Self-driving vehicles are no longer a thing of the future. In fact, they’re here and ready to hit the road. However, experts say that the most likely place for this technology to become commonplace is not in the everyday SUV, but in heavy trucking.

It was recently reported by Pitchbook that in the first half of 2021, $5.6 billion has been invested into Autonomous Trucking (AT). There are a number of reasons autonomous technology makes sense for the trucking industry, including the massive labor shortage it’s been facing for decades. This unique technology has the potential to transform the industry. The majority of autonomous driving is via the highway, where a truck is maintaining speed for many miles making the occasional pass or highway stop. However, the technology will reach a level of maturity where even complex maneuvering won’t be an issue for an AT system, and it’s expected to reach approximately 50 percent of vehicle population on the road.  

With the increased reliance on complex networks of embedded systems, buses, software and protocols, Original Equipment Manufacturers (OEMs) and freight manufacturers need to remain vigilant for the potential threat their systems face to cyber-attacks and adopt a proactive approach to security. Here are a few steps OEMs can take today to ensure their AT systems are ready for the commercial market: 

Undergo a Design and Security Architecture Review 

Before you finalize a vehicle’s system, ensure it’s designed with today’s – and tomorrow’s – emerging threats in mind. This will not only give you peace of mind, but will strengthen your brand’s reputation for safety.  

Evaluate Your System’s Functionality 

It’s important that your system meets defined requirements that ensure standard or malicious inputs are considered.   

Get a Penetration Test 

Every dependency, interaction and subcomponent within your system should be evaluated by a third party in order to identify all possible means in which it could be compromised. 

Take action. Learn more about what AIS can do to ensure your products’ embedded systems remain secure. AIS is a leading cybersecurity partner for several OEMs and other large companies throughout the transportation sector with capabilities that extend from secure system design to testing and implementation. See our expertise in action here.  

Organizations all over the world are becoming increasingly susceptible to cyber threats that are constantly evolving and growing in sophistication.

The transportation industry especially is undergoing a complete transformation as the need grows to secure the systems that control operations. Transportation drives the flow of commerce and any disruption could potentially translate to billions of dollars lost.

Bad actors will initially survey a system to determine potential holes in the software, then invest the time necessary to engineer the exploit and attack. Embedded systems need to be secure all the way down to the lowest level of vehicle functionality. This includes reverse engineering binary files, running dynamic analysis on real-time functionalities and wireless frameworks and producing proof of concept results. There are many angles that hackers consider in infiltrating a system and companies should be aware of every single one of them, or risk being the next headline.

New technologies such as V2X communication infrastructures and OTA updates are being adopted by Original Equipment Manufacturers (OEMs), paving the way for attack surfaces within these systems to grow exponentially. Furthermore, autonomous technologies are nearing full adoption for commercial and passenger markets. These systems are the perfect target for hackers regardless of whether they are looking for reward or total disruption in the system. Not addressing the risks appropriately could lead to data theft, liability issues, incompliance with regulatory automotive standards and the massive disruption of supply chains.

The best time to ensure systems are designed with security in mind is before deployment. For the systems already deployed, it’s not too late to consider a comprehensive vulnerability assessment to identify potential threats. Our approach at AIS mirrors the actions an adversary would take to compromise a system.

AIS is a trusted cybersecurity partner in securing transportation systems and associated infrastructures. From secure system design and development to security testing and implementation, AIS works to ensure that the systems within consistently perform in a reliable, safe and secure manner. We do this by following a cyclic assessment process, which can be viewed here.

Much of our work is unable to be publicized but check out what we did for DARPA under the High-Assurance Cyber Military Systems (HACMS) project. Choose security today. Learn more about what AIS can do to ensure your products’ embedded systems remain secure.

Connor Davis, Software Engineer/Researcher at AIS, presented at the 2021 Xen Developer & Design Summit. This year’s virtual event took place on Tuesday, May 25 through Friday, May 28.

About Connor Davis  

Connor spends most of his time exploring virtualization technologies (in particular VT-x/VT-d), covert communications, embedded systems, secure boot architectures and Clang/LLVM. In his free time, he enjoys hiking, rock climbing and practicing Jiu Jitsu. He is also currently contributing to the port of Xen to RISC-V. 

Reverse engineers can finally take a sigh of relief thanks to AIS’s new program, Byte Taint Resonance Imaging, aka ByteRI, which will make a major impact in the practice of dynamic taint analysis.

What is ByteRI?

ByteRI is the solution to a multitude of laborious and inefficient reverse engineering programs.

By individually tainting each byte of an input and tracing the flow of these byte-taints through ByteRI, associations between the input fields and code instructions that depend on them are uncovered.

What problem does ByteRI solve?

Reverse engineers are tasked with discovering what programs do while simultaneously learning how it does it. This is not an easy task and involves the creation of new inputs to drive the program’s execution toward unexplored code.