrypt Co., Ltd.

AUTOCRYPT is the leading player in automotive cybersecurity and smart mobility technologies. It specializes in the development and integration of security software and solutions for in-vehicle systems, V2X communications, Plug&Charge, and fleet management, paving the way towards a secure and reliable C-ITS ecosystem in the age of software-defined vehicles. AUTOCRYPT also provides management and service platforms for the operators and end users of MaaS, contributing to sustainable and universal mobility.

28 December, 2023 . 3 mins read

Infographic: 2023 Year in Review

This year was full of innovation and exciting new partnerships. We want to thank our investors, partners, clients, readers, and visitors for your support in 2023. We are looking forward to what 2024 will bring!

Have a Happy New Year !

See below for a summary of AUTOCRYPT’s accomplishments in 2023.

Download PDF

(Accessibility version below)

New solutions:

AutoCrypt TEE – an ASPICE CL2-certified in-vehicle systems security solution that utilizes the trusted execution environment to secure advanced applications like ADAS, IVI, and CCU

AutoCrypt Security Fuzzer for HIL  – an add-on version to the existing Security Fuzzer, the “AutoCrypt Security Fuzzer for HIL” is fuzz test solution optimized for vehicle HIL simulations that helps OEMs detect and report vulnerabilities for safety validation

“TARA Template for Automotive” – a project management tool for conducting Threat Analysis and Risk Assessment (TARA), a process crucial to the development and maintenance of automotive software

EVIQ CSMS for Plug&Charge an add-on tool that will seamlessly guide the deployment and management of Plug&Charge operations, available for charge point operators and e-mobility service providers

AutoCrypt KEY – a tool that enables OEMs and suppliers to efficiently manage all types of cryptographic keys used for the components of connected and electric vehicles. AutoCrypt KEY provides all the key management features needed for automotive production

Major partnerships:

AUTOCRYPT and RWTH Aachen University jointly developed “AutoCrypt Security Fuzzer for HIL”, enabling smart fuzzing in HIL simulations.

AUTOCRYPT and V2ROADS entered a cooperation agreement to deliver a full-stack secure V2X solution to Europe, North America, and South Asia.

AUTOCRYPT joined forces with Hitachi Solutions, Ltd. to provide joint offerings and consulting services covering V2X and in-vehicle systems security to Japanese automotive OEMs and tier suppliers.

AUTOCRYPT partnered with a world-renowned Tier-1 telematics supplier, where AUTOCRYPT integrated its V2X security library into the supplier’s OBU.

AutoCrypt V2X-PKI, a tri-standard compliant SCMS platform, was adopted by a global automotive OEM to manage its SCMS operations under the EU CCMS standard.

Certificates:

ASPICE → AUTOCRYPT was recognized with an ASPICE Capability Level (CL) 2 certification for its AutoCrypt TEE software security platform and its well-established processes in securing in-vehicle systems and software.

Events:

This year we had the chance to connect with partners and clients, as well as showcase our solutions, at some of the most coveted global events in automotive industry.

  • UITP Global Public Transport Summit 2023
  • ITF 2023 Summit
  • ITS European Congress 2023
  • AutoTech Detroit 2023
  • Electric Vehicle Asia 2023
  • IAA Mobility 2023
  • Aachen Colloquium 2023
  • Expand North Star Dubai

26 December, 2023 . 3 mins read

AUTOCRYPT to Exhibit at CES, Highlighting Global Standard Compliant V2X Security Solution

SEOUL, KOREA, Dec. 26, 2023 — AUTOCRYPT announced its plans to exhibit at CES 2024, the world’s most influential event in technology. Known for its industry-leading vehicle-to-everything (V2X) and software-defined vehicle (SDV) security solutions, the company will be showing its newest comprehensive solutions at the prestigious event for the first time.

This news comes after AUTOCRYPT’s official partnership announcement with a world-renowned Tier 1 telematics supplier, where AUTOCRYPT will integrate its V2X security library into the supplier’s onboard units (OBU), establishing a production-ready V2X solution for automotive OEMs across the globe. Such partnerships are part of AUTOCRYPT’s long-term strategy of building a comprehensive security solution for software-defined vehicles.

Besides providing V2X security modules for OBUs and RSUs, AUTOCRYPT is also known for being the world’s only V2X PKI provider that supports all major regional SCMS standards, including the North American SCMS, European CCMS, and the Chinese C-SCMS. Having demonstrated the interoperability of its V2X solution within the European CCMS standard, AutoCrypt V2X-PKI has been recently adopted by a global automotive OEM to manage its worldwide SCMS operations.

To further enhance its partnership and client network in the United States, AUTOCRYPT will be highlighting the following at CES 2024 in Las Vegas from January 9 to 12:

  • Showcase of its tri-standard compliant V2X security solution for automotive OEMs, Tier 1 suppliers, and C-ITS operators
  • Demonstration of its in-vehicle system security solution and testing services for ISO/SAE 21434 and UN R155/156 compliance
  • Customized partnership models, with support worldwide (established subsidiaries in Europe, North America, and HQ in South Korea)

“We have established secure V2X infrastructure for over 3,000 miles of smart roads across South Korea. And our V2X security library has been deployed in some of the best-selling vehicle models in the world,” said Daniel ES Kim, CEO of AUTOCRYPT. “We look forward to bringing our experience in Asia and Europe to the forefront this year at CES and demonstrating our readiness for C-V2X infrastructure deployment and mass production on the North American continent.”

To learn more about AUTOCRYPT’s automotive cybersecurity solutions, contact global@autocrypt.io.

About Autocrypt Co., Ltd.

AUTOCRYPT is the leading player in automotive cybersecurity and smart mobility technologies. It specializes in the development and integration of security software and solutions for in-vehicle systems, V2X communications, Plug&Charge, and fleet management, paving the way toward a secure and reliable C-ITS ecosystem in the age of software-defined vehicles. AUTOCRYPT also provides management and service platforms for the operators and end users of MaaS, contributing to sustainable and universal mobility.

21 December, 2023 . 5 mins read

Safety Recall or Software Update? The Transformation of Vehicle Recall

In recent years, automotive OEMs worldwide have garnered attention with large-scale software recalls. Companies like Tesla and Rivian have issued recalls over issues potentially impacting vehicle functions or even jeopardizing driver safety. However, these recalls differ from traditional ones as they are conducted via over-the-air (OTA) updates, eliminating the need for vehicle owners to physically visit service centers. This shift signifies a transformation in the landscape of vehicle software recall.

When does a software recall happen?

When an automotive OEM or a safety regulator discovers a safety-related issue in a vehicle model, transportation authorities, such as the NHTSA, issue a “safety recall,” alerting vehicle owners about the safety risk. Such a decision is made when a vehicle contains malfunctioning components that may pose a safety risk or when a vehicle fails to meet legal standards. Previously, car owners receiving recall letters would have to visit the nearest service center to address the safety concerns.

How does a software recall work?

Today, the scenario has evolved significantly. With the increasing reliance on software for vehicle operations, recalls can now be conducted through over-the-air software or firmware updates.

A software recall functions identically to an OTA update, patching up issues, introducing new features, and making alterations to vehicles remotely, without necessitating a trip to the service center.

To enable OTA updates, cars must incorporate a telematics control unit (TCU) housing mobile communication interfaces, like 4G/5G or Wi-Fi, and memory to store driving and vehicle data. The OEM dispatches the software package to its vehicles from a cloud-based server, with cars downloading and installing updates automatically during regular use. To ensure that the OTA update is executed safely only validated software packets must be received and installed.

Once successfully installed, the vehicle reports its updated status to the OEM’s backend, marking it as updated in the recall system.

The transformation of vehicle recall

In the ever-evolving landscape of automotive technology, the traditional concept of vehicle recalls has undergone a transformative shift. The emergence of over-the-air (OTA) updates has revolutionized how safety fixes are conducted, offering convenience and cost-efficiency for both OEMs and vehicle owners.

In 2023, OEMs are projected to save nearly $500 million in the US through OTA recalls. These savings primarily stem from reduced maintenance and labor costs at traditional vehicle dealerships that historically handled safety fixes during recalls. Simultaneously, vehicle owners save time and money as their cars fix themselves through OTA upgrades, bypassing the need for a dealership visit.

Software recalls have been conducted over-the-air for the past few years. And many ask, “Is it really a “recall” if the problem is getting fixed (patched) through an OTA update?”

A prominent example is Tesla’s recall of over 2 million vehicles performed over-the-air. Tesla’s recall filing said that the company’s advanced driver assistance system, Autopilot, did not have sufficient system controls that prevented driver misuse and could, therefore, increase the risk of crash. As a result, the company had to recall the software in almost all Tesla vehicles in the US. The recall was conducted as an OTA software update that incorporated additional controls and alerts to the current Autopilot system.

The event sparked debates about whether it qualifies as a recall if the vehicle doesn’t require dealership servicing. Tesla’s CEO, Elon Musk, has fueled this debate, advocating for modernizing recall terminology, considering the nature of modern software recalls. He’s referred to labeling OTA software fixes as “outdated and inaccurate” when described as recalls.

Historically speaking, safety recalls have had a slew of negative sentiments associated with the term. On the one hand, the vehicle owners would have to go through the cumbersome task of visiting a dealership and repairing their vehicle, which could sometimes take days. On the other hand, manufacturers would have to incur extra expenses issuing the recall free of charge, as well as to deal with negative press and brand image associated with the safety recall.

Since safety recalls can be conducted seamlessly over-the-air, and do not follow the same process as traditional recalls, should they still be considered “recalls”? Or can they be regarded as “security patches” or, simply, a “software update”?

As we embrace the era of connected vehicles and software-driven functionalities, the race to create the most advanced vehicle is fiercer than ever. Automakers are spending countless resources on developing complex applications to secure the first mover advantage in an increasingly competitive market. As a result, manufacturers have an incentive to roll out new features at a faster pace.

While OTA updates surely allow for a faster innovation cycle in the industry, they may potentially encourage an environment where imperfect software is rolled out prematurely. And if the weight of a “safety recall” is lightened by a change of terminology, will automakers still bear the negative repercussions of rolling out potentially dangerous software and to what extent? Maybe the “safety recall” nomenclature serves as a checks and balances system that ensures OEMs are socially accountable for safety issues in their software.

Regardless of semantics, safety fixes via over-the-air updates present a far more convenient and time-efficient approach to recalls.

While debates persist about the nomenclature surrounding these updates, the undeniable efficiency and effectiveness of OTA recalls mark a significant step forward in automotive safety and maintenance. This evolution reflects not only technological advancements but also a fundamental shift in how we perceive and address safety concerns in the automotive world.

To stay informed about the latest news on mobility tech and software-defined vehicles, subscribe to AUTOCRYPT’s monthly newsletter.  

18 December, 2023 . 2 mins read

AUTOCRYPT Releases Polarion-Based Cybersecurity TARA Template for the Automotive Industry

SEOUL, KOREA, Dec. 18, 2023 — Automotive cybersecurity company AUTOCRYPT recently announced the release of “TARA Template for Automotive,” a project management tool for conducting Threat Analysis and Risk Assessment (TARA), a process crucial to the development and maintenance of automotive software. The cybersecurity tool is now available as an extension on Siemens’ Polarion ALM application lifecycle management platform, helping users effectively address TARA activities.

Defined by “ISO/SAE 21434: Road Vehicles – Cybersecurity Engineering,” TARA is a preventive cybersecurity methodology that involves performing a set of key activities during software development and maintenance. The process involves the analysis of potential cyberattack objectives, vectors, and threats, followed by an assessment of their risk and severity levels.

AUTOCRYPT’s TARA Template for Automotive greatly reduces the complexity and increases the accuracy of TARA activities. Developed by AUTOCRYPT in collaboration with Branvi, an official Polarion partner, the tool has been optimized for the Polarion platform. Work items can be automatically connected to the template, allowing users to benefit from the step-by-step manual and calculation tools in the template.

AUTOCRYPT’s CEO, Daniel ES Kim, commented, “With the advancement of software-defined vehicles, TARA has become an inseparable part of vehicle development and maintenance. Based on our decades of experience in cybersecurity implementation, our team at AUTOCRYPT has established an intuitive template optimized for ISO/SAE 21434 compliance.”

Beyond the ISO/SAE 21434 standard, TARA is also an effective strategy for implementing security by design and managing security updates, as mandated by UN Regulation 155 and 156. AUTOCRYPT provides a wide range of security testing tools and services to complement TARA and secure the vehicle manufacturing process.

To learn more about AUTOCRYPT’s automotive cybersecurity solutions, contact global@autocrypt.io.

About Autocrypt Co., Ltd.

AUTOCRYPT is the leading player in automotive cybersecurity and smart mobility technologies. It specializes in the development and integration of security software and solutions for in-vehicle systems, V2X communications, Plug&Charge, and fleet management, paving the way towards a secure and reliable C-ITS ecosystem in the age of software-defined vehicles. AUTOCRYPT also provides management and service platforms for the operators and end users of MaaS, contributing to sustainable and universal mobility.

7 December, 2023 . 3 mins read

AUTOCRYPT Partners With Hitachi Solutions on V2X and In-Vehicle Systems Security Solutions

SEOUL, KOREA, December 7, 2023 — AUTOCRYPT, an industry-leading automotive cybersecurity and mobility solutions company, announced its partnership with Hitachi Solutions, Ltd., a global IT service provider and system integrator. The two companies have agreed to provide joint offerings and consulting services covering V2X and in-vehicle systems security to Japanese automotive OEMs and tier suppliers.

The two companies already have a history of collaboration; AUTOCRYPT has been offering its V2X security solution with the option of integrating its security library with Hitachi Solution’s V2X Middleware Platform. The formalization of the partnership signifies the continued success of past projects, and seeks to further expand the scope of collaboration beyond V2X to embedded vehicular systems.

As vehicles become increasingly software-defined, cybersecurity for in-vehicle systems has become an integral part of automotive production and regulatory compliance. AUTOCRYPT’s in-vehicle systems security solution helps OEMs exceed cybersecurity requirements with open-source license management, fuzzing, penetration testing, and threat mitigation, while Hitachi Solutions, Ltd. offers a range of compliance consulting that covers all facets of vehicle production. The partnership will provide an optimized range of solutions for both companies’ clients to meet production requirements.

“The Japanese automotive industry is one of the largest in the world and is currently undergoing a major transition to a more electrified and software-defined future,” said AUTOCRYPT’s CEO, Daniel ES Kim. “Through this partnership with Hitachi Solutions, we are excited to offer a more comprehensive V2X and in-vehicle systems security solution with an enhanced support network for our existing and potential clients in Japan.”

As a global leader in automotive cybersecurity, AUTOCRYPT’s goal is not confined to helping clients stay secure and compliant, but to also maximize efficiency by streamlining cybersecurity engineering into the production process. Its newly developed AutoCrypt Security Fuzzer for HIL enables fuzz testing in hardware-in-the-loop (HIL) simulations, greatly reducing vehicle development costs.

To learn more about AUTOCRYPT’s in-vehicle systems security solutions, contact global@autocrypt.io.

About AUTOCRYPT

AUTOCRYPT is the leading player in automotive cybersecurity and smart mobility technologies. It specializes in the development and integration of security software and solutions for in-vehicle systems, V2X communications, Plug&Charge, and fleet management, paving the way towards a secure and reliable C-ITS ecosystem in the age of software-defined vehicles. AUTOCRYPT also provides management and service platforms for the operators and end users of MaaS, contributing to sustainable and universal mobility.

About Hitachi Solutions, Ltd.

Hitachi Solutions is a core IT company of the Hitachi Group. We deliver products and services of superior value to customers worldwide through key subsidiaries in Asia, the United States and Europe. We have also been providing a variety of solutions globally using cutting-edge digital technologies based on collaborative creation with customers. Together with our partners around the world, we are accelerating Sustainability Transformation (SX) to solve the challenges facing society and business, and contribute to the realisation of a happy society where no one is left behind.