Endpoint
2/6/2014
03:51 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Security Innovation Applauds U.S. DOT Decision To Move Forward With 'Talking Cars' Program

US DOT research indicates that safety applications using V2V technology can reduce the majority of crashes

Wilmington, Mass., February 5, 2014 – Dr. William Whyte, principal advisor of the US DOT-sponsored VII Proof of Concept project for secure vehicle communications, is proud to have played a part in developing the technology behind yesterday's announcement by the US DOT's National Highway Traffic Safety Administration (NHTSA) to enable vehicle-to-vehicle (V2V) communication technology for light vehicles. The technology will improve safety by allowing vehicles to "talk" to each other and avoid collisions by exchanging data such as speed and position hundreds of times per second.

Before this life-saving technology can be widely adopted, it has to be reliable and secure. As co-author of the IEEE 1609.2 standard for connected vehicle security, Dr. Whyte and his team have been working within the Intelligent Transportation Systems (ITS) community to ensure privacy and security are guaranteed and that communication between vehicles cannot be maliciously altered or used to track driver behavior or location. "We are thrilled that the US Government has taken this bold step to significantly reduce fatalities and serious injury through the adoption of robust technology," said Dr. Whyte. "With this announcement, Security Innovation will accelerate our collaboration with chip designers, wireless providers, on-board equipment manufacturers, infrastructure providers and car makers to ensure that security and privacy remain the number one priority."

US DOT research indicates that safety applications using V2V technology can reduce the majority of crashes, with survivability improvements expected to be even greater than from the introduction of seatbelts. When widely deployed, secure vehicle communications could prevent 80% of unimpaired driver accidents. Additionally, a recent DOT safety pilot program concluded that V2V standards and technologies are mature enough to work in full-scale production. Security Innovation's AeroLink&trade secure communications product was a key element in this success.

As an active and influential practitioner in this field, Security Innovation's understanding of the technical specifications and interoperability required to provide highly secure platforms for V2V will help improve automobile safety worldwide. The company does this through independent research and as a contributing member to organizations such as ITS America, OmniAir, ETSI (European Telecommunications Standards Institute), CAMP (Collision Avoidance Metrics Partnership), and the European Car2Car Consortium.

About Aerolink&trade

Aerolink&trade is the industry-leading implementation of high-speed communications security for connected vehicles based on the IEEE 1609.2 standard. It is the result of years of research and development in anticipation of the day when vehicles travelling at highway speed can communicate effectively while their occupant's remain confident of information security and privacy.

About Security Innovation

Security Innovation specializes in Software Security and Data Privacy for the world's most demanding environments. For over a decade, the company has helped organizations build and deploy more secure software systems and harden their data protection efforts. Security Innovation is privately held and is headquartered in Wilmington, MA USA. Visit the company at www.securityinnovation.com or on Twitter @SecInnovation.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-9676
Published: 2015-02-27
The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service ("invalid memory handler") and possibly execute arbitrary code via a crafted video that triggers a use after free.

CVE-2014-9682
Published: 2015-02-27
The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function.

CVE-2015-0655
Published: 2015-02-27
Cross-site scripting (XSS) vulnerability in Unified Web Interaction Manager in Cisco Unified Web and E-Mail Interaction Manager allows remote attackers to inject arbitrary web script or HTML via vectors related to a POST request, aka Bug ID CSCus74184.

CVE-2015-0884
Published: 2015-02-27
Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32(T) and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.

CVE-2015-0885
Published: 2015-02-27
checkpw 1.02 and earlier allows remote attackers to cause a denial of service (infinite loop) via a -- (dash dash) in a username.

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.