Combining Future Automotive Security with eSports

David Rogers explains the launch of something completely different for Copper Horse and why it isn’t.. well completely different.

During the 2020 lockdown, our company was busy in the early stages of an InnovateUK project called Secure-CAV, together with our partners from Siemens, the Universities of Coventry and Southampton. The project is looking at how to secure the Connected and Autonomous Vehicles (CAVs) of the future, particularly at the lowest levels of the technology stack.

Using our experience in the mobile and IoT security space and particularly in hacking and securing hardware-level systems we have been working on a range of activities from real-world threat modelling through to dismantling and reverse engineering the hacking equipment used by criminals seeking to exploit vehicles in various different ways.

We had to adapt our ways of working such that we duplicated some of our equipment setups across the different partners and found new ways to collaborate. We also had access to some real vehicles which has helped us along the way.

One of the things that we wanted to do from early in the project was to be able to allow people to experience what it was like to be in a vehicle that was actively being hacked. Short of bringing people to test tracks and signing lots of insurance waivers, there aren’t many ways that this can be achieved. What we have done is to build a vehicle hacking simulator, which we’ve been able to feed telemetry from various simulators into to provide a ‘real’ physical experience. We’ll be talking a lot more about this in future blogs, but for now I want to tell you about something that came out of that work.

I have long been a big fan of different kinds of motor racing whether it be hill-climbing at Shelsley Walsh or Rallycross at Croft Circuit, so like many others during the various lockdowns, I decided to take up sim racing. This is a huge and passionate community and many of the real world racing teams are active in this esports world. Drivers including Rubens Barrichello, Jenson Button and George Russell are active sim racers. Whilst this is just the start of my journey, it is really enjoyable and it is nice to be able to compete in such a great community of people from around the world. There are some incredibly skilled drivers out there that would give some of the world’s best real-world drivers a run for their money.

With our Copper Horse Racing Team, I have begun competing in the Apex Online Racing Assetto Corsa Competizione GT3 Racing League, driving a Lamborghini Huracan GT3. We are competing in Tier 10 of the league – the Tier 1 and 2 races are broadcast each week online, with commentary.

Our car displays the logos of all our Secure-CAV project partners as well as You Gotta Hack That, not forgetting That Media Group for our fantastic vehicle livery.

Car Number 59 – the Copper Horse Racing Lamborghini Huracan GT3

For the simulator itself, we’re running a DoF Reality P3 motion rig, an entry-level setup of G29 wheel and pedals and triple 31″ screens supported by the lesser-spotted Nvidia GeForce 3070 video card. We’ll do a proper walkthrough of the rig in another blog as we have a very special and interesting setup.

Our first race took place last Tuesday (the 4th of May 2021). I have to be honest, it was pretty nerve racking. The lap times were fast and the action was hot at the Circuit Paul Ricard in France.

A close finish at Circuit Paul Ricard

I managed to drive a clean race without damage (despite there being absolute carnage at turns 1 and 2 which will surprise no-one in the sim racing community!) and finished 28th, which I’ll take for a first race on a track that the Lamborghini was never going to be a fan of.

Passing an injured Aston Martin at Circuit Paul Ricard

Race 2 will take place tonight (the 11th of May 2021) and is at a very wet and rainy Donington Park in the UK, for all the different drivers, ranking through Tiers 2-10. You can see last night’s elite Tier 1 race below:

Tier 1 Donington Park Race

Drivers are able to get practice sessions in to try the conditions as well as a couple of practice races. The conditions are tough for this race – 100% wet and a very tight circuit which means passing (and allowing cars through on blue flags) can be quite difficult. What I’ve been rapidly learning over the past week is that the right setups can drastrically improve laptimes. You can watch live on my Twitch stream here from 7.30pm BST: https://www.twitch.tv/drogersuk

The full race calendar can be found at: https://apexonline.racing/league/19#calendar

A hard fought evaluation race at Spa-Fracorchamps, Belgium

I’m looking forward to tonight’s race and the rest of the season, whatever happens! I hope you’ll join us on this journey over the next few months as we explain what we’re doing on future automotive security and take our car hacking rig on what should be an incredible journey!

Automotive threat modelling: off-the-shelf solutions

Copper Horse’s automotive cybersecurity posts, including Automotive threat modelling: off-the-shelf solutions, can now be found on the Secure-CAV microsite.

Secure-CAV is an ambitious collaborative project that aims to improve the safety and security of tomorrow’s connected and autonomous vehicles through a combination of cybersecurity monitoring, hardware solutions, machine learning and functional demonstrators.

About the author

James Tyrrell is a Threat Modelling Analyst at Copper Horse.

Threat modelling connected and autonomous vehicle cybersecurity: an overview of available tools

Copper Horse’s automotive cybersecurity posts, including Threat modelling connected and autonomous vehicle cybersecurity: an overview of available tools, can now be found on the Secure-CAV microsite.

Secure-CAV is an ambitious collaborative project that aims to improve the safety and security of tomorrow’s connected and autonomous vehicles through a combination of cybersecurity monitoring, hardware solutions, machine learning and functional demonstrators.

About the author

James Tyrrell is a Threat Modelling Analyst at Copper Horse.

Computers on wheels and networks in the fast lane

Copper Horse’s automotive cybersecurity posts, including Computers on wheels and networks in the fast lane, can now be found on the Secure-CAV microsite.

Secure-CAV is an ambitious collaborative project that aims to improve the safety and security of tomorrow’s connected and autonomous vehicles through a combination of cybersecurity monitoring, hardware solutions, machine learning and functional demonstrators.

About the author

James Tyrrell is a Threat Modelling Analyst at Copper Horse.

Copper Horse and Arm launch white paper on IoT security by design

“If you’re looking to deploy IoT, you need to do it right from the start and you need to think about what happens with that product throughout its lifetime, until you sunset it,” David Rogers MBE – founder of Copper Horse and author of the UK’s Code of Practice for Consumer IoT Security – told listeners at yesterday’s launch webinar (available to watch on-demand). “That means working with suppliers and partners who you can trust will take the right approach to security and platforms.”

Arm commissioned Copper Horse to offer an impartial guide to IoT security by design, and the 19 page white paper guides readers on how to appropriately and securely manage solutions at scale.

“If you’re deploying IoT in any kind of environment – for example, consumer, automotive, agricultural, industrial or medical, you need to consider security from the beginning,” David reiterates. “Regulation is coming so it can’t be ignored.”

Topics covered in the briefing include: the threat landscape; future regulation; software updates and device management; public key infrastructure (PKI); end-of-life and decommissioning; and a reminder on identifying and eliminating bad practices.

Full details can be found at – https://learn.arm.com/securingiotbydesign.html.

Vehicle Communications and the Road to Driverless Automotive

Copper Horse’s Development Lead, Mark Neve discusses technology being deployed in the vehicle comms space.

 

The car of tomorrow is going to be communicating with many different things and not just for passenger entertainment. The field of Vehicle-to-“X” communications is growing considerably. The X can mean Vehicle-to-Vehicle (known as V2V) or Vehicle-to-Infrastructure (V2I) and even V2P – Vehicle to Pedestrian or V2B – Vehicle to Bike, with many different applications within. The opportunities to improve road safety are enormous but the security and safety implications of getting it wrong are equally as important. This is something that we’re looking at as a company and we’ve already trained vehicle OEMs on our IoT Foundations of Security training course which will be running again soon.

 

 

So how do vehicles communicate with their surrounding environment and how does new technology assists the driver in keeping control of the vehicle? This not only affects current human driven vehicles but also the drive towards fully autonomous vehicles with Alphabet company Waymo planning to have 20,000 self-driving vehicles on the road by 2020. The government statistics for casualties on UK roads for 2016 state that 448 pedestrians were killed and more than 23,000 were injured on our roads. If vehicles can assist the driver in avoiding obstacles, or reduce the collision speed, they can possibly lead to a reduction in deaths and injuries on our roads.

 

Let’s look at some of the technology emerging on cars which shows the evolving path towards full V2x communications:

 

Independent Autonomous Braking

Autonomous Emergency Braking (AEB) works in conjunction with vehicle mounted sensors and cameras which are used to detect obstacles and if needed, apply the brakes. According to Thatcham Research, 8 of the top 10 selling cars in the UK offer AEB, with 50% of vehicles fitting at standard.

 

Image source

 

Drivers have experienced issues with this type of technology and an article in UK newspaper the  Plymouth Herald in October 2017 highlighted problems with a Volkswagen Tiguan where the “Front Assist” system may mistake high roadside hedges as an obstacle and brake sharply. This behaviour could lead to accidents if drivers in following vehicles do not see the same hazard and react more slowly in applying their brakes.

 

V2V for Emergency Vehicles

Emergency Vehicle Approaching warning systems are currently being trialled. Trying to locate the source of a siren can be difficult and can slow the progress of the emergency vehicle, costing precious time.  Warning systems being trialled allow the emergency vehicle to report its location and direction when it is approaching other vehicles on the road, allowing them extra time to create space for the emergency vehicle. This solution is further being developed so that emergency vehicles can be given priority at traffic lights, turning the lights green as they approach.

 

V2V Platooning

In the US, several companies such as Volvo, Daimler and Tesla are testing Platooning, the coordinated operation of two or more vehicles. The lead vehicle wirelessly communicates its speed, distance, brake status and information about any obstacle. Platoon vehicles use another V2V technology: cooperative adaptive cruise control (CACC) – a feature which monitors the speed of the vehicle ahead and adjusts its own speed to maintain a safe distance. Platooning could improve fuel economy by reducing drag as well as reducing accidents through safer following distances and instant notification of emergency braking.

 

V2I for Traffic Lights

Audi US and Traffic Technology Services (TTS)  have launched a vehicle to infrastructure (V2I) service which communicates with traffic lights and informs the driver how long before their lights turn green.

Image source

 

The vehicle communicates with the lights using a built-in LTE connection, communicating through an Audi connect PRIME feature called Traffic Light Information (TLI). This system is currently on trial in Las Vegas and has been rolled out to other cities across the US including Dallas, Denver, Houston, Palo Alto and Washington DC supporting signals for more than 1,600 intersections.

 

V2P

Vehicle to pedestrian (V2P) technology is under development by vehicle manufacturers using DSRC (Dedicated Short Range Communication) technology built into both vehicles and the smartphones of pedestrians, notifying the vehicle of the speed and direction of pedestrians and alerting drivers to a hazard. There are several other V2P technologies currently under development, the US Department of Transportation keep a publicly available excel “database” of current V2P technologies here .

 

V2B

Vehicle to bike (V2B) technology is a more of a problem to implement as cyclists sometime behave like pedestrians and at times like cars making it much more difficult to track their movement. Proximity sensors can detect cyclists in certain areas around the vehicle but there are still many blind spots. One solution that is currently being suggested is bicycles with a beacon attached to communicate with other vehicles on the road although this idea has been met with scepticism by some of the biking community, with them suggesting that pedestrians and wild animals will also need a beacon.

 

 

Driverless Vehicles and Accidents

Vehicle technology continues to evolve very quickly with the move towards driverless cars. The Google self-driving project, Waymo has now clocked up over 5 million self-driven miles, although the vehicle is being constantly monitored by a driver, who should be ready to take control if the self-drive systems fail as they did in 2016.

 

There have been numerous stories in the news highlighting accidents involving autonomous vehicles. A study commissioned by Google and carried out by the Virginia Tech Transportation Institute concluded that the US national crash rate is 4.2 accidents per million miles and 3.2 accidents per million for self-driving cars. There is a lack of data currently available due to the lack of self-driving vehicles, however many countries have plans to test self-driving cars on their roads over the next few years.

 

In March 2018 it was reported that an Uber car being tested in Tempe, Arizona struck Elaine Herzberg who was crossing a road while carrying a bike. She was transferred to hospital but later died of her injuries. At the time of this blog, Uber are yet to release their full report, so all the evidence isn’t currently available. There have been some articles highlighting how Uber scaled back their LIDAR sensors from seven sensors to one 360-degree sensor when they replaced the Ford Fusion vehicle with the Volvo XC90. The internal camera shows how the vehicle minder sitting in the driver’s seat was distracted for around 5 seconds prior to the crash; the former may have played a role in the inability to detect the pedestrian.

 

Where are we going?

It’s clear that there’s still much research and development to be done prior to fully-autonomous vehicles being allowed to share the highways with human driven vehicles. While not yet at the level required, systems which aid drivers could both help to reduce accidents and help test out safety technology critical to fully-autonomous vehicles. The more connected vehicles are to their surroundings correlates with the chance of avoiding obstacles. When we do see self-driving vehicles on our roads, it will be interesting to see the interaction with the human drivers and how human attackers may target these systems to exploit them for various purposes, but that’s a story for the future.