AUTOCRYPT, Author at AUTOCRYPT

26 December, 2023 . 3 mins read

AUTOCRYPT to Exhibit at CES, Highlighting Global Standard Compliant V2X Security Solution

SEOUL, KOREA, Dec. 26, 2023 — AUTOCRYPT announced its plans to exhibit at CES 2024, the world’s most influential event in technology. Known for its industry-leading vehicle-to-everything (V2X) and software-defined vehicle (SDV) security solutions, the company will be showing its newest comprehensive solutions at the prestigious event for the first time.

This news comes after AUTOCRYPT’s official partnership announcement with a world-renowned Tier 1 telematics supplier, where AUTOCRYPT will integrate its V2X security library into the supplier’s onboard units (OBU), establishing a production-ready V2X solution for automotive OEMs across the globe. Such partnerships are part of AUTOCRYPT’s long-term strategy of building a comprehensive security solution for software-defined vehicles.

Besides providing V2X security modules for OBUs and RSUs, AUTOCRYPT is also known for being the world’s only V2X PKI provider that supports all major regional SCMS standards, including the North American SCMS, European CCMS, and the Chinese C-SCMS. Having demonstrated the interoperability of its V2X solution within the European CCMS standard, AutoCrypt V2X-PKI has been recently adopted by a global automotive OEM to manage its worldwide SCMS operations.

To further enhance its partnership and client network in the United States, AUTOCRYPT will be highlighting the following at CES 2024 in Las Vegas from January 9 to 12:

Showcase of its tri-standard compliant V2X security solution for automotive OEMs, Tier 1 suppliers, and C-ITS operators
Demonstration of its in-vehicle system security solution and testing services for ISO/SAE 21434 and UN R155/156 compliance
Customized partnership models, with support worldwide (established subsidiaries in Europe, North America, and HQ in South Korea)

“We have established secure V2X infrastructure for over 3,000 miles of smart roads across South Korea. And our V2X security library has been deployed in some of the best-selling vehicle models in the world,” said Daniel ES Kim, CEO of AUTOCRYPT. “We look forward to bringing our experience in Asia and Europe to the forefront this year at CES and demonstrating our readiness for C-V2X infrastructure deployment and mass production on the North American continent.”

To learn more about AUTOCRYPT’s automotive cybersecurity solutions, contact global@autocrypt.io.

About Autocrypt Co., Ltd.

AUTOCRYPT is the leading player in automotive cybersecurity and smart mobility technologies. It specializes in the development and integration of security software and solutions for in-vehicle systems, V2X communications, Plug&Charge, and fleet management, paving the way toward a secure and reliable C-ITS ecosystem in the age of software-defined vehicles. AUTOCRYPT also provides management and service platforms for the operators and end users of MaaS, contributing to sustainable and universal mobility.

21 December, 2023 . 5 mins read

Safety Recall or Software Update? The Transformation of Vehicle Recall

In recent years, automotive OEMs worldwide have garnered attention with large-scale software recalls. Companies like Tesla and Rivian have issued recalls over issues potentially impacting vehicle functions or even jeopardizing driver safety. However, these recalls differ from traditional ones as they are conducted via over-the-air (OTA) updates, eliminating the need for vehicle owners to physically visit service centers. This shift signifies a transformation in the landscape of vehicle software recall.

When does a software recall happen?

When an automotive OEM or a safety regulator discovers a safety-related issue in a vehicle model, transportation authorities, such as the NHTSA, issue a “safety recall,” alerting vehicle owners about the safety risk. Such a decision is made when a vehicle contains malfunctioning components that may pose a safety risk or when a vehicle fails to meet legal standards. Previously, car owners receiving recall letters would have to visit the nearest service center to address the safety concerns.

How does a software recall work?

Today, the scenario has evolved significantly. With the increasing reliance on software for vehicle operations, recalls can now be conducted through over-the-air software or firmware updates.

A software recall functions identically to an OTA update, patching up issues, introducing new features, and making alterations to vehicles remotely, without necessitating a trip to the service center.

To enable OTA updates, cars must incorporate a telematics control unit (TCU) housing mobile communication interfaces, like 4G/5G or Wi-Fi, and memory to store driving and vehicle data. The OEM dispatches the software package to its vehicles from a cloud-based server, with cars downloading and installing updates automatically during regular use. To ensure that the OTA update is executed safely only validated software packets must be received and installed.

Once successfully installed, the vehicle reports its updated status to the OEM’s backend, marking it as updated in the recall system.

The transformation of vehicle recall

In the ever-evolving landscape of automotive technology, the traditional concept of vehicle recalls has undergone a transformative shift. The emergence of over-the-air (OTA) updates has revolutionized how safety fixes are conducted, offering convenience and cost-efficiency for both OEMs and vehicle owners.

In 2023, OEMs are projected to save nearly $500 million in the US through OTA recalls. These savings primarily stem from reduced maintenance and labor costs at traditional vehicle dealerships that historically handled safety fixes during recalls. Simultaneously, vehicle owners save time and money as their cars fix themselves through OTA upgrades, bypassing the need for a dealership visit.

Software recalls have been conducted over-the-air for the past few years. And many ask, “Is it really a “recall” if the problem is getting fixed (patched) through an OTA update?”

A prominent example is Tesla’s recall of over 2 million vehicles performed over-the-air. Tesla’s recall filing said that the company’s advanced driver assistance system, Autopilot, did not have sufficient system controls that prevented driver misuse and could, therefore, increase the risk of crash. As a result, the company had to recall the software in almost all Tesla vehicles in the US. The recall was conducted as an OTA software update that incorporated additional controls and alerts to the current Autopilot system.

The event sparked debates about whether it qualifies as a recall if the vehicle doesn’t require dealership servicing. Tesla’s CEO, Elon Musk, has fueled this debate, advocating for modernizing recall terminology, considering the nature of modern software recalls. He’s referred to labeling OTA software fixes as “outdated and inaccurate” when described as recalls.

Historically speaking, safety recalls have had a slew of negative sentiments associated with the term. On the one hand, the vehicle owners would have to go through the cumbersome task of visiting a dealership and repairing their vehicle, which could sometimes take days. On the other hand, manufacturers would have to incur extra expenses issuing the recall free of charge, as well as to deal with negative press and brand image associated with the safety recall.

Since safety recalls can be conducted seamlessly over-the-air, and do not follow the same process as traditional recalls, should they still be considered “recalls”? Or can they be regarded as “security patches” or, simply, a “software update”?

As we embrace the era of connected vehicles and software-driven functionalities, the race to create the most advanced vehicle is fiercer than ever. Automakers are spending countless resources on developing complex applications to secure the first mover advantage in an increasingly competitive market. As a result, manufacturers have an incentive to roll out new features at a faster pace.

While OTA updates surely allow for a faster innovation cycle in the industry, they may potentially encourage an environment where imperfect software is rolled out prematurely. And if the weight of a “safety recall” is lightened by a change of terminology, will automakers still bear the negative repercussions of rolling out potentially dangerous software and to what extent? Maybe the “safety recall” nomenclature serves as a checks and balances system that ensures OEMs are socially accountable for safety issues in their software.

Regardless of semantics, safety fixes via over-the-air updates present a far more convenient and time-efficient approach to recalls.

While debates persist about the nomenclature surrounding these updates, the undeniable efficiency and effectiveness of OTA recalls mark a significant step forward in automotive safety and maintenance. This evolution reflects not only technological advancements but also a fundamental shift in how we perceive and address safety concerns in the automotive world.

To stay informed about the latest news on mobility tech and software-defined vehicles, subscribe to AUTOCRYPT’s monthly newsletter.

18 December, 2023 . 2 mins read

AUTOCRYPT Releases Polarion-Based Cybersecurity TARA Template for the Automotive Industry

SEOUL, KOREA, Dec. 18, 2023 — Automotive cybersecurity company AUTOCRYPT recently announced the release of “TARA Template for Automotive,” a project management tool for conducting Threat Analysis and Risk Assessment (TARA), a process crucial to the development and maintenance of automotive software. The cybersecurity tool is now available as an extension on Siemens’ Polarion ALM application lifecycle management platform, helping users effectively address TARA activities.

Defined by “ISO/SAE 21434: Road Vehicles – Cybersecurity Engineering,” TARA is a preventive cybersecurity methodology that involves performing a set of key activities during software development and maintenance. The process involves the analysis of potential cyberattack objectives, vectors, and threats, followed by an assessment of their risk and severity levels.

AUTOCRYPT’s TARA Template for Automotive greatly reduces the complexity and increases the accuracy of TARA activities. Developed by AUTOCRYPT in collaboration with Branvi, an official Polarion partner, the tool has been optimized for the Polarion platform. Work items can be automatically connected to the template, allowing users to benefit from the step-by-step manual and calculation tools in the template.

AUTOCRYPT’s CEO, Daniel ES Kim, commented, “With the advancement of software-defined vehicles, TARA has become an inseparable part of vehicle development and maintenance. Based on our decades of experience in cybersecurity implementation, our team at AUTOCRYPT has established an intuitive template optimized for ISO/SAE 21434 compliance.”

Beyond the ISO/SAE 21434 standard, TARA is also an effective strategy for implementing security by design and managing security updates, as mandated by UN Regulation 155 and 156. AUTOCRYPT provides a wide range of security testing tools and services to complement TARA and secure the vehicle manufacturing process.

To learn more about AUTOCRYPT’s automotive cybersecurity solutions, contact global@autocrypt.io.

About Autocrypt Co., Ltd.

AUTOCRYPT is the leading player in automotive cybersecurity and smart mobility technologies. It specializes in the development and integration of security software and solutions for in-vehicle systems, V2X communications, Plug&Charge, and fleet management, paving the way towards a secure and reliable C-ITS ecosystem in the age of software-defined vehicles. AUTOCRYPT also provides management and service platforms for the operators and end users of MaaS, contributing to sustainable and universal mobility.

7 December, 2023 . 3 mins read

AUTOCRYPT Partners With Hitachi Solutions on V2X and In-Vehicle Systems Security Solutions

SEOUL, KOREA, December 7, 2023 — AUTOCRYPT, an industry-leading automotive cybersecurity and mobility solutions company, announced its partnership with Hitachi Solutions, Ltd., a global IT service provider and system integrator. The two companies have agreed to provide joint offerings and consulting services covering V2X and in-vehicle systems security to Japanese automotive OEMs and tier suppliers.

The two companies already have a history of collaboration; AUTOCRYPT has been offering its V2X security solution with the option of integrating its security library with Hitachi Solution’s V2X Middleware Platform. The formalization of the partnership signifies the continued success of past projects, and seeks to further expand the scope of collaboration beyond V2X to embedded vehicular systems.

As vehicles become increasingly software-defined, cybersecurity for in-vehicle systems has become an integral part of automotive production and regulatory compliance. AUTOCRYPT’s in-vehicle systems security solution helps OEMs exceed cybersecurity requirements with open-source license management, fuzzing, penetration testing, and threat mitigation, while Hitachi Solutions, Ltd. offers a range of compliance consulting that covers all facets of vehicle production. The partnership will provide an optimized range of solutions for both companies’ clients to meet production requirements.

“The Japanese automotive industry is one of the largest in the world and is currently undergoing a major transition to a more electrified and software-defined future,” said AUTOCRYPT’s CEO, Daniel ES Kim. “Through this partnership with Hitachi Solutions, we are excited to offer a more comprehensive V2X and in-vehicle systems security solution with an enhanced support network for our existing and potential clients in Japan.”

As a global leader in automotive cybersecurity, AUTOCRYPT’s goal is not confined to helping clients stay secure and compliant, but to also maximize efficiency by streamlining cybersecurity engineering into the production process. Its newly developed AutoCrypt Security Fuzzer for HIL enables fuzz testing in hardware-in-the-loop (HIL) simulations, greatly reducing vehicle development costs.

To learn more about AUTOCRYPT’s in-vehicle systems security solutions, contact global@autocrypt.io.

About AUTOCRYPT

AUTOCRYPT is the leading player in automotive cybersecurity and smart mobility technologies. It specializes in the development and integration of security software and solutions for in-vehicle systems, V2X communications, Plug&Charge, and fleet management, paving the way towards a secure and reliable C-ITS ecosystem in the age of software-defined vehicles. AUTOCRYPT also provides management and service platforms for the operators and end users of MaaS, contributing to sustainable and universal mobility.

About Hitachi Solutions, Ltd.

Hitachi Solutions is a core IT company of the Hitachi Group. We deliver products and services of superior value to customers worldwide through key subsidiaries in Asia, the United States and Europe. We have also been providing a variety of solutions globally using cutting-edge digital technologies based on collaborative creation with customers. Together with our partners around the world, we are accelerating Sustainability Transformation (SX) to solve the challenges facing society and business, and contribute to the realisation of a happy society where no one is left behind.

20 November, 2023 . 6 mins read

5 Futuristic In-Vehicle Infotainment Features in the Age of Software-Defined Vehicles

The automotive landscape is in the midst of a profound transformation. Cars have now entered the realm of digitization, where the competition isn’t solely about design and horsepower, but also the ingenuity of digital features. To keep up, original equipment manufacturers (OEMs) are diversifying their offerings, introducing features that offer a more futuristic and personalized driving experience.

At the heart of this revolution lies in-vehicle infotainment (IVI), an integrated vehicle system merging entertainment and information delivery for drivers and passengers. Its overarching objective is to amplify the driving experience, keeping occupants informed, entertained, and safe. This blog will unveil five of the most cutting-edge vehicle infotainment features flourishing in the automotive sector today.

AI and Voice Assistants

The buzz surrounding artificial intelligence has seeped into the automotive domain, with OEMs dedicating colossal R&D investments to create the most advanced automotive AI. While primarily utilized for autonomous driving, AI’s applications extend far beyond. Recent car models feature AI assistants integrated into the vehicle’s infotainment system. These assistants boast advanced language processing, biometrics, and deep learning abilities, enabling them to do an array of different tasks that make the driver’s life easier. These tasks include, but are not limited to, ordering groceries en route, planning trip routes with charging stops, and even orchestrating various vehicle functions.

Integrating GPTs into AI assistants takes the technology a step further. Unlike conventional voice assistants tethered to predefined tasks, GPTs leverage a vast language model, enhancing its natural language understanding and expanding its abilities as a smart-car assistant. The likes of Mercedes-Benz are utilizing the technology to create AI assistants that act like smart, conversational companions, curating an engaging driving ecosystem.

NIO in-vehicle infotainment AI voice assistant

Facial Recognition

While cameras within car structures aren’t novel, their application has undergone a significant expansion. Coupled with advanced processing capabilities, new in-vehicle cameras facilitate facial recognition features that multiply infotainment system capabilities. Vehicle cameras now monitor driver behavior, detecting blinking rates and yawning to signal potential fatigue. With the rapid development of driving assistance, features like this are employed as safety measures to make sure the driver does not lose concentration or doze off behind the wheel.

On top of safety, facial recognition enables seamless vehicle unlocking and authorization for payments through the infotainment system. We can see that common smartphone features are making their way into vehicles as customers expect more convenience and digitization from their cars. Pioneering Chinese car models delve deeper, employing facial recognition for experience personalization. For instance, the futuristic XPENG G3 allows users to select their preferred seat positioning and lighting settings, and uses face recognition to then adjust to personalized settings based on who is at the driver’s seat.

Gesture Control

Gesture recognition technology, available in select premium vehicles, has transformed the way drivers interact with their cars. This innovation extends beyond the conventional realm of in-vehicle infotainment, introducing an intuitive interface that responds to simple hand gestures. Gesture recognition lets you use a subtle swipe to adjust volume, a flick of the wrist to change music tracks, or a pinch in the air to zoom in on navigation maps. The integration of gesture control not only enhances convenience but also represents a significant leap in fostering a safer driving environment. By minimizing manual distractions, drivers can effortlessly navigate the car’s interface without diverting their gaze from the road, enjoying both convenience and safety.

Moreover, the ongoing evolution of gesture control technology envisions a future where these intuitive motions go beyond the entertainment realm. Soon, drivers might be able to execute more complex commands with a wave of the hand, accessing vehicle diagnostics, or even initiating communication functions. This paradigm shift in interaction within the vehicle is reshaping the traditional dashboard layout, signaling an era where physical buttons and knobs might gradually become obsolete.

Unique Entertainment Options

Automakers are revolutionizing the automotive landscape by crafting distinctive entertainment features to captivate the attention of younger audiences. The range of entertainment offerings is expanding rapidly with some models offering in-car gaming tools, built-in karaoke systems with wireless microphones, augmented reality (AR) and voice tech utilizing interactive user manuals. These pioneering features not only set these vehicles apart from competitors but also redefine the very purpose of a vehicle beyond mere transportation. And as self-driving becomes more widespread, consumers will make purchasing decisions based on the in-car experience, so these entertainment options will become increasingly important.

AIWAYS in-vehicle infotainment interactive car manual

Dashboard App Diversification

The digital transformation of vehicles has created an urgent demand for personalization, prompting manufacturers to reimagine the dashboard as a customizable canvas. Thanks to over-the-air systems, vehicle users can now curate their dashboard by downloading applications right into their infotainment systems.

Seamlessly integrating social media feeds, news updates, or productivity tools directly into the vehicle’s dashboard, modern cars not only cater to individual preferences but also pave the way for an ever-evolving ecosystem within the vehicle, where the driving experience transcends transportation, becoming an extension of one’s lifestyle and interests. This synergy between technology and personalization is revolutionizing the way users interact with their vehicles, morphing cars into smart devices tailored to customer needs.

Securing the Future of Automotive Innovation

The evolution of in-vehicle infotainment into a realm of advanced AI integration, facial recognition, gesture control, and diversified dashboard apps marks a seismic shift in automotive technology.

As cars become digital hubs of connectivity and convenience, the significance of safeguarding these systems against potential cyber threats cannot be overstated. Each innovative feature, while enhancing personalization and convenience, also presents entry points for malicious exploitation. The industry’s focus on robust cybersecurity measures—encryption protocols, intrusion detection, and collaborative standards—are crucial in fortifying these high-tech infotainment features against unauthorized access and exploitation.

The future of driving isn’t solely about technological sensation, it’s about responsible innovation. Protecting the integrity, privacy, and safety of these advanced infotainment systems is a shared responsibility of all industry participants.

AUTOCRYPT’s in-vehicle cybersecurity solutions provide complete protection for the vehicle-embedded systems minimizing cybersecurity risks, while facilitating safe and responsible innovation in the industry.

To stay informed about the latest news on mobility tech and automotive cybersecurity, subscribe to AUTOCRYPT’s monthly newsletter.

6 November, 2023 . 4 mins read

Trends in Vehicle Vulnerabilities: A 2023 Report

In recent years, the automotive sector has undergone a profound transformation driven by innovation. The past decade witnessed a rapid digitization of vehicles, the ascent of electric powertrains, the advent of software-defined systems, and the ongoing development of autonomous vehicles. These technological advancements have elevated automobiles beyond mere modes of transportation. However, they also made vehicles increasingly susceptible to cyberattacks. Unfortunately, the pace of implementing in-vehicle cybersecurity measures has lagged behind the speed of innovation, leaving modern vehicles at an alarming risk.

A comprehensive study conducted by IOActive has meticulously analyzed the trends in vehicle vulnerabilities, pooling data from 2016 to 2022. This study sheds light on the evolving threat landscape within the automotive industry, classifying data according to various attack vectors, namely local, physical, network, and peripheral RF.

Key Findings:

Networked Connection Attacks: The most striking revelation from the study is the surge in attacks exploiting networked connections, accounting for nearly half of all attacks in 2022. This signifies a prominent shift towards remote cyberattacks targeting vehicles.

Local Attacks: Local vehicle software, including operating systems, Electronic Control Units (ECUs), and Software Bill of Materials (SBOMs), accounted for 40% of disclosed vulnerabilities. This highlights the growing risk of exploiting vulnerabilities within a vehicle’s software ecosystem.

Physical Hardware Attacks: Physical hardware-associated vulnerabilities witnessed a significant decline, plummeting by 15%. This decline can be attributed to the automotive industry’s increasing focus on remote attack vectors.

Peripheral RF Attacks: Intriguingly, a novel category of attack vectors, peripheral RF attacks, emerged, representing 1% of the total vulnerabilities. This indicates the shifting landscape of vehicle cybersecurity needs and the expanding spectrum of threats.

Now, let’s delve into a closer examination of each attack vector:

Local Attacks

Local attacks primarily exploit vulnerabilities within the vehicle’s software ecosystem. Examples include attacks on operating systems, ECUs, and SBOMs. A common local attack is spoofing, where malicious actors send synthetic signals to deceive the vehicle’s systems. Spoofing can lead to incorrect data interpretation, posing substantial risks to vehicle operation and passenger safety.

Over the past decade, local attacks have seen a 6% increase, reflecting the industry’s struggle to defend against software-based attacks, exacerbated by the increasing complexity of software in modern vehicles. Robust in-vehicle security systems are essential to mitigating the risks of local software attacks. Manufacturers must employ effective testing measures to identify and rectify software vulnerabilities.

Physical Hardware Attacks

While physical hardware attacks have experienced a notable decline, they continue to pose a tangible threat. These attacks necessitate the physical presence of a threat agent. An attack on vehicle hardware could provide unauthorized access to critical vehicle components, potentially allowing a takeover of the vehicle.

For instance, a USB attack targeting a vehicle’s infotainment system could compromise the Controller Area Network (CAN). To address these vulnerabilities, vehicle security systems must incorporate robust gateway security measures to protect against hardware-based intrusions.

Networked Connection Attacks

Emerging as a recent development, networked connection attacks exploit far-field RF spectrum, including wireless and cellular connections, backend networks, and vehicle-to-everything communications. Securing messages exchanged through vehicle-to-everything (V2X) communication channels is of paramount importance, particularly as the industry is gearing up for autonomous driving. Ensuring the authenticity of V2X messages is crucial to prevent masquerading attacks, which can disrupt traffic and compromise vehicle systems.

Original equipment manufacturers (OEMs) must implement cybersecurity practices that authenticate information and signals exchanged through V2X communications to mitigate the risks associated with networked connection attacks.

Peripheral RF Attacks

Peripheral RF attacks originate in the near-field RF spectrum, encompassing technologies like NFC, RFID, remote key entry, and on-board telematics. The 1% growth in peripheral RF attacks, as identified by IOActive’s analysis, is largely attributed to vulnerabilities related to Remote Key Entry (RKE) and Bluetooth.

One common manifestation of a peripheral RF attack is a relay attack, notably compromising key fob technology. Such attacks can allow unauthorized access to vehicles and even the ability to remotely start them. These attacks have become one of the most common causes of vehicle theft. In 2022, AUTOCRYPT’s Vehicle Threat Research Lab discovered a high severity (CVSS 8.1) relay attack vulnerability (CVE-2022-38766) in a popular electric vehicle in Europe. To counter these threats, vehicle owners can employ signal-blocking devices, while manufacturers should implement comprehensive cybersecurity measures to monitor and filter traffic at the gateway.

In light of these evolving trends and vulnerabilities, it is imperative that advancements in the automotive sector go hand in hand with the development of robust cybersecurity measures.

AUTOCRYPT offers end-to-end vehicle cybersecurity solutions that safeguard vehicles from both internal and external threats, ensuring the continued safety and security of modern automobiles.