Category: Blog

16 August, 2022 . 5 mins read

Spotlight: Vehicle Hacking at DEF CON 30

In this blog, we’ll be highlighting our Security Validation Department, who made the trip to Los Angeles to present on Ethernet and Blackbox fuzzing and participate in the annual hacking festivities. Have an insider’s look at our team, led by Dr. Jonghyuk Song, and how this group of ethical hackers are striving to make connected and autonomous driving safer for us all.

Las Vegas is a long way from Yeouido. An island sitting on the Han River in Seoul, Korea, Yeouido is often referred to as the “Manhattan” of Seoul. It’s home to many a bank and investment firm, as well as the country’s National Assembly Hall. It is a far cry from the Las Vegas strip, but last week the two collided as seven members of AUTOCRYPT’s Security Validation Department, led by Dr. Jonghyuk Song, AUTOCRYPT’s Chief Security Research Officer and Head of Security Validation, spent their week at DEF CON 30.

The annual hacking and security conference hosts tens of thousands of visitors each year and the schedule is jam-packed with presentations and workshops. However, unlike other expos or events, DEF CON is unique in the sense that it is divided into “villages” that host a variety of events and contests dedicated to hacking and pushing the boundaries of what it means to be “secure” in the connected space. Some of the most well-known villages include Aerospace Village, Car Hacking Village, Biohacking, Physical Security and even Social Engineering Village.

While the idea of hundreds of hackers and hacktivists congregating in Vegas and the aforementioned villages may seem like a recipe for disaster, in reality it’s the opposite. Hacking events, especially like DEF CON, attract hackers who are passionate about these industries, and contests allow both hackers and industries associated with these villages to be able to see vulnerabilities within existing technology.

Visitors at DEF CON 30 can participate in a number of activities, including physical security engineering.

One of the members, Donghyeon Jeong, who attended DEF CON for the first time ever, remarked, “Unlike what the general public may believe, hacking isn’t something that’s done alone or without careful planning and logic. There’s lots of advanced equipment required, and some teams have up to 20 people working on different elements simultaneously. Your team has to work together to prioritize problems and solve the problems strategically, depending on the level of difficulty.” The AUTOCRYPT team placed fifth at this year’s Capture the Flag (CTF) contest in the car-hacking village, and tasks consisted of a wide range of problems like ECU hardware-related issues, virtual environment operations, Bluetooth hacking, and firmware reverse engineering.

AUTOCRYPT’s team at work in the Car Hacking Village CTF. AUTOCRYPT came in fifth at this year’s event.

Dr. Song, a many-time participant in the CTF competitions as well as presenter for advanced hacking methods, says that he believes that hacker conventions like DEF CON are crucial to the advancement of secure technology for autonomous driving. “Hacking is just like other technologies where advanced methods are always in development, and coming to these events allows us to see firsthand how to deal with new attacks and also share new strategies we’ve come across in our own work. More and more we see the crossover between hackers and the industries that they are trying to hack as companies are beginning to recognize that the best defense is actually a smart, strategic offense. In fact, you’ll see quite a few recruiters at these events looking to hire an in-house security expert or even just an ethical hacker to test their defense systems.”

And while the competitions are a large part of the event, there are a multitude of presentations that speak more directly to visitors and participants regarding hacking techniques. Dr. Song with AUTOCRYPT’s Soohwan Oh, Jeongho Yang, and Woongjo Choi, presented on automotive ethernet fuzzing as well as black box fuzzing of UDS CAN. Dr. Song stated that he believes that presenting on automotive hacking is especially important, as more and more connectivity is moving outside the traditional IT system. “The last thing you would want to happen is for someone to tamper with a connected vehicle on the move, which could ultimately affect human lives. Showcasing how we hack into systems allows manufacturers and suppliers to take a second look at their own security architecture before drivers and passengers get in the car.”

“It’s important to note that car hacking isn’t the end all be all. Just as we moved on from traditional IT to connected IoT, I think hacking will continue to evolve into other parts of the mobility ecosystem. EV chargers, Fleet Management Systems and mobility services – they will all continue to require white hats like us to monitor and test them, so that everyone can enjoy them without worrying about the vulnerabilities or risks involved,” said Donghyeon Jang.

Check back on our blog for more Spotlight pieces, as we continue to travel around the globe to new events and exhibitions exploring automotive tech and security. To subscribe to our newsletter, visit here.

11 August, 2022 . 6 mins read

Why Digital Car Keys Are Safer Than You Think

The vehicle locking system has gone through a century-long evolution. Despite being a subtle component, tremendous efforts have been put into making more secure locks and more convenient keys, with increasingly sophisticated technology and features built into them. Clearly, the car keys we use today show no resemblance of what they were like decades ago. In fact, the combined door and ignition key was only invented in the 1960s. Prior to that, vehicle owners needed to carry different sets of keys for the door locks and the ignition lock. Then in the 1980s, the remote keyless system (RKS) was adopted, commonly referred to as keyless entry, allowing drivers to remotely control the door locks with the press of a button on their key fob. This continued to evolve into the smart key fob, which by using RFID (radio frequency identification) technology, automatically unlocks a vehicle within proximity, enabling hands-free passive keyless entry. Today, many automotive manufacturers are taking one step further to eliminate the need for any physical form of key, by adopting the digital car key – a virtual smart key that combines wireless communication technologies with authentication software, readily installable onto smartphones.

Despite the convenience the digital car key offers, many remain skeptical of the idea of virtually “logging in” to a vehicle via a smartphone app, with security being the primary concern. Indeed, having a tangible key fob at hand does feel more psychologically secure than a virtual key on the smartphone. However, evidence suggests otherwise – digital car keys are much safer than we might think.

Worldwide Standardization for Digital Car Keys: CCC Digital Key

Unlike other software application services, the architecture of the digital car key is strictly standardized by the Car Connectivity Consortium (CCC), which publishes a detailed release for all manufacturers and software developers to follow, ensuring security and worldwide interoperability.

Since its establishment, the CCC Digital Key standard has received two major updates to incorporate more advanced technologies for added security and convenience. Besides adopting robust PKI-based authentication measures that exceed the security standards of the financial industry, the Digital Key also uses cutting-edge communication technologies to prevent man-in-the-middle (MITM) attacks that attempt to intercept messages. The latest standard, CCC Digital Key 3.0, was introduced in 2021, adopting two new wireless communication technologies – UWB (ultra-wideband) and BLE (Bluetooth Low Energy). These technologies are comparably more secure compared to the RFID technology used in smart key fobs.

Reducing the Risk of Relay Attacks

Although the smart key fob might appear safer than the Digital Key given that the owner has complete physical control of the key, it is in fact highly vulnerable to MITM attacks, particularly relay attacks. Since the smart key fob communicates with the vehicle via RFID signals, attackers can attempt to intercept the signals and use it for their advantage, mostly for stealing vehicles.

A relay attack is surprisingly simple and easy to implement, requiring no technical knowledge. All it needs is two people and two RFID transmitters. One person needs to stand within a certain range of the key fob (usually near the house of the car owner), carrying a transmitter device that picks up RFID signals from the key fob. The device then relays that signal to the second person, who stands beside the targeted vehicle holding a receiver device that picks up the relayed signal, hence unlocking the vehicle. These devices can be easily found and purchased online at affordable prices, with some of them being able to pick up signals from 100 meters away.

Relay attacks are by far the most common cause of vehicle thefts today. According to vehicle theft recovery firm Tracker, 93% of all vehicles it recovered were stolen by relay attacks. Of course, these attacks can be easily prevented by storing the key fob in a metal box or carrying it in a dedicated RFID blocking case. However, having to remove the key fob from a case prior to every use undermines the whole purpose of having a smart key fob in the first place – seamless entry.

Since the Digital Key uses more advanced communication technologies such as UWB and BLE, all of which aren’t vulnerable to MITM attacks, the Digital Key provides much stronger protection against vehicle thefts. In fact, evidence shows that there has not been a single successful case of Digital Key compromise. Although there have been a few cases of hackers who claimed to be able intercept the signals of a digital key through a relay attack, no vehicle theft has been reported as a result.

Chances of Remote Hacking?

Since the Digital Key depends on software-based authentication, many are concerned about the potentials of vehicle hacking. Precisely speaking, every connected system is prone to hacking, but the possibility of a hacker successfully bypassing PKI-based authentication and gaining access to the key is extremely low. Pwn2Own, one of the most popular cybersecurity contests, offered a $100,000 reward to anyone who could hack the digital key of a Tesla Model 3 through code execution, but nobody managed to compromise the key during the contest.

Many users also worry about losing their smartphone, hence losing access to their car. With the Digital Key, users can easily terminate or suspend their key by logging into their account from another device, preventing unauthorized usage of the lost or stolen key.

Additionally, unlike smart key fobs, which have limited buttons and features, the Digital Key provides much more versatile functionalities. For instance, the app can be used to set up a variety of configurations and commands, such as opening and closing the trunk, controlling the A/C, and even sharing the key with friends and family.

Secure Car Sharing

When using a physical key fob, vehicle sharing isn’t easy. Since only two pairs of key fobs are given when purchasing a new car, sharing the car with multiple family members or friends can be a hassle. Moreover, once the key is passed onto the shared user, the owner has no control of the car whatsoever, leading to security and safety concerns.

With the Digital Key, the car sharing process is made much more easy and secure. The owner simply needs to send an invitation link to the shared user to grant them access to the vehicle. Additionally, the owner retains partial control of the vehicle via the app, which allows them to configure the duration of shared usage, the maximum speed, the number of unlocks, and many more.

The vehicle sharing feature of the Digital Key is also beneficial for corporate cars and ridesharing service platforms. Since these publicly accessible vehicles tend to be used carelessly, incorporating the Digital Key offers great potential in enhancing both safety and convenience.

AUTOCRYPT’s Digital Key

As the first mobility security company in Asia to join the Car Connectivity Consortium, AUTOCRYPT’s Digital Key solution is a custom digital key development solution in compliance with the CCC standards, based on AUTOCRYPT’s proprietary PKI-based authentication system, issuing certificates that are embedded to the module during application development.

To stay informed and updated on the latest news about AUTOCRYPT and mobility tech, subscribe to AUTOCRYPT’s quarterly newsletter.

26 July, 2022 . 3 mins read

The Evolution of Tolling and the Potentials of V2X-Based Tolling

The way road tolls are collected has gone through quite an evolution. From manual tollbooths where drivers must come to a full stop to make payments — to the open road tolling (ORT) systems seen on many highways, tunnels, and bridges today, tolling has become increasingly convenient and seamless.

Speaking of a seamless driving experience, another technology that comes to mind is V2X (vehicle-to-everything), the wireless communications technology used for smart transportation. As the foundation for autonomous driving, V2X facilitates all kinds of real-time message transmissions between vehicles, infrastructure, and pedestrians. Today, as more and more vehicles and roadside infrastructure are equipped with V2X connectivity units (onboard units and roadside units), the idea of integrating tolling into the V2X ecosystem has become a hot topic.

The infographic below demonstrates how tollgates have evolved in the past, and how the path toward V2X-based tolling was paved.

The Potentials of V2X-Based Tolling

In terms of the user experience, V2X-based tolling isn’t much different from existing open road tolling systems. Then why is it worth adopting? The main reason is cost efficiency. Both ETC and ORT systems depend on radio transmission, which requires the installation of RFID readers on tollgates and radio transponders on vehicles. These devices, however, are solely made and used for tolling. On the other hand, V2X-based tolling operates on real-time communications between the onboard units (OBU) embedded in vehicles and the roadside units (RSU) embedded in road infrastructure. These devices are used for all types of communications for Vehicle-Infrastructure Cooperated Autonomous Driving (VICAD). In fact, many vehicles and smart road infrastructures today already contain OBUs and RSUs. Strictly speaking, the technology for V2X-based tolling isn’t an innovation in and of itself, but rather a readily available “byproduct” of autonomous driving development. Just like how the functionalities of MP3 players were naturally integrated into smartphones, tolling will eventually be integrated into the V2X ecosystem.

AUTOCRYPT’s Role in Securing V2X Connectivity

Since V2X communications serve a range of security-critical purposes including autonomous driving and tolling, cybersecurity systems must be pre-integrated into the communication process. With decades of experience specializing in encryption and authentication technologies, AUTOCRYPT plays a crucial role in securing V2X messages and participants, preventing unauthorized vehicle access and sensitive data exposure.

AutoCrypt® V2X is a security software package for V2X connectivity units, consisting of a software development kit (SDK) ready to be integrated into OBUs/RSUs, and a PKI-based authentication system for the secure verification of all end-entities.

To learn more about AUTOCRYPT’s V2X security offerings, contact global@autocrypt.io.

To stay informed and updated on the latest news about AUTOCRYPT and mobility tech, subscribe to AUTOCRYPT’s quarterly newsletter.

5 July, 2022 . 8 mins read

Trends in the E-Mobility Industry 2022

As climate change accelerates across the globe, facilitating a fast and smooth transition into electric vehicles (EV) and electric mobility (e-mobility) is now at the top of the agenda for governments, transport ministries, and the automotive and mobility industries. With tremendous investment and efforts pouring into the transition over the past several years, we have seen significant improvements in the quality, usability, and performance of EVs and their supply equipment (EVSE).

AUTOCRYPT considers contributing to the transition to e-mobility of utmost importance. That’s why we exhibited at this year’s EVS35 (Electric Vehicle Symposium and Exhibition) in Oslo, Norway to showcase our latest e-mobility solution EVIQ and propose our proprietary security framework for Plug&Charge (PnC). Being at the event also helped us gain insights into the latest trends in the fast-evolving e-mobility industry.

2022: The Tipping Point of EV Adoption

Although it can take quite some time before all vehicles on the road become electric, EVs are dominating new car sales in many countries. Norway, the leading country in EV adoption, showed a record-high annual EV market share of 86% over the year 2021, followed by another monthly record of 92% in March 2022. At this point, about 23% of all vehicles in use in Norway are EVs. Other leading EV adopters include Sweden, with an annual market share of 45% in 2021, followed by the Netherlands at 30%, Germany at 26%, Britain at 19%, France at 18%, and China at 15%.

Although Norway is currently the only country with an EV market share above 50%, there is little doubt that other countries will quickly catch up. Looking at Norway’s EV adoption pattern, it took about an equal amount of time for the market share to grow from zero to 20% and from 20% to 90%. This 20% mark can be seen as a tipping point, where adoption begins to accelerate.

EV Market Share in Norway (% of New Car Sales)

This pattern can be explained by two reasons. The first is peer influence. Whenever a new technology is introduced to replace an existing one, a great majority of people try to wait until the early adopters have fully tested the technology before making a purchase. This effect is especially salient when making a high-involvement purchase like a car. Once one in five people (20%) start to purchase the new technology, the worries dissipate, and the general population begins their adoption. When reaching a stage where two in five people (40%) go for the new technology, people begin to feel peer pressure and refrain from purchasing the older technology due to fear of being left behind and loss of resale value.

The second reason is of course the growth in EV technology itself.

Based on this pattern, we can estimate that the EV market share in the EU (currently at 20%) will likely reach 80% in five years, and China (currently at 15%) will reach 80% in six years. These estimates do not take into consideration the accelerating growth of e-mobility technology and infrastructure so; by taking that into account, the EV market share in both EU and China could potentially reach 80% in as soon as four years.

Even in slower markets like North America, 2022 is on track to becoming a promising year. Canada’s EV market share grew from 3.8% in 2020 to 5.6% in 2021, showing great potential of reaching the 10% mark within 2022.

Widespread Commercialization of Plug&Charge and V2G Technology

The V2G (vehicle-to-grid) communication interface defined by ISO 15118 is a protocol designed for bidirectional charging/discharging between EVs and chargers. Within the standard is a feature called Plug&Charge (PnC), which enables an EV to automatically prove its identity to the charger on behalf of the driver, then exchange its digital certificate with the certificate of the charger to allow for automated payment. To enable PnC, both the vehicle and the charging station must be PnC-compatible.

The initial years after PnC’s release showed slow progress. After the Plug&Charge section was first added to ISO 15118 in 2014, not a single OEM had a functional implementation until 2018. A few OEMs began demo testing between 2019 and 2020. Eventually, some exciting results were shown in 2021. Several vehicle models – including Hyundai IONIQ 5, 2021 Porsche Taycan, 2021 Lucid Air, and 2021 Ford Mustang Mach-E – are now fully compatible with PnC. The same goes for charging stations. In 2021, both Electrify America and Electrify Canada deployed PnC to their charging networks in North America. Ionity also announced in late 2021 that all their charging stations across Europe are PnC-compatible.

Although it still seems like very few OEMs and charge point operators (CPOs) are implementing the technology, it is great news that PnC is now widely available for commercial use with mass adoption underway, and AUTOCRYPT is fully prepared to implement its AutoCrypt PnC secure charging framework to protect the personal and financial data of the driver during the PnC process, as cybersecurity has become a requirement in ISO 15118-20.

As for the bidirectional charging and energy distribution aspects of V2G, there are very few market implementations today, but the industry is making great progress. Many providers are beta testing V2G chargers capable of selling electricity back to the grid, with hope to bring bidirectional home chargers to the market in the next two years.

Elevated Environmental and Regulatory Pressure

Over the past decade, governments around the world have been using the incentive approach to encourage EV ownership. By subsidizing the costs of vehicle acquisition and e-mobility infrastructure development, EVs have now become affordable for most middle-income families. The availability of charging stations has also greatly improved.

With more climate disasters occurring across the globe, governments are now pushing forward a disincentive approach by putting regulations in place to “punish” carbon emitters. In 2020, the European Union’s Regulation (EU) 2019/631 entered into force, setting specific emission targets for OEMs. For every year between 2020 and 2024, the average CO2 emission for an OEM’s entire fleet registered in the year must be kept below 95 g/km for cars and 147 g/km for vans. If the average emission figure exceeds the target, the OEM must pay an excess emissions premium (EEP) at 95 euros per every g/km exceeded, multiplied by the total number of its newly registered vehicles in the EU in that year. To further incentivize EV production, the regulation also adds a super-credits system for low-emission vehicles with less than 50 g/km, by loosening the targets for OEMs that sell more of these vehicles.

As a simplified example, a 2.5 L gasoline-engine 2022 Hyundai Sonata has an emission rate of 182 g/km, which exceeds the 95 g/km target. If Hyundai wants to avoid paying the EEP, it must sell a lot of IONIQ 5s in that same year to both loosen the target figure (to above 95 g/km) and pull its total average figure down.

Starting in 2025, the target emission standards will become stricter and set out on a per OEM basis as a percentage reduction from their 2020 starting points, encouraging continuous progress.

Adoption of eMobility in Fleets

Electric vehicles are not only becoming popular among consumers, but many companies have started adopting EVs for commercial use. Mobility service operators were among the first to adopt all-electric fleets, because EVs today are easily capable of ranges above 350 km, well above the daily needs of most MaaS and taxi drivers. Additionally, since gasoline prices around the world nearly doubled over the past two years, the electrification of commercial vehicles has become a necessary cost-saving measure for many businesses.

A more exciting trend is the electrification of heavy-duty commercial vehicles like delivery vans, semi-trailer trucks, and buses. Only a couple of years ago, all-electric heavy-duty vehicles were considered barely viable due to technological limitations in batteries and motors. Thanks to accelerating technological growth and decreasing battery prices, heavy-duty EVs have become widely available, with over 100 models of heavy-duty electric trucks and buses in the market today.

Of course, infrastructure must also be upgraded to match the needs of heavy-duty EVs. Charge point operators are expanding their networks of high-speed DC chargers with charging speeds above 250 kW, which can charge a semi-truck in about two hours. Since time is crucial for logistics companies, charger manufacturers have also been working on Mega chargers specifically designed for trucks, namely the Megawatts Charging System (MCS). These charging systems are capable of charging speeds in the megawatts range, capable of filling a semi-truck in minutes.

Lastly, investing in an all-electric fleet also gives the fleet operator the potential of participating in V2G bidirectional charging when it becomes more available in the coming years, allowing the operator to make profits from their unused fleets.

AUTOCRYPT’s Work Towards Connected eMobility

As an automotive cybersecurity and mobility solutions provider, AUTOCRYPT plays a range of roles in bringing convenience and security to e-mobility. Starting from AutoCrypt PnC, a PKI-based security module that secures the PnC charging framework, AUTOCRYPT expanded its offerings by launching its e-mobility solution, EVIQ, an all-in-one EV information and charging platform that provides a Charging Station Management System for CPOs as well as charger locator maps for EV drivers.

To learn more about AUTOCRYPT’s e-mobility offerings, contact global@autocrypt.io.

To stay informed and updated on the latest news about AUTOCRYPT and mobility tech, subscribe to AUTOCRYPT’s quarterly newsletter.

16 May, 2022 . 6 mins read

Managing Automotive Software Security With the Software Bill of Materials (SBOM)

The automotive industry is evolving at an incredible pace, characterized by changes in vehicle architecture, automotive software, and user experience. No longer are automobiles a mere transportation tool, but consumers are now expecting their car to function as their smart mobile device on the road, capable of not just (autonomous) driving, but also personal computing tasks from music and video streaming to in-car payment and cloud-based functionalities. Today, drivers and passengers want their interactions with the car to be personalized, synchronized, and most importantly, effortless.

A smart mobile device relies heavily on software applications. Just like smartphones and tablets, the modern vehicle operates on hundreds of software applications with millions of lines of source code, powered by up to a hundred application processors in the forms of MCUs (microcontrollers) and ECUs (electronic control units)—and in some cases, a couple of centralized CPUs. Whereas conventional vehicles are largely evaluated by their hardware, software is playing an increasingly important role in defining today’s vehicles. We are in an age where two vehicles with the exact same engine and technical specs can drive and feel entirely different depending on the underlying software.

The Role of Automotive Software

In a modern vehicle, a surprising number of features that consumers take for granted are enabled by software. To consumers, the most familiar type of automotive software is the user applications installed in the head unit (i.e., dashboard and infotainment system), which make up the human-machine interface (HMI). Yet, beneath the surface, there are hundreds of software applications embedded throughout the in-vehicle system, underpinning the smart features that are seamlessly integrated into the driving experience. For instance, software is embedded in every camera to process the captured imagery and transmit the visual information to the computing unit, enabling advanced driver-assistance systems (ADAS).

Looking deeper within the vehicle, all ECUs contain pieces of embedded software that act as communication modules, allowing them to communicate with one another throughout the CAN buses, the head unit, the telematics control unit (TCU), and externally to the telecommunications network and the clouds. These communication interfaces lay the groundwork for V2X (vehicle-to-everything) communications and vehicle-infrastructure cooperated autonomous driving (VICAD). Lastly, information collected from the in-vehicle system is likely recorded and transmitted to the OEM cloud, allowing for the vehicle security operations center (vSOC) to detect anomalies and respond to any potential cybersecurity threats. All these software-enabled features run seamlessly without the need for any manual intervention.

Who Develops Automotive Software?

Unlike hardware parts, most of the software components used in automobiles are not directly developed by OEMs or Tier 1 suppliers. Instead, they come from a diverse range of software vendors and providers, including HMI providers, middleware providers, operation systems providers, telematics providers, ADAS software providers, telecommunications providers, cloud providers, security providers, and many more. Some of these software components are installed directly on top of the infotainment system, while others are embedded within the wide array of in-vehicle systems prior to the assembly phase. Oftentimes, software vendors need to work with hardware suppliers and chipmakers during the production process to ensure cross-industry interoperability. As software becomes an integral part of production, the automotive supply chain is looking less like a vertical deliver-and-assemble process but more like a horizontal network of partnerships and co-developments.

The Components of Automotive Software

A vehicle’s software environment is much more complex than that of other computing devices like smartphones and PCs. Smartphones and PCs operate on a single OS, where all software applications are developed for the specific platform. In the vehicular software environment, however, vehicles do not run on a single OS nor a proprietary platform (even though OEMs are moving in that direction—topic for another time). This means that every software component is essentially independent, only to be stitched together by the rules set out by standardized communication protocols and interfaces.

Since automotive software components are developed by individual parties, a large portion of them contain open-source code and licenses. This isn’t surprising given that more than 70% of all the world’s software source code is open source—the most popular mobile OS Android was built on the grounds of the open-source Linux kernel, while over two-thirds of all web servers in the world run on the open-source Unix OS and its variants. Of course, these popular open-source distributions are often developed and managed by large corporations, ensuring that vulnerabilities are monitored, detected, and patched immediately. But this isn’t the case for automotive software, which comes from hundreds of vendors and developers across the world. Since open-source code is widely copied and modified during the development of applications, even developers can lose track of which components or licenses were used, or whether one component could form codependency with another. This makes it much more challenging to manage software updates and ensure that patches get to the right vehicles on time.

Fortunately, there is a promising solution that makes it easy for automotive OEMs to continuously manage their in-vehicle software throughout all stages of the software development lifecycle (SDLC)—the software bill of materials.

Securely Manage Automotive Software With the Software Bill of Materials (SBOM)

To counter the security risks that arise alongside the growing popularity of open-source software (OSS), the software bill of materials (SBOM) has become a popular tool to manage OSS vulnerabilities across many industries. An SBOM, as its name suggests, is a machine-derived list that contains a detailed breakdown of all open-source ingredients—including code and licenses—found within a piece of software. In 2021, a US Executive Order on enhancing OSS security made SBOM mandatory for certain sensitive industries. A detailed guideline was later published by the National Telecommunications and Information Administration (NTIA) of the US Department of Commerce.

Like many other industries, the SBOM is the most effective way for OEMs to manage automotive software. Not only does it help establish a vulnerability-free software environment in the first place, but it also allows OEMs to keep track of vulnerabilities in their OSS and licenses during the aftermarket stage and have them patched via OTA (over-the-air) updates to all impacted vehicles.

AUTOCRYPT’s newly launched AutoCrypt® Security Analyzer (SA) is an SBOM-based software analysis and management tool that accurately detects and categorizes software components, enabling OEMs to continuously manage their automotive software during all stages of the vehicle’s lifecycle.

To learn more about AutoCrypt® Security Analyzer and AUTOCRYPT’s mobility service solutions, contact global@autocrypt.io.

To stay informed and updated on the latest news about AUTOCRYPT and mobility tech, subscribe to AUTOCRYPT’s quarterly newsletter.

15 April, 2022 . 5 mins read

Protecting Vulnerable Road Users (VRU) With V2P Technology

Vulnerable road user (VRU) is a term used to describe any road user who is not inside a motor vehicle. This can mean a pedestrian, a cyclist (or motorcyclist), a scooterist, or someone in a wheelchair. Compared to motorists, VRUs are much more likely to suffer from severe injuries or death in a traffic accident due to their lack of external protection. Although vehicle-pedestrian crashes are much less common than vehicle-vehicle crashes, these accidents still contribute to a significant number of road fatalities. According to the Insurance Institute for Highway Safety (IIHS), pedestrian fatalities account for 17% of all casualties from traffic accidents, while cyclist fatalities account for another 2%.

Why Are VRU Fatalities Increasing?

During the past decade, we have seen significant improvements in Advanced Driver-Assistance Systems (ADAS), including features like pedestrian detection and warning. This gives us an intuition that VRU safety must have been improving. Shockingly, a completely opposite trend was observed. Pedestrian fatalities have in fact increased by 51% over the past ten years, most of which occurred in urban areas.

Given all the technological advancements, why isn’t the pedestrian fatality rate falling? One possible explanation is the growing popularity of SUVs, which are taller than sedans and more likely to hit the pedestrian’s upper body in crashes. Another likely cause is that both drivers and pedestrians today face constant smartphone distraction, making them less focused and attentive on the road.

The Struggles to Keep VRUs Safe

Over the past few years, urban planners and policymakers have been implementing progressive approaches to improve VRU safety by either eliminating roadways in crowded urban centers or reducing the speed limit to less than 30 km/h in city streets. However, these countermeasures are only effective in cities with a well-established public transit system that can handle a drastic increase in passengers. For many cities that rely heavily on personal vehicles, implementing such measures can be quite disruptive and inefficient for daily commuters.

Protecting VRUs isn’t about sacrificing one group for the other. It is essentially about protecting everyone, as every driver technically becomes a VRU the moment they exit the car. Hence, finding a balanced solution that benefits both motorists and VRUs is crucial. In this regard, V2P technology shows great potential. V2P (vehicle-to-pedestrian) technology is a sub-type of V2X (vehicle-to-everything) communications technology that allows vehicles to communicate with pedestrians in real-time wirelessly. With V2P, vehicles and pedestrians will be able to cooperate seamlessly on the road to prevent accidents.

How Does V2P Differ From V2V and V2I?

V2P operates under the same mechanism as other types of V2X communications like V2V (vehicle-to-vehicle) and V2I (vehicle-to-infrastructure). However, there are some unique aspects of V2P that make its deployment and application somewhat different from the other two.

Installation

To enable any V2X communication, a V2X connectivity unit must be installed on every end entity of the ecosystem. An end entity can be a vehicle, a traffic signal, a roadside camera, and many more. The V2X connectivity units can either be embedded within the end entities during the manufacturing process or externally connected to existing vehicles and infrastructure that do not have embedded units.

However, we cannot simply install V2X connectivity units on unpowered V2P entities like bicycles, scooters, skateboards, wheelchairs, and of course, the human body. In this case, smartphones can act as end entities. A compact and lightweight portable V2X device can be plugged into the mobile devices of VRUs so that they can easily participate in V2P communications. These portable V2X devices are extremely versatile and can be plugged anytime into all kinds of smart devices such as phones, tablets, and vehicle head units via common ports like USB-C.

Another potential deployment method relies on a specific type of V2X mode—the C-V2X Uu interface. Different from the PC5 interface—which enables end entities to communicate directly with each other without going through any medium—the Uu interface sends all messages through the mobile broadband spectrum, connecting all entities to the cellular network. Under this mode, all smart devices with cellular connectivity become readily available V2X connectivity units with no need for external hardware.

Application

Whereas V2V and V2I communications are used to serve the purpose of vehicle-infrastructure cooperated autonomous driving (VICAD), V2P adds VRU cooperation to the mix, taking autonomous driving to the next level. By doing so, it further enhances the safety of autonomous driving in urban areas by complementing conventional ADAS and pedestrian warning systems. In application, vehicles receive the real-time location, speed, and direction of every VRU in their surroundings, allowing them to respond immediately to all kinds of unexpected behaviours.

On the other hand, V2P can also be used to issue warning messages to pedestrians. Many observational studies have pointed out the severity of pedestrian smartphone distraction. One study in Melbourne found that 20% of all walkers were on their smartphones while crossing the road. These “smartphone zombies” are at a significantly higher risk of traffic accidents. With V2P-enabled smartphones, these walkers can be alarmed at traffic signals and pedestrian crossings.

Better Autonomous Driving Starts from Road User Cooperation

Even though most developments in autonomous driving have been focusing on V2V and V2I applications, we should not forget that vehicles are not the only road users. To make autonomous driving smarter and safer, more participants should be invited to join the ecosystem. Adding VRUs to the cooperated autonomous driving mix has the potential to greatly reduce vehicle-VRU accidents and improve road safety and efficiency in urban areas.

AUTOCRYPT is actively working on developing technologies that accelerate V2P deployment. To stay informed and updated on the latest news about AUTOCRYPT and mobility tech, subscribe to AUTOCRYPT’s quarterly newsletter.

To learn more about AUTOCRYPT’s mobility service solutions, contact global@autocrypt.io.