Upstream Security secures $9 million to advance cloud-based connected car security

Upstream Security has secured $ 9 million in series A funding to advance its cloud-based cybersecurity platform for connected cars and self-driving vehicles, after securing $ 2 million in a seed funding round in June.

According to the company, the fresh amount will be utilised for expanding its R&D programme, strengthening research teams in the engineering and security divisions and opening marketing and sales offices in the US and Europe.

The funding was led by CRV (Charles River Ventures) and included expanded investments from Glilot Capital Partners and Maniv Mobility.

Izhar Armony, general partner at CRV, said: “Connected and semi-autonomous cars are already a reality, so it’s a matter of ‘when’ not ‘if’ these self-driving technologies will be deployed at scale. Upstream’s engineers were the first to solve how to protect connected cars and autonomous vehicles using the cloud, crucial for near-term and future deployment of automotive cybersecurity at the fleet level.

"We believe in Upstream’s groundbreaking approach to secure connected and autonomous vehicles and in the abilities of cybersecurity veterans, Yoav Levy and Yonatan Appel, to build a rapidly growing business in this hot, emerging space.”

Talking about the increasing security threats in the connected car industry, Upstream CEO and cofounder Levy commented: “Security solutions for the car are undergoing rapid advances at an unprecedented rate. We’re using emerging technologies like AI and machine learning to carry out an evolutionary leap in cybersecurity for passenger and commercial vehicles.”

It’s not the only money going into this space of late. Earlier this month, Canada-based connected vehicle startup Mojio secured $ 30 million in Series B funding, which will be utilised by the company to expedite its connected-vehicle solution and for global expansion.

iottechnews.com: Latest from the homepage

NXP and Alibaba Cloud Announce Strategic Partnership for Edge Computing and IoT Security

NXP and Alibaba Cloud Announce Strategic Partnership for Edge Computing and IoT Security

NXP and Alibaba Cloud Announce Strategic Partnership for Edge Computing and IoT Security

NXP Semiconductors today announced a strategic partnership with Alibaba Cloud, the cloud computing and business unit of Alibaba Group.

The two companies are working together to enable development of secure smart devices for edge computing applications and have plans to further develop solutions for the Internet of Things (IoT).

As part of the partnership, AliOS Things, the Alibaba IoT operating system has been integrated onto NXP applications processors, microcontroller chips, and Layerscape multicore processors. Both NXP’s i.MX and Layerscape processors are currently the only embedded systems on the market using the Alibaba Cloud TEE OS platform. The new solution benefits various markets including automotive, smart retail and smart home. And it is currently being applied in applications such as automotive entertainment and infotainment systems, QR code payment scanning applications and smart home speakers.

Li Zheng, NXP global senior vice president and President of Greater China, said:

“As the leader of IoT innovation in China, Alibaba Cloud has launched a range of IoT basic and content services to support the demands of cloud computing, big data, AI [artificial intelligence], cloud integration and security. Alibaba Cloud IoT kit has launched more than 200 categories, with a total of more than 10 million sets of sales.”

“Our partnership with Alibaba Cloud will promote the continuous and steady expansion of NXP’s technological advantages for edge computing and IoT security, and will support the long-term and secure development of China’s IoT ecosystem.”

“We share the same vision as NXP on providing advanced and secure IoT solutions for an ‘everything connected’ world,” said Ku Wei, General Manager of IoT of Alibaba Cloud. “Based on the integration of AliOS Things with NXP’s applications processors and microcontroller chips, our comprehensive solution will better serve the development of China’s local commercial and manufacturing industries.”

With the deep partnership between NXP and Alibaba Cloud Link in the field of IoT security, NXP has become a council member of the ICA IoT Connectivity Alliance. In the future. The two companies plan to jointly develop solutions to support application development in different fields including smart manufacturing and smart city.

The ‘Annual Report of China IoT Development 2015-2016’ predicts that the amount of equipment connected to IoT globally will reach 20-50 billion by 2020, with 80 percent of that equipment in China. NXP’s robust product portfolio covers offering from the edge node to gateway and comprehensive cloud IoT solutions. NXP’s products are widely used in smart homes, smart cities, smart transportation, and secure connectivity.

In China, NXP combines outstanding enterprises in upstream and downstream industries, working together with industry leaders for the safe, connected, sustainable development and motivation for innovation of IoT.

The post NXP and Alibaba Cloud Announce Strategic Partnership for Edge Computing and IoT Security appeared first on IoT Business News.

IoT Business News

Face authentication and the future of security

Apple’s iPhone X has given us a glimpse into the future of personal data security. By 2020 we’ll see billions of smart devices being used as mobile face authentication systems, albeit with varying degrees of security. The stuff of science fiction for years, face recognition will surpass other legacy biometric login solutions,such as fingerprint and iris scans, because of a new generation of AI-driven algorithms, says Kevin Alan Tussy, CEO of FaceTec.

The face recognition space had never received more attention than after the launch of Face ID, but with the internet now home to dozens of spoof videos fooling Face ID with twins, relatives and even olives for eyes, the expensive hardware solution has left many questioning if this is just another missed opportunity to replace passwords.

Face Recognition is a biometric method of identifying an authorised user by comparing the user’s face to the biometric data stored in the original enrolment. Once a positive match is made and the user’s liveness is confirmed the system grants account access.

A step up in security, Face Authentication (Identification + Liveness Detection), offers important and distinct security benefits: no PIN or password memorisation is required, there is no shared secret that can be stolen from a server, and the certainty the correct user is logging in is very high.

Apple’s embrace of Face ID has elevated face recognition into the public consciousness, and when compared to mobile fingerprint recognition, face recognition is far superior in terms of accuracy. According to Apple, their new face scanning technology is 20-times more secure than the fingerprint recognition currently used in the iPhone 8 (Touch ID) and Samsung S8. Using your face to unlock your phone is, of course, a great step forward, but is that all a face biometric can do? Not by a long shot.

While the goal of every new biometric has been to replace passwords, none have succeeded because most rely on special hardware that lacks liveness detection. Liveness detection, the key attribute of Authentication, verifies the correct user is actually present and alive at the time of login.

True 3D face authentication requires: identity verification plus depth sensing plus liveness detection. This means photos or videos cannot spoof the system, nor animated images like those created by CrazyTalk; and even 3D representations of a user like projections on foam heads, custom masks, and wax figures are rebuffed.

With the average price of a smartphone hovering around £150 (€170.58), expensive hardware-based solutions, no matter how good they get, won’t ever see widespread adoption. For a face authentication solution to be universally adopted it must be a 100% software solution that runs on the billions of devices with standard cameras that are already in use, and it must be be more secure than current legacy options (like fingerprint and 2D face).

A software solution like ZoOm from FaceTec can be quickly and easily integrated into nearly any app on just about any existing smart device. ZoOm can be deployed to millions of mobile users literally overnight, and provides […]

The post Face authentication and the future of security appeared first on IoT Now – How to run an IoT enabled business.

Blogs – IoT Now – How to run an IoT enabled business

MANRS, Routing Security, and the Brazilian ISP Community

Last week, I presented MANRS to the IX.BR community. My presentation was part of a bigger theme – the launch of an ambitious program in Brazil to make the Internet safer.

While there are many threats to the Internet that must be mitigated, one common point and a challenge for many of them is that the efficacy of the approaches relies on collaboration between independent and sometimes competing parties. And, therefore, finding ways to incentivize and reward such collaboration is at the core of the solutions.

MANRS tries to do that by increasing the transparency of a network operator’s security posture and its commitment to a more secure and resilient Internet. Subsequently, the operator can leverage its increased security posture, signaling it to potential customers and thus differentiating from their competitors.

MANRS also helps build a community of security-minded operators with a common purpose – an important factor that improves accountability, facilitates better peering relationships, and improves coordination in preventing and mitigating incidents.

So, what does the Brazilian ISP community think about routing security and MANRS?

I ran an interactive poll with four questions to provide a more quantitative answer. More than 100 people participated, which makes the results fairly representative.

A sort summary is that while routing incidents are not perceived as the most painful area, the Brazilian ISP community is willing to embrace the collaborative security approach and work on improving Internet infrastructure.

In the past three months, according to BGPSetream, Brazilian ISPs experienced about 1,000 routing events that likely represent incidents. About a quarter of them were route leaks and hijacks; the rest were outages.

From operational experience, 20% of operators dealt with routing security incidents with impact. For the majority, however, such incidents were either infrequent or had little impact. That says something about the perceived risk.

At the same time, improving routing security is important to the vast majority of operators. Almost half are willing to play an active role in promoting best practices.

Almost one-third of respondents already implement the majority of the MANRS Actions and could join the effort.

When it comes to joining the effort, two-thirds feel they would become active adopters of MANRS, once their network has appropriate controls in place.

We look forward to seeing many Brazilian ISPs officially join MANRS, given these survey results! If you’re interested, please let us know. A MANRS Implementation Guide is also available to help you get your network ready.

You can watch Andrei’s full presentation on YouTube in the video below, or at this link.

The post MANRS, Routing Security, and the Brazilian ISP Community appeared first on Internet Society.

Internet Society

BlackBerry release guidelines to accelerate connected car security

BlackBerry is aiming to address connected car security concerns with a framework intended to harden them against cyber attacks.

Connected cars herald an era where you no longer just have to protect them from being physically broken into, but also hacked into. Compromised vehicles could pose a threat to safety through remote control, or be used to access sensitive data such as location.

I’ve covered hacks of connected cars on several occasions; including a Tesla being hacked for a second year by the same researchers. That case joined high-profile incidents with other leading automotive manufacturers including Jeep and Mitsubishi.

Like any computer, there will always be new vulnerabilities to be found and exploited. However, this should never be an excuse not to make them as secure as possible.

Connected car security guidelines

BlackBerry has a reputation for security and has created a recommended framework to guard connected cars against cyber threats. The guidelines are unlikely to make a vehicle immune to attacks but should help to reduce the prevalence of successful attempts.

"Protecting a car from cybersecurity threats requires a holistic approach," said Sandeep Chennakeshu, President of BlackBerry Technology Solutions. "Leveraging our experience as a leader in cybersecurity and embedded automotive software, BlackBerry has created a recommended framework to protect cars from cybersecurity threats."

Here’s a summary of the key points:

  • Secure the supply chain: Establish a root of trust by ensuring every chip and electronic control unit (ECU) in the automobile can be properly authenticated and loaded with trusted software, irrespective of vendor or manufacturer. Scan all software deployed for compliance to standards and required security posture. Conduct regular evaluations of the supply chain from a vulnerability and penetration testing perspective to ensure they are certified and "approved for delivery."

  • Use trusted components: Create a security architecture that is deeply layered in a defense in depth architecture, with secure hardware, software, and applications.

  • Employ isolation and trusted messaging: Use an electronic system architecture that isolates safety critical and non-safety critical ECUs and can also "run-safe" when anomalies are detected. Additionally, ensure all communication between the electronics in the automobile and the external world are trusted and secure. Further, ECU-to-ECU communication needs to be trusted and secure.

  • Conduct in-field health checks: Ensure all ECUs have integrated analytics and diagnostics software that can capture events, and are able to log and report the same to a cloud-based tool for further analysis and to initiate preventative actions. Moreover, automakers should confirm that a defined set of metrics can be scanned regularly when the car is in the field, as well as be able to take actions to address issues via secure over-the-air (OTA) software updates.

  • Create a rapid incident response network: Share common vulnerabilities and exposures among a network of subscribing enterprises so expert teams can learn from each other and provide advisories and fixes in shorter time frames.

  • Use a lifecycle management system: Proactively re-flash a vehicle with secure OTA software updates as soon as an issue is detected. Manage security credentials via active certificate management. Deploy unified endpoint policy management to manage applications downloaded over the lifetime of the car.

  • Make safety and security a part of the culture: Ensure every organisation involved in supplying auto electronics is trained in functional safety and security best practices to inculcate this culture within the organisation.

BlackBerry claims to either have, or are developing, solutions which help connected vehicle manufacturers to meet these guidelines. They’ll be demonstrating these during CES in Las Vegas next month.

The full whitepaper can be downloaded here.

What are your thoughts on BlackBerry’s connected car security guidelines? Let us know in the comments.

iottechnews.com: Latest from the homepage