History lessons 2: Who has access?

David Rogers continues his blog series — commissioned by on-chip monitoring experts UltraSoC (now part of Siemens) — examining security through the ages and highlighting lessons for emerging and future technologies.

Conway Castle, North Wales.
Image (edited) source: Adrian J Evans
CC-BY-SA-4.0

Conwy Castle is an imposing castle. Built towards the end of the 13th of century in North Wales, as part of Edward I’s Iron Ring around the country, its curtain walls are interspersed with eight round towers, complete with arrow slits and ramparts. Its two barbicans guarded entrances to the castle. It still stands today, within the further walls of the town of Conwy itself with a further 21 towers. What is amazing is that it was built within only five years. It was designed by the best castle designer of the day, Master James of St George, and was state-of-the-art when it came to defensive security. It withstood one siege – when the Welsh besieged King Edward in the castle in 1295. It was on Good Friday in 1401 however, that the most interesting events happened at the castle during Owain Glyndwr’s uprising against the English.

Nearly all of the garrison of the castle were at church in the town attending Mass. There were two guards left behind on the gate. A carpenter from the castle approached the guards saying that he needed to perform some work with two of his assistants. They were admitted and then immediately stabbed both guards. They then quickly let in the rest of their men, locking the gates behind them. When the garrison arrived back from church they were unable to gain access to the castle.

Unfortunately, the cleverness of this takeover was undermined by the fact that there were few stores in the castle and the Welsh were not prepared for it. It also upset the King of England, Henry IV, who immediately besieged the castle. Within three months, with no edible stores, the Welsh were starved out.

Why is this story particularly interesting in a technology context? This kind of strategy has many parallels with the way in which hackers often use guile and skill to attack seemingly impenetrable defences. The attack was planned to happen when the castle would be least defended and a way of gaining access via an authorized method had been found. The guards authenticated that the carpenter was real and he was clearly authorized to be there. The defenders were not correctly using their layers of defence within the castle and showed complacency and over-familiarity.

The story also gives a lesson for attackers looking to compromise and remain in a system. When defences have been subverted, one thing that more advanced attackers do in the technology world is what’s called ‘living off the land’. In this case the attackers were not able to sustain their takeover of the castle because they lacked those resources to hold out for a long time. Indeed, they’d misperceived the real situation. In the technology world, it is good practice to minimize in advance the things that an attacker can use once they’re “in the castle” or onto a system, such as software libraries not used for the core operation of a system. In the case of the story above, it was bad luck for the attackers that the garrison had so few usable supplies and food.

Containing access

We know that Conwy has two barbicans. The purpose of a barbican is to provide additional defence in front of an access point or gate. It functions as a mechanism for control over hostile entrants. Barbicans are typically narrow and often contain traps such as murder holes to throw things down on the enemy, as well as adjacent spaces on the same level and a floor above from which defenders can attack the enemy from the side or from height, whilst safely behind their own defences. The defenders have the advantage because low resources are needed to defend whilst the attacker is narrowly channelled into a place of the defender’s choosing.

Layout of Conwy castle showing the East and West Barbicans
Source: CADW

In technology terms, we see very little of this kind of defensive mechanism. Where there are inputs to a system, typically via an Application Programming Interface (API), inputs are often blindly accepted, in some cases from anyone who accesses the interface. Good practice dictates that input is validated – ie that a number is indeed a number and within the expected range. However, there is clearly an opportunity to go further than that. Where an interface or system is under attack there is an opportunity to defend against that. Examples of attacks go from fuzzing (throwing structured and unstructured data at an interface in the hope of breaching it in some way), repeated brute-force attempts at getting in, or denial of service (DoS) attacks hoping to overload and consume system resources. Abstractly, a system, once it identifies such kinds of attack, could provide some kind of pre-interface – ie a barbican before the data hits a real interface. This gives the opportunity to do something about an attack as it happens – for example, it could choose to drop the data that is sent during a DoS attack rather than consume system resources responding to it. More sophisticated versions could waste an attacker’s time and resources through other clever means. This is a form of ‘active defence’, without actually ever touching an attacker’s system. It is all performed locally on the system that is under attack.

However, all of this depends on whether the system is always on guard. History shows that in the Conwy castle case, the garrison were complacent – even though the Welsh had started to rebel the year before. The ‘trusted’ carpenter should have been let in on his own without anyone else and there should have been additional guards within the main castle such that the attackers were confined to the barbican itself, to be dealt with.

The castles of yore often included  other mechanisms for access control including the use of a portcullis (or sometimes several of them) which could be dropped very quickly if needed to block access or to trap attackers at entry points. Similarly, entrances were often guarded by drawbridges which could be closed, or turning bridges which could easily be destroyed by defenders. Castle buildings often had entrances on the 1st floor and above – well above head-height. This meant that wooden stairs could be destroyed and burnt in a hurry if necessary, causing an attacker further trouble if the castle was under attack. All of these were primarily designed for defending against sieges. As we’ve seen in this blog however, sometimes costly defences can be undermined by guile, intelligence, defender complacency and choosing the right timing.


For more on how historical security measures and failures can help instruct the future of security design for hardware in connected devices, check out the webinar (co-hosted by UltraSoC CSO Aileen Ryan and Copper Horse founder and CEO David Rogers) accompanying this series of blog posts.

Previous blog post in the series << 1/5 Doing nothing in a hostile environment is never going to work out well

Next blog post in the series >> 3/5 Confusing the guards and what it means for future hardware chip design

About the author

David Rogers is Founder and CEO at Copper Horse.

Race report: Zandvoort, 28 September 2021

An early spin puts a dent in the final result, but the signs are encouraging for future races 

Dry conditions at the Zandvoort circuit meant that drivers could make the most of its fast and flowing layout. And Copper Horse Racing’s white and green Lamborghini Huracán 2015 did just that, at least until the end of lap 4. 

Qualification boost 

There were clues in free practice that Copper Horse Racing could be starting towards the front of the grid. In the pre-race warm-up, David Rogers topped the leaderboard for a large part of the session with a 01m:38.439s and lapped even quicker (01m:37s:788) in qualifying to grab P6.  

At the very front, last week’s winner Matthew North impressed again. His Aston Martin V8 Vantage took just 01m:36.570s to complete the lap, taking pole position by more than half a second. 

Racing highs and lows 

The good times continued briefly for Car 59, which moved up to 4th in the first lap of the race. 

Flying start: Copper Horse Racing’s Lamborghini moves up into 4th on the first lap

But clipping the inside high kerb on the long sweeping ‘Arie Luyendijk Bocht’ — easily done when navigating the Lamborghini’s 2m plus width around Zandvoort’s famously narrow track — on lap 4 proved to be costly. The slight detour unsettled the car into the start/finish straight, leaving the Lamborghini sat perpendicular to the traffic.  

David was forced to sit and wait with seconds ticking by as the traffic went through and it was safe to turn back into the circuit. The incident meant that going into lap 5, Copper Horse Racing had dropped to P14.   

Yellow flag incident: clipping the kerb proved costly for Car 59 

What’s more, the aero damage sustained in the lap 4 incident had pushed the tuned setup slightly out of the window and made the fast right-hander the ‘Scheivlak’ a nervy trip each lap. Navigating other cars as they made mistakes and getting hit by a car attempting to overtake under yellow flags added to the challenge now facing Copper Horse Racing.  

With lap times increasing, it was time for a pit stop. But with the damage that had to be fixed, a tyre change and a 30 second stop-go penalty (from the previous race) to be served, it was going to be a long one. All that could be done was to sit and wait for the traffic to pass through to lap the forlorn Lamborghini. 

Out of the pits with a freshly repaired vehicle and new slicks and into traffic – Car 59 came out behind the green and black Porsche of Ethan Boudreaux who was in 7th place, with Copper Horse one lap behind. If we couldn’t fight at the front, we could at least try and work our way up as far as we could during the last half of the race. It would be a tough challenge – sat in 15th place with 14th place over 20 seconds ahead. So began a few laps of pressure as the faster Lamborghini attempted to get past the cars ahead on the tight circuit. 

Eventually, success! A slick move through the inside of the tight ‘Hans Ernst Bocht’, gave a free stretch of track towards the next car – 6th placed Latvian, Armands Petrovics in his number 96 bright pink Mercedes-AMG. 

Apex moment: unlapping the leading cars allowed Car 59 to make up time on its closer rivals.

It didn’t take long to hunt down Petrovics and a couple of laps later, he moved aside on the start-finish straight – car 59 wasn’t in his fight. As the race was coming to a close, the Lamborghini was now rapidly advancing on the Aston Martin of Dutchman Damian Herfkens. 12 seconds ahead, 6 seconds ahead, 2 seconds!  

With the race leader (Nico Urbantat) on the final lap, it was time to make the move on Herfkens. And noticing that his Aston Martin had gone wide in turn 1, the Lamborghini took the inside – and through! Briefly! Traction control kicking in, the Aston accelerated out and caught the corner of the Lambo, pit-manoeuvring the car around to face the other way. A racing incident, nothing more.  

The race over, David took the car back and over the line. P15 didn’t do it justice, but what a race! 

Last lap drama: after lunging ahead on the final corner, the Lamborghini gets tagged by the Aston Martin. 

Talking automotive cybersecurity 

If previous race reports have piqued your interest in automotive cybersecurity, then you might enjoy the upcoming Secure-CAV webinar ‘Effectively Addressing the Challenge of Securing Connected and Autonomous Vehicles’ (live on Thursday 7 October 2021, 15:30 BST and then available on-demand). 

During the 60 min webinar session you will learn – 

  • The best use of threat modelling techniques
  • Methods for staying one step ahead of malicious hackers in the automotive space
  • Effective methods for hardware-based attack detection
  • How the Secure-CAV project looks at the problem of future vehicle security   

Race results 

Congratulations to Nico Urbantat of Germany who took his third win of the season at Zandvoort and sits at the top of the overall standings in Tier 10. The other drivers on the podium were P1 qualifier Matthew North in second place and Polish driver Robert in third. 

Tune in next week to discover how Copper Horse Racing gets on at the legendary Suzuka circuit. 

About the author 

James Tyrrell is a Threat Modelling Analyst at Copper Horse. 

Race report: Nürburgring, 21 September 2021

Under wet conditions, Copper Horse Racing gains 7 places from qualifying to finish P11

If you are looking for tough racing then the Nürburgring is not going to disappoint. Drivers in season 8 of AOR’s GT3 league were spared the ‘Green Hell’ of the epic Nordschleife circuit, racing instead on the Grand Prix loop. But they still had to contend with the region’s notoriously bad weather, which pushed up the difficulty of navigating a mix of fast and technical circuit features another notch. 

Built in 1984, Nürburgring’s GP track is home to a wide range of racing formats including the ‘Eco Grand Prix’, held since 2013. 

81% changing conditions 

Series organisers AOR kept sim-racers on their toes by advertising changeable dry and wet weather conditions. That being said, tier 10 entrants received a particularly bad roll of the dice with the track becoming wet, wet and wetter as the race unfolded. However, drivers in other tiers did experience drier spells as Yorkie065’s livestream on YouTube shows. 

Qualifying low down the order in P18 with a wet setup that never felt quite right, Car 59 driven by David Rogers had to focus hard to stay out of trouble in the main pack. If previous races are a guide – taps, tangles and off-track excursions are almost guaranteed at some point as opponents jostle for position on cold tyres (especially in the wet). And there was nothing to suggest that things would be any different this time around. 

A hard slog 

Driver perspective:

The first lap was less eventful than usual and I managed to pick up five places going into lap 2. However, a tap from behind as the car turned into the tight Castrol ‘S’ meant lost places and the accident caused other cars to go off too. In the split-second that was available to make decisions and relatively unsighted (a problem with sim racing), I attempted to move out of the entirely blocked road. My car was then hit again by another car trying to manoeuvre around a stranded vehicle; my movement ultimately caused the stewards to penalise me for dangerous driving. This was warranted as sim racing requires you to remain stationary if stuck on the track during an incident, precisely because of this awareness issue. For drivers using VR headsets or TrackIR, they have a better appreciation of what’s going on around them, but it is still never going to be the same as a real car.

First full lap of the race: Secure-CAV sponsored Car 59 moves up through the race order.

Another challenge for everyone, is that the cars all have different setups and braking points and in the wet this can cause a lot of issues especially where cars can also be carrying damage from their own incidents. The 2015 Lamborghini has quite a long braking distance in comparison with other cars on the track. 

In fact, racing at the Nürburgring generated the most Tier 10 DNF’s of the series so far, with five drivers failing to make it to the chequered flag – a measure of the challenging conditions. 

Plus, this week’s race was run in the longer 90 minute format, which gives an extra 30 minutes for things to go wrong as concentration levels fade. The final stint certainly proved tricky for Copper Horse Racing’s white and green Lamborghini Huracán, with a late spin — caused simply by being momentarily distracted — dropping the car from P8 to P12. 

The race’s mandatory pitstop was taken 10 minutes from the end, with only a splash of fuel needed and opting for no repairs to the minor damage to the vehicle. The minimal time in the pits brought the car out behind a rapidly slowing damaged McLaren. On the final lap and driving hard and being chased by Chris Maitland in his Footwork liveried 2016 Lexus RC F GT3, I made a move on the McLaren in the Mercedes Arena complex of corners. Taking a different, inside line to the slow driver, the move resulted in a clash between the two cars, and I backed off, allowing the McLaren to return to racing. A couple of corners later at the Valvoline-Kurve, the McLaren opened the door wide, so I moved in again, this time getting through with the McLaren hitting the side of the car and losing time, allowing Maitland’s Lexus through too behind me. A post-race stewards’ inquiry was inevitable, but I didn’t have much choice in the moment, not knowing what was going on with the McLaren or why it was driving slowly. 

Rapid refuel: the white and green Lamborghini of Copper Horse Racing takes a short pitstop ahead of the final few laps.

To be competitive, drivers have more to consider than just watching out for other opponents and keeping the car between the white lines. Other demands include monitoring the in-game telemetry, which represents the sensor data that would be available in a real GT3 car, to keep tabs on brake temps, fuel load, tyre pressures and much more besides. 

Data protection and threat modelling 

In Formula One, cars reportedly run with over 300 sensors per vehicle, up from just 24 when teams began using the technology more than three decades ago. The trend can be seen in road vehicles too, especially those fitted with advanced driver assistance systems (ADAS), which rely on a range of vehicle and environmental data to operate.  

Sensor data brings tremendous knowledge to racing teams and, on the road, can boost safety by helping drivers to navigate otherwise unforeseen hazards. But as vehicles rely more heavily on the exchange of information – connected and autonomous vehicles being the most extreme example – security measures will need to evolve to mitigate the corresponding threats. 

In a previous race report, we discussed the manipulation of algorithms used to recognise road signs. More recently, security researchers have shown how projected (or phantom) images can confuse vehicle cameras. But it’s not just vehicle safety that’s at risk. Attacks on sensors (or their data) could impact privacy or have other consequences. For example, what if payment information could be extracted, or other personal details such as trip history and location?  

There are many angles for carmakers and their suppliers to consider, but there’s also a process that can help – threat modelling (one of our security activities at Copper Horse), which at the highest level boils down to answering four key questions

  1. What are we working on? 
  2. What can go wrong?
  3. What are we going to do about it?
  4. Did we do a good enough job? 

Also, cleverly designed card decks can make threat modelling sessions much more interactive and engaging for participants.  

Talking of fun, let’s return to the race details.  

Race results 

Victory at the Nürburgring went to Swiss driver Matthew North in an Aston Martin V8 Vantage, who managed to get one up on pole sitter Teis Hertgers of The Netherlands. Copper Horse’s David Rogers kept it together to finish P11, gaining 7 places (5 in the first lap) overall. But this week, the most positions gained award goes to Davy Melin in a McLaren 720S, who passed the chequered flag in fifth position, up 8 places on his qualifying spot. 

Race winner: Matthew North crosses the line driving an Aston Martin V8 Vantage.

The post-race stewards’ inquiry found against David Rogers in the final lap incidents, resulting in points deductions and license penalties. In the cold light of day, it is easy to make retrospective analyses of on-track incidents. But during the race it is very different with drivers in difficult conditions making split-second decisions – as real-life driver Alex Fontana, also driving a Lamborghini discovered at Valencia at the weekend. This makes racing what it is – an exciting battle between competitors who all really want to win. 

 The series continues with racing at Zandvoort, where Tier 10 drivers might get to enjoy sunnier weather with only a 30% chance of rain, according to the forecast. 

About the authors 

James Tyrrell is a Threat Modelling Analyst at Copper Horse. 

David Rogers is Founder and CEO of Copper Horse and Driver of Car 59. 

On the move: the driver’s viewpoint from car 59 in the wet mid-race at the Nürburgring GP circuit

History lessons 1: Doing nothing in a hostile environment is never going to work out well

A second chance to enjoy David Rogers’ popular blog series — originally commissioned by on-chip monitoring experts UltraSoC, now part of Siemens — examining security through the ages and highlighting lessons for emerging and future technologies.

In this blog series, I’m going to mention castles a bit (amongst other things) – so, before I get started, I need to justify that slightly. The castle analogy has often been used when it comes to cybersecurity. It’s attractive – an easily understood concept of walls and layered defences, which can be visualized by a reader. Often the use of ‘walls’ is really used as a meta-physical boundary that doesn’t, in reality, exist and becomes unhelpful by promoting old-school notions of solely using ‘perimeter-based security’. The castle analogy can still be useful if not taken too literally, however there can be no true, direct comparison of cybersecurity to the physical security world of, what was a relatively short period in history. We can however learn much from the way attackers and defenders interacted and crucially, what worked. These lessons can potentially be carried into future security.

One of the first in Britain and the longest continually inhabited castle in the world – Windsor Castle.
Image: David Iliff. License: CC BY 2.5

Castles developed from around the time of the Norman Conquest of Britain in the 11th century. Defences became more or less important, depending where they were, the particular period of history and the belligerents involved in any conflict. The evolution of different castle technologies is interesting to look at from the point of view of which were subverted by some extremely capable adversaries, as well as those which were compromised primarily by guile. Castles were not impenetrable and there are some very good examples which forced their security to be improved and to develop.

Devices and castles

I tend to find myself thinking that, when it comes to the world today, particularly with a large proliferation of quite small, low-powered devices making up the Internet of Things (IoT), that we have lots of little outposts of endpoints that should be more secure, perhaps even castle-like in themselves. In some cases, maybe they should be outposts – within the sphere of protection of something greater which can provide help if needed. Devices come in many different shapes and forms – IoT extends across all business sectors and includes critical things like medical devices, automotive and space applications. They all have differing levels of security requirements and some of these are context specific to the environment they are used in.

Dynamic response and the lack of it

Many castles and fortresses were specifically built because the environment they existed in was hostile. The site itself was extremely imposing; a symbol of authority. If attacked and put under siege, the occupants were not likely to be relieved in a short space of time, but they usually had a garrison of defenders who could repel and harry attackers.

In many ways, the connected devices of today face a similar environment. The moment that a consumer product is put onto the market it faces attack – either by physical tampering and hacker reconnaissance work on the device or through the network when it connects – but unfortunately the device usually doesn’t do anything about it.

It was the hope of forces under siege in a castle that reinforcements would arrive to relieve them. Until that point though, the defenders did not just sit there – they had the ability to respond in a variety of dynamic ways, from cavalry riding forth into the local area outside the castle, through to the ability to leave under cover of darkness via a sally port to raise the alarm or to forage. In some cases, defenders were very lucky – Richard the Lionheart was injured and subsequently died from a crossbow bolt fired from the castle walls he was besieging in Châlus, France.

A well-defended castle could also continue to survive for a long-time, with its own well for water and enough supplies to be largely self-sufficient. One of the key strategic advantages of Edward I’s ring of castles around Wales was that some of them could be re-supplied from the sea and not be completely surrounded like previous castles. One such castle, at Harlech, held out for seven years during the Wars of the Roses.

Artist’s representation of Harlech Castle in the 1400s
Image source (used under fair use): http://carneycastle.com/Harlech/index.htm

Many of the devices of today come with very little protection at all. A device is fundamentally based on a printed circuit board, with some hardware chips placed on it, running software. Many of these devices run the same common operating systems which are often pre-configured to be open and not secured and work from hardware interface standards which in some cases go back to the 1970s – with no security designed-in. With this reality, a device which is available to openly buy and which is connected to the open internet is totally compromised from the start. It is akin to putting a cloth tent in an open field in enemy territory (with the door open) and with no guards, so nowhere near a castle in terms of defence!

The same devices are also entirely static – if something were to happen, they’re not able to respond, even though the problems they face are well understood and likely. They can’t survive safety-related issues or outages because they’re simply not designed to deal with the real world. Having said that, there are some connected products out there that do security well, they follow best practices and are tested properly and follow a proper product security lifecycle. Even for these devices, however, they’re very limited when it comes to being able to respond to threats themselves.

If we’re to deal with the future world, devices need to be able to dynamically respond to emergent threats in a way that can detect, respond appropriately. Doing nothing is not an option. If devices are outposts or castles, they need to be garrisoned appropriately and able to respond until help arrives.

Next blog post in the series >> 2/5 Who has access?

About the author

David Rogers is Founder and CEO at Copper Horse.

Race report: Snetterton, 14 September 2021

Top ten finish for Copper Horse Racing on Season 8 debut

Copper Horse Racing is back for another season of virtual GT3 racing organised by Apex Online Racing. Once again supporting its Secure-CAV livery, Car 59 joined the action at the third event in the calendar – Snetterton, a tight and technical track originally created from a network of runways.

Close racing: Side by side into the Montreal corner with the number 271 Ferrari of Jamie Sterritt

Moving target

To recap, our target for Season 7 was to finish top 20 in the overall standings (Tier 10) – which, thanks to the (slowly improving!) sim-racing skills of Copper Horse’s David Rogers, we managed to hit by placing 19th. Given that this time around we’re joining at race 3 and missing out on points from the first two events, our Season 8 target is going to be different – to bag a podium finish. There’s some debate in the back-room as to the likelihood of achieving this goal, but based on the trajectory of last season’s finishes – it’s not beyond the realms of possibility. Plus, we begin this season further up the learning curve in terms of car setup and race craft.

We were up against good competition in Season 7, which is the best training you can have. Looking at some of the familiar names from our Tier 10 debut, El Tigre Blanco and Justin Dawson have jumped up two tiers for Season 8. Scott Ullmann (Tier 10 champion in Season 7), Scott Cranston and Mar Coolio have gone one better and are all now racing in Tier 7. Copper Horse rejoins in Tier 10 and faces some fresh talent in the league who are very quick.

Snetterton race notes

Waiting for the green light: Secure-CAV badged Car 59 lines up 7th on the grid.

A long formation lap helped to calm the nerves and the white and green Lamborghini Huracán GT3 of Copper Horse Racing, having qualified in its highest ever position of 7th, started ahead of the main pack. The setup for this track involved stiffening the rear of the car to get extra stability and finding the right balance of rear wing for the long straights and tight hairpins.

A relatively clean start for all began an hour of hard driving amongst a group of very fast and determined competitors. The 2015 Lambo was faster than many, but on a tight circuit, it proved difficult to get past some cars. There were a couple of off-track moments whilst attempting to squeeze past opponents, losing some early places – especially while tyres came up to temperature.

Learning curve: chasing down Alen Bardet in his Porsche 911 through the infamous ‘Bomb Hole’ before he dived into the pits.

As the race settled in, the tactical battle of the mandatory pitstop began. David opted to stay out until either he hit traffic or the tyre wear started to compromise the lap times.

On lap 19, the tyres started to go off, so the car headed into the pits – choosing to not repair some minor suspension damage in order to keep the stop short. Returning to the track, battling resumed with the Ferrari 488 GT3 Evo of Jamie Sterritt until the Lamborghini found a way past on lap 22, holding its P9 position until the finish. The final part of the race involved car 59 chasing down the number 96 Mercedes-AMG of Armands Petrovics, with the gap steadily dropping. But it would have needed a couple more laps to pass, with the gap reduced to around a second at the chequered flag.

Last lap: under the bridge for the final time.

The dry conditions allowed racers to set some quick lap times, with three of the top 20 best laps being set by David Rogers, although it’s both pace and consistency that ultimately brings victory – as demonstrated by race winner Nico Urbantat in a Porsche 911 II GT3 R 2019.

Next week, organisers dial up the difficulty (and the drama!) as drivers tackle the Nürburgring in the wet.

Cars that don’t exist

Readers of previous race reports will notice that we like to introduce security topics into the blogs to shine a light on our day job. Copper Horse engages in a wide range of activities including threat modelling, policy development, training and product security testing from web applications through to device hardware.

This week, it’s interesting to note how easy – thanks to the laser-scanned track and car details – it can be to confuse in-game images with real life photos, at least from some angles. Artificial intelligence can mix things up further still – for example, in 2018 Nvidia researchers used a technique dubbed style-mixing to generate images of cars that don’t exist, yet appear real (a copy of their paper is available on arXiv).

Abraham Lincoln famously said that you can’t fool all of the people all of the time, but computers could one day push that quotation to the limit.

It also makes us wonder whether we’ll ever get some mixed reality racing in future SRO GT series. There is already a concurrent esports series to the existing real GT World Challenge, with the same drivers. Imagine a world where there are real racing drivers remotely driving real cars, fully autonomous real cars on the track, combined with virtual cars around the real track (that the real drivers on track can also see!). It is really not that far-fetched, but it is certainly going to be a very different world!

About the author

James Tyrrell is a Threat Modelling Analyst at Copper Horse.

Race report: Silverstone, 29 June 2021

Saving the best until last, car 59 finishes top 10 in the final race of the season 

After seven rounds of hard driving, the sim-racing series reached its last sessions of the season at Silverstone – a fast-paced circuit built on a former airfield. The organisers, Apex Online Racing, had set the scene for some quick lap times – treating drivers to a dry track. Albeit one with grey clouds looming large overhead, a familiar sight at the circuit. 

Season finale: drivers arrive at Silverstone for round 8.

Towards the end of qualification, a less-than-ideal setup and rival drivers seemed to turn up the wick – pushing Copper Horse Racing down to P20. However, in the race itself this turned out to be a blessing. With just a few points separating leaders in the overall classification, nobody at the front wanted to yield position and the inevitable first lap carnage that followed catapulted car 59 up the order. 

Wheels in the air: a collision in the front half of the pack on lap 1 left multiple cars out of position.

As the former leaders rejoined the track, they were anxious to overtake and chase down the vehicles that had passed them by. David Rogers in car 59 was soon put under pressure and drove well to fend off drivers dive-bombing from behind like seagulls after a bag of chips. 

Battle of the generations: Lamborghini Huracán GT3 and GT3 Evo (lime green and black) duke it out on track.

Vehicle hacking simulator 

The ever-evolving rig, based on a DOF Reality full-motion platform – now with triple screens optically stitched together by light refracting panels – has served us well throughout our first season of esports, but its main role is to support our work on automotive security. In the last two races, it has had its brake wires loosely twisted together while we perform modifications and testing on that part of the rig, somehow managing to survive 90 minutes of Imola and 60 minutes of Silverstone and all the practice in between!  

By adding real vehicle components such as an instrument cluster and after-market head unit – all integrated through a CAN-Bus and fed with rich in-game telemetry – we are able to simulate (safely) the effects of multiple automotive attacks. 

Wraparound view: refractive panels provide a continuous display by hiding the screen bezels. Also shown, is the real world instrument cluster, which responds to in-game telemetry fed via a CAN-bus.

Scenarios that can be demonstrated, include the loss of braking function, steering take-over, manipulation of the vehicle’s mileage, hi-jacking of a car’s headlights and infotainment-based attacks – to name just a few of the possibilities.  

Simulators are nothing new for automotive testing, but it’s rare to have a setup that can be used to explore and visualise the automotive threat landscape in this way. The Copper Horse vehicle hacking rig puts people in the driving seat so that they can better experience the various attack scenarios first-hand. 

Moving up the leaderboard 

At the end of the race, following penultimate lap drama ahead and a last lap, last gasp pass by Dave Bramhall – who went on to finish second in the season overall – Copper Horse Racing ended up in P9 at Silverstone, advancing 11 places from qualifying and grabbing its biggest haul of points yet. 

Seizing the opportunity: confusion between the drivers ahead allowed car 59 (in the background) to pick up another two places, although Dave Bramhall in car 92 would go on to finish in front of the white and green Huracán.

And while those points didn’t mean any prizes this time around, they did move David up to nineteenth out of 50 entrants in the leaderboard – a very respectable debut performance and worthy of the champagne that was drunk after the race. 

In Tier one, where sim-racers get to mix it with the pros, Kevin Siclari overhauled Maciej Malinowski’s lead in the championship to take the top spot. And looking at the other close races for the title, Jake Mills lost out to Ryan Rees in Tier 8, but Manuel Rutter kept his hands on the trophy in Tier 9 – staying ahead of Richard Aconley. 

Celebrating with donuts: Tier 10 champion Scott Ullmann puts on a show in his Porsche.

Participating in the online racing calendar has given us the chance to shine a light on Secure-CAV and related topics in the world of automotive security. 

Next steps in the project 

At our UK facility, Copper Horse is now engaged in the security testing phase of Secure-CAV. Here, the team is taking a ‘whitebox’ or ‘clearbox’ approach to code security review of our partners’ implementation against various standards. Alongside this, we are considering different attack patterns against interfaces and other aspects to identify potential vulnerabilities, including fuzzing – for example, probing the ability of the system to handle malformed inputs – to give just a couple of examples of the activities underway. We are doing this together with our own partners YGHT Ltd to give some logical and sensible separation from the project itself.  

On track, our plan is to be back in the driving seat for more sim racing in the Autumn.  

About the author 

James Tyrrell is a Threat Modelling Analyst at Copper Horse. 

Race report: Imola, 22 June 2021

Car 59 moves up four places in the overall standings thanks to another top 20 finish. 

Changeable weather during the race at Imola allowed the white and green Lamborghini Huracán of Copper Horse Racing to experience the circuit – described by McLaren in its track guide as ‘fast, flowing and ever so old school’ – in both the wet and the dry. Given the conditions, dialing in the right car set-ups and knowing when to change from wet tyres to slicks would be decisive. But only if car 59 survived the dice roll of the first few laps. 

That was close: Copper Horse Racing managed to avoid the spinning Aston Martin on lap 1.

As we’ve discussed – when the lights go green, drivers are still managing cold tyres and brakes, which compromise handling and bump up the chances of a collision or a spin. In the wet, the odds are greater still with much less grip off the racing line and spray from the vehicles ahead making it harder to see up the road. 

On lap 1, Copper Horse Racing’s David Rogers caught sight of El Tigre Blanco’s spinning Aston Martin V8 Vantage just in time (no doubt helped by the bold livery) to avoid a collision that would have changed car 59’s race for the worse. So far, so good, but the Lamborghini did run into some bad luck a few laps later. 

As the race settled in, the Copper Horse car lost five places – dropping from 13th – due to an unfortunate nudge from behind at the Variante Alta chicane. But the race was still on with plenty of time remaining on the clock and the possibility of changing weather sending cars off the circuit. The speedy Variante Villeneuve sequence of corners took its fair share of victims and drivers struggled to maintain complete consistency while racing hard. 

Affecting the algorithm 

Water droplets on the windshield: some real-world vehicles employ artificial intelligence to automatically activate their windscreen wipers.

Watching the rain on the Huracán’s windshield popped a thought in my head to mention some of the work presented in the automotive space on adversarial machine learning. In 2019, researchers in China showed that rain-activated windscreen wipers (enabled by a neural network fed with data from front-facing cameras) could be fooled by so-called ‘Worley noise’ – a function used in computer graphics to generate textures such as smooth stone or water.  

Heading into the pits during qualification: car 59 is careful to obey the speed limit.

Algorithms used to read road signs have been shown to be vulnerable too, misreading speed limits when researchers applied small details to existing signs or re-printed the original design with a computer-generated version (video showing proof of concept). In both cases, the modifications made would be hard for a human driver to detect. 

The more that we rely on algorithms to see the world for us, the better our defences against such attacks will need to be.  

At the Imola circuit though, it was back to basics with no road traffic signs to worry about and a single speed limit of 50 km/h to obey in the pit lane.  

Out on track, drivers were focused on going as fast as they could – a task that became easier when the rain lifted about 30 minutes into the race.  

Bumper to bumper: competitive racing between Justin Dawson and Marc André Stoltenberg in the leading pack.

As soon as the rain stopped, car 59 dived into the pits. The majority of the pack opted to stay out and wait for the track to warm up and dry out. Putting on dry tyres early was a risk as low pressures from the cold circuit might have made the car undriveable. However, there was a dry line – putting the gamble of an undercut on the other drivers in the frame.  

Making the dry line work: stopping early for slick tyres paid off as long as you could pick the right path.

A couple of laps of struggling to warm up the tyres gave us a clear track and better placing. The gamble had worked – for now. Battles began against faster backmarkers – who could be aggressive and prone to leaving the circuit, so careful avoidance tactics were necessary, even towards the end. 

Eyes on the road: avoiding the backmarker antics ahead

Elsewhere in the race, first lap spinner Blanco was driving well to climb back up the order. The pink Aston Martin eventually appeared in car 59’s mirrors and overtook the white and green Lamborghini to finish P12.  

Sighting the car ahead: Giles Harding in the orange Aston Martin V8 Vantage would put the Lamborghini under pressure late in the race after being passed at an incident towards the Piratella corner earlier in the race.

Giles Harding of Wales was doing his best to pressure Copper Horse Racing with some bold late braking at the end of Imola’s faster sections. But the driver, who placed top 10 in the wet at both Donington (race #2) and Bathurst Mount Panorama (race #5), couldn’t make any of the moves stick and had to settle for P17 at Imola.  

Fuel Management 

Another concern, aside from the close competition, was how much fuel was left in the tank. Following the change to dry tyres and a switch up to the fastest ECU and throttle map, the rapid increase in consumption was too high to make it to the end. Crew Chief did its best to put on a reassuring voice, but we had to switch to a lower speed map for the second half of the race in order to conserve fuel and save time by avoiding a second pit stop.

Warning sign: there was a bit of fuel drama to contend with in the final phase.

With 8 minutes to go on the clock and 5 minutes excess fuel left in the tank, we were confident to switch to a more aggressive mapping. Regardless, we still had to finish potentially a full lap after the end of the race time once the leader had passed the finish line – so it was going to be close.  

The ‘low fuel pressure’ warning that appeared on the dash added to the tension. But, in the end, car 59 did make it and completed proceedings with a little under 3 litres of fuel to spare, which is probably loads in Formula 1 terms (where teams need to leave an extra litre for sampling), but felt like a close call nonetheless.  

In another exciting race, Copper Horse Racing grabbed its third top 20 finish in a row – a solid 16th place out of the 30 starters. 

One race to go 

Apex Online Racing has served up a great calendar of events and its GT3 series attracts not just aspiring esports racers, but also professionals such as Luke Whitehead who competes in Tier 1. We’d definitely recommend taking part in future seasons if you are tempted to give sim racing a go and willing to put in the practice. 

Next week, the series draws to a close at Silverstone with plenty still to be decided. At the top of the table in Tier 1, Maciej Malinowski and Kevin Siclari are separated by just 15 points. Further down the league in Tier 7, it’s even closer with Ondrej Kuchar just 11 points ahead of Mert Sevinc. But keep looking and you’ll notice that in Tiers 8, 9 and 10 the difference is just 8 points! Can Jake Mills, Manuel Rutter and Dave Bramhall keep their current top spots or will a rival beat them to it? 

We’ll bring you the results next week and you can follow us on Twitter for news on any future racing adventures. Plus, our final race of Season 7 will be streamed live on Twitch (Tuesday 29 June, from 19:30 UK time).  

Talking automotive security

By following the channel you’ll also be able to tune into our upcoming virtual events during Mobile World Congress 2021, with the first in our series of Secure-CAV road trips starting on Monday at 08:30 BST and running through the week. 

Heading to Barcelona in the Secure-CAV truck in Euro Truck Simulator 2: join us on the journey via Twitch as we discuss automotive security during Mobile World Congress (28th June – 1st July, 2021)

About the author 

James Tyrrell is a Threat Modelling Analyst at Copper Horse. 

Race report: Circuit Zolder, 15 June 2021

Nothing unlucky about finishing P13 at Zolder. A strong race in Belgium sees Copper Horse Racing move up two places in the overall standings.

Car 59 had performed well at two practice races held over the weekend at Circuit Zolder – a track opened in 1963 and designed by John Hugenholtz of Suzuka fame – so, on paper, things were looking promising. The challenge would be executing on race day, when emotions can run high. 

Close up: car 59 badged with logos, which include all Secure-CAV partners

Dry conditions for both race and qualification set the scene for some fast track times and close racing, with drivers able to push hard and focus their energy on battling each other on-track. In terms of passing, the main overtaking opportunities are at the first corner and coming into the last chicane – at least according to former DTM driver Robin Frijns

In qualifying, there were plenty of sector highlights for the white and green 2015 Lamborghini Huracan GT3, but some swift laps by the other competitors pushed Copper Horse Racing down to P24 on the timing screen, with nearly the entire field lapping within three seconds of each other. 

Race day  

As we know from previous races, cold tyres and brakes make the first two laps potentially treacherous for all on circuit. However, car 59 dodged any early tangles despite being tapped from behind and, one lap later, oversteering off-circuit when a rear-tyre touched the grass. All wheels back on track, Copper Horse Racing began its march up the order pulling a nice overtake on last week’s winner El Tigre Blanco. However, it wasn’t long before the hot pink Aston Martin V8 Vantage had re-passed – a battle that would have to wait for another day. 

Back in front: last week’s winner El Tigre Blanco retakes the position

But there was still plenty to play for and clean and consistent driving meant that Copper Horse Racing was well placed at the halfway point. And, for the first time since the Barcelona race, could make its own call on when to take the mandatory pitstop rather than having the decision forced through mechanical damage. 

Everything connected… 

Watching the cars go around the circuit, it’s clear that Zolder has some interesting scenery – particularly the wind turbines. In previous posts, we’ve mentioned cyber security threats to vehicles, where the attack surface grows as developers add connectivity to their products. The same holds true for operational technology powering industrial systems such as electricity generators and water treatment plants. There are lots of benefits to being able to monitor components remotely such as improved maintenance scheduling, but the methods of protection have to adapt to the change as physical security alone is no longer sufficient to deter bad actors.  

Scenic view: some of the sights at Zolder

With everything becoming connected as part of the ‘Internet of Things’ (IoT) these days, attention is finally turning to the amount of legacy that exists within systems. Protocols in use often originate in the 1970s and have no ability for authentication or to provide integrity protection for the data going across them. Add to that the fact that the hardware and software has not been designed for security and rarely gets updated and you have all the jigsaw pieces for a security (and safety) nightmare.  

Industry and governments are in a race to improve cybersecurity in all the different ‘verticals’ whether it be automotive, industrial, or consumer IoT and there’ll have to be a lot of work to either replace or monitor the legacy insecure equipment and services that are left behind. 

McLaren versus Lamborghini: there were some great battles to watch as race 6 unfolded

Returning to the on-track action, Car 59 spent the final phase of the race behind Dutch driver Teis Hertgers, in a McLaren, trying to open up an over-taking opportunity. And with the pressure of the race-clock ticking, David Rogers made his move – at turn 1 where the Lamborghini was quicker. The move didn’t come off and David lost a little time; the battle now turning to the Ferrari 488 of Ulmer Gallium who loomed large in the Lamborghini’s mirrors. This time it was Gallium who over-pressured, making a pass before the first chicane, but overshooting into the sand, giving back the number 13 position to car 59. 

Before: dry conditions allowed drivers to push hard
After: a nice chance to take in the amazing livery on Ulmer Gallium’s Ferrari 488

With 60 minutes around Zolder complete, the series had a new race winner – P1 qualifier Mar Coolio of Finland. Scott Ullmann, who came third in the last race at Mount Panorama, went one better this week to take second. And Scott Cranston, who had placed well earlier in the season at Donington and in Barcelona, completed the podium in third. 

Race winner: Mar Coolio crosses the line in a McLaren 720S

Next up is Imola for the penultimate race of season 7. You can follow the action live on Tuesday the 22nd of June by tuning into Twitch from 19:30 hrs, UK time. See you then! 

About the author 

James Tyrrell is a threat modelling analyst at Copper Horse.

Race report: Bathurst Mount Panorama, 8 June 2021

Heartbreak avoided as a strong drive by car 59 recovers all but one of the 13 places dropped in first lap chaos on the mountain. 

Changeable weather meant that drivers had to know their setups inside out to make progress at Bathurst Mount Panorama – a 6 km ‘scenic drive’ with no shortage of excitement. Put a foot wrong on the mountain section, which includes a string of tough turns such as ‘The Esses’ and ‘The Dipper’, and it can easily be game over with barriers either side of the track leaving little margin for error. 

Keeping it tight: drivers had to observe close barriers on the mountain section

The YouTube video below illustrates just how bizarre some of the crashes have been at the real-life Bathurst circuit – in this example from 2020, the car (also a GT3 Lamborghini) comes to rest on a fence! 

Lamborghini on the barriers: if you hadn’t seen it, you wouldn’t have believed it

In qualifying, Copper Horse Racing placed a very encouraging P17, before becoming derailed by a slow car rejoining the track towards the end of the session. Back in the pits, we’d prepared a number of race setups as it was forecast to rain. It wasn’t certain as to whether the race would be dry, fully wet or changeable. As it turned out, the race ‘weekend’ gave us heavy rain for the race itself. 

First lap chaos in the wet: car 59 did its best to navigate crashes on the left and right of the track

Within seconds of the lights going green, multiple incidents and cars littered the mountain, leading to an unavoidable crash and damage which sent car 59 tumbling down the order to P30 and forced the strategy into taking a very early pitstop. On the up side, this had the benefit of clearing a stop-go penalty from the previous race imposed by the stewards and also dealt with the mandatory tyre change, meaning that we could stay out for the remainder of the race.  

Voice activated

Many, if not all, of the sim racers taking part are using Crew Chief – an outstanding app that plays dual roles of spotter and race engineer, providing words of wisdom throughout every session. What’s more, the communication is two-way and Crew Chief can be programmed to listen out for instructions – for example, to prepare a set of tyres ahead of a pitstop. 

Battered but not broken: an unavoidable collision on lap one forced an early pitstop for car 59

Voice assistants can be found in real cars too – for example, to program heating or cooling in the cabin, change the volume on the radio, adjust the ambient lighting, set a destination for the Sat-Nav and even to activate a back massage. As well as bespoke offerings, vehicle OEMs are teaming up with tech giants such as Amazon and Apple, integrating ‘Alexa’ and ‘Siri’ into their products. Also, recent versions of Android Auto, which is reportedly available for over 50 different brands of vehicle, feature ‘Google Assistant’. 

But inviting microphones into the cockpit could have its downside. In 2010, researchers at the Universities of Washington and California San Diego pointed out that telematics units in vehicles could provide a path for bad actors to capture audio from the vehicle. In 2020, the paper – which explores a wide range of threats to a modern automobile – was given a ‘Test of time’ award from the IEEE; recognising the momentum that the study has added to the field of automotive cybersecurity. 

As you might have gathered from the first blog post in this series, the rig that’s used to compete in the Apex Online Racing GT3 Season 7 league functions as a vehicle hacking simulator outside of races. The setup can be configured to recreate numerous automotive cyber-attacks, including some of those first mentioned in the 2010 study, and follows from our activities within Secure-CAV

Back on track

At Bathurst, the white Lamborghini  drove a lonely few laps, with a clear track to pull its way back into contention after its early pitstop. The hot stint helped Copper Horse Racing to reel in drivers who were struggling ahead and positions were gained too as competitors took their mandatory single pitstop. 

Lonely laps: the middle section of the race felt like a hot stint

On the last lap of the race, a chance emerged to take 17th place from the car in front after a mistake on the mountain. Coming up to the last corner, as the race ticked out its final seconds, a successful do or die overtake would have restored car 59 to its qualifying position, however it just wasn’t to be. But there were no complaints from the team (or Jim, our vocal engineer in Crew Chief) with the P18 finish – the best race result so far for David Rogers in the series. 

Gotta go for it: Copper Horse Racing was on a mission to recover all of the places lost from the early crash and almost made it back to P17

On the top spot, with their first visit to the podium, was El Tigre Blanco who had shown they could be quick over a lap in qualifying. Dave Bramhall bested his familiar P3 by one to finish second and Scott Ullmann took third. A special mention in the blog also goes to Philippe Riehl of France who gained a monster 19 places to finish P9. 

See you at the next race (Tue 14 Jun, from 19:30 UK time) which takes place over Belgium’s Zolder circuit. And remember you can tune into the fun as we’ll be streaming live on Twitch.  

About the author 

James Tyrrell is a Threat Modelling Analyst at Copper Horse. 

Race report: Laguna Seca Raceway, 25 May 2021

Bruised and battered on a dark night in central California, car 59 refuses to give up and comes home P27. 

Race 4 got off to a cautious start as drivers were reminded by race officials to obey the white lines and know where to bail out when things go wrong. Laguna Seca Raceway, a circuit built around a dry lake bed and completed in 1957, contains one of the most demanding sequence of turns on the calendar. Known as ‘the corkscrew’, the challenging left, right, left chain of corners drops vehicles the equivalent of 10 stories over a track distance of just 450ft (137m) – a combination that has a cruel habit of spitting cars into the barriers. For drivers, add to this – the sand around the track which can spin a car with the slightest touch of a rear wheel and over 30 cars all fighting for position within a tight circuit which can be lapped in less than 85 seconds. 

Taking the plunge down the steep corkscrew

So, would the corkscrew throw drivers off course? You betcha! And if the track wasn’t already challenging enough, series organisers Apex Online Racing had decided to dial up the difficulty another notch by running the race under night conditions.   

A dark and difficult race

Navigating the track successfully under a pitch-black sky is helped by the powerful headlights on the GT3 cars. The same goes for drivers on normal roads finding their way on an otherwise unlit part of their journey. But what would happen if the headlights failed? It’s a scenario that we consider on our vehicle-hacking simulator, which demonstrates — in a safe and controlled environment — what it would be like to drive a car or truck that is experiencing a cyber-attack. We can tell you from experience that the lights going out unexpectedly, at speed, is a truly terrifying experience, even in a simulator. 

Threat modelling and cyber-security management 

Automotive cybersecurity standards and regulations such as ISO 21434 (Road vehicles – Cybersecurity engineering) and UN Regulation No. 155 (Uniform provisions concerning the approval of vehicles with regards to cyber security and cyber security management system) provide frameworks for vehicle manufacturers to consider such threats.  

Browsing these documents, you’ll notice that one of the worked examples (in Annex G of ISO 21434) explores potential attack paths that could lead to a loss of road illumination during night driving and the vulnerability management employed to manage them. 

The Lamborghini headlights piercing the night

Thankfully, both headlights on the Copper Horse liveried Lamborghini Huracan were fully operational during race 4. In pre-race practice, a good setup of the car from its aerodynamics through to tyre pressures, showed that swift lap times could be achieved by Copper Horse Racing, with the car 6th fastest. The short and tight circuit meant that qualifying ‘flying laps’ were impacted by traffic and by the end of the 15 minute qualifying session Copper Horse’s Lamborghini was 22nd on the grid of 31 cars.  

In the race itself, not everything ran so smoothly as early collisions (with other cars and barriers) meant that car 59 had to make its way to the pits twice to repair mechanical damage costing precious time.  

Glowing brakes as Copper Horse Racing’s David Rogers rounds T11 into the home straight

It was a test of mental resilience to stay the course of the race, and given the hurdles, surviving the 60 minute race was somewhat bittersweet given what could have been. The championship points gained, although small, could prove important when the series concludes on 29th June at Silverstone. 

Fireworks mark the end of a tough race which could have been so different

Mid-season review 

With four races done, we’re now halfway through the series with Copper Horse lead driver David Rogers currently 31st out of 46 entrants in the Tier 10 overall standings. At the top of the table is UK racer Dave Bramhall, who bagged another P3 finish – his fourth in four races! Scott Ullmann is in second, finally making it onto the podium after getting close in each of the previous races. And in third spot is Justin Dawson whose points took a hit after placing P36 in race one, but he’s on a mission to make up for it – scoring three P1 finishes in a row. 

Porsches dominated at Laguna Seca; Justin Dawson in car 12 leads from Scott Ullman in 222

Drivers have a fortnight in which to recharge before the next race on 8 June 2021 at the Bathurst Mount Panorama circuit in Australia. The weather conditions are not looking good… 

We were able to successfully broadcast the race from Laguna Seca live, so will continue this for the next race. If you fancy watching then check out drogersuk on twitch from 19:30 UK time. See you then! 

About the author 

James Tyrrell is a Threat Modelling Analyst at Copper Horse.