ISSSource White Papers

Posts Tagged ‘GM’

Monday, August 3, 2015 @ 03:08 PM gHale

First it was Fiat Chrysler fixing hackable automobile systems, now GM cleaned up its OnStar portal.

GM went to work on the problem, discovered by security researcher Samy Kamkar, but as it turned out the fix was not a complete remedy. GM went back and now an app update for the iOS platform released that fixes the issue.

Chrysler Updates 1.4 Million Vehicles
Fiat Fixes Auto Remote Exploit
Siemens Fixes SIPROTEC DoS Vulnerability
Sm@rtClient Android Vulnerability Fixed

Kamkar posted a video of a device called OwnStar, which he said enabled him to monitor and intercept communications between General Motors’ OnStar RemoteLink app and any OnStar-equipped car.

With his device, Kamkar was able to issue commands through OnStar’s RemoteLink app — which lets drivers control some features of their cars like locking doors and turning on lights with a mobile device — to any of GM’s compatible cars.

OnStar, an in-vehicle system that provides security services, hands free calling, turn-by-turn navigation and more, is available in more than 30 GM vehicles. Kamkar was able to act as if he owned the car in the video, finding its location, unlocking the doors and even starting the engine.

Automakers and other tech firms are racing to outfit cars with more technology, especially ones that connect them via the Internet. Cars are no longer “air gapped” systems, rather, they are part of the Internet of Things, connecting to various points over the Internet. While there are some pretty solid reasons for doing that, it can also leave an auto as vulnerable as your computer or smartphone to hacks.

Kamkar couldn’t drive off in the car without the key, and cars that start remotely, automatically shut off in 10 minutes if someone doesn’t drive them away.

The hardware used for the OwnStar device appears to be a mixture of an extremely simple computer using Raspberry Pi and some wireless adapters, all tucked into a small protective case.

By Friday, GM issued an update to its iOS app, the only vulnerable platform remaining. The auto giant said all users update their RemoteLink apps as soon as possible.

Click here to view the video.

Tuesday, January 7, 2014 @ 05:01 PM gHale

The Android platform could soon be coming to a car near you.

Google is forming Open Automotive Alliance (OAA) and it invited Audi, GM, Honda, Hyundai and Nvidia to join in the effort.

Android Malware on Rise
Securing Automobile Software Updates
SAP Trojan Uses Carberp Code
Two Trojans Collaborate in Attack

With automobiles the ultimate mobile device, it only makes sense to have an operating system within the car. However, with Android a very popular system for attackers to hack into, how Google will go about ensuring a car will not fall victim to a cyber assault is still a bit murky.

“In this multi-screen world, switching between our different devices should be easy and seamless. Common platforms allow for one connected experience across our phone, tablet and PC, so we get the right information at the right time, no matter what device we’re using. But there’s still an important device that isn’t yet connected as seamlessly to the other screens in our lives – the car,” Google said.

Google said millions of people are already bringing their Android phones and tablets to the cars, but no automaker has optimized the experience. “Wouldn’t it be great if you could bring your favorite apps and music with you, and use them safely with your car’s built-on controls and in-dash display?” Patrick Brady, director for Android engineering, asked.

Alongside its partners, Google is working to enable new forms of integration with Android devices, but also to adapt Android for the car to make driving safer, easier and overall more enjoyable.

“Putting Android in the car will bring drivers apps and services they already know and love, while enabling automakers to more easily deliver cutting-edge technology to their customers. And it will create new opportunities for developers to extend the variety and depth of the Android app ecosystem in new, exciting and safe ways,” Brady said.

Friday, February 22, 2013 @ 03:02 PM gHale

Protecting trade secrets has always been a chore, but in today’s digital economy you can just ratchet up the intensity a few notches.

That is why there is now an action plan coming out of the White House that focuses on coordinating and improving the government’s efforts to protect trade secrets against foreign competitors.

Sanctions for Online Espionage
APT Group China Based
Security Checklist for CEOs
Executives: Cyber Fears Top List

The White House document, called Strategy on Mitigating the Theft of U.S. Trade Secrets, follows numerous incidents in which China ended up accused of attempting to breach government and private organizations in an attempt to steal classified information.

First reported in ISSSource Wednesday, this report details cases where individuals attempted to sell trade secrets and military technical data to China. The 141-page report contains incidents involving companies such as Valspar, Ford Motor Company, Motorola, DuPont, Dow, and GM.

Here is one example of economic espionage named in the strategy:
“On Feb. 11, 2010 former Rockwell and Boeing engineer Dongfan “Greg” Chung was sentenced to 188 months imprisonment and three years supervised release after his July 16, 2009 conviction in the Central District of California.
“Chung was convicted of charges of economic espionage and acting as an illegal agent of the People’s Republic of China (PRC), for whom he stole restricted technology and Boeing trade secrets, including information related to the Space Shuttle program and the Delta IV rocket.”

While the report said China is the “the world’s most active and persistent perpetrator of economic espionage,” it is not alone.

The report said Russia’s intelligence services are also trying to collect economic information and technology from U.S. targets. The same is true about South Korea.

The U.S.’s allies and partners are also a threat. That’s because they use their broad access to U.S. institutions to acquire classified information, mainly through human intelligence tactics.

Click here to download the report.

Monday, January 9, 2012 @ 04:01 PM gHale

General Motors is now modifying its Chevrolet Volt plug-in car to eliminate the possibility its batteries can catch on fire hours or days after a serious side-impact crash.

It turns out battery coolant could leak on an electronic board, causing the fire, GM said. Officials discovered the leaks in tests where they rotated a Volt until inverted. Only a few cupfuls of coolant ended up spilling out.

Enhanced Security for Cloud Computing
Securing Automobile Software Updates
Wireless Sensors Collect Water Data
Cell Phone Chemical Detector

To fix it, GM will modify the car to strengthen the protection around the battery. It will only add a few pounds. “It is a structural reinforcement that distributes the load,” said GM’s Mary Barra.

GM’s North American chief Mark Reuss said the battery itself is safe and doesn’t need modification. He said only 250 owners asked GM for loaners or to have their car bought back. GM has sold more than 8,000 Volts, which can travel 25 miles or more on electric power alone before a backup gas engine kicks in.

This move is a “customer satisfaction” action and GM will not consider it a recall.

Thursday, December 8, 2011 @ 10:12 AM gHale

Tuesday, November 15, 2011 @ 03:11 PM gHale

By Gregory Hale
Talking about the theory of safety and productivity working in unison is a nice lecture for a college professor to give in engineering school. It is very useful, but seeing it work in real time often seems like a pipe dream.

Not anymore. Manufacturers are truly seeing the light and understanding the two concepts are able to work together to not only ensure a safe work environment, but also bump up productivity. Three companies that truly get it gave presentations during Tuesday’s Rockwell Automation Fair 2011’s Safety Automation Forum in Chicago.

Safety Forum: Safety Targets Productivity
Back to Basics with Functional Safety
‘Safety is Good Business’
Classic Antenna Gives a Power Boost
Easier Organic Energy on Horizon

PepsiCo, GM and L’Oreal talked about various forms of implementing a safety culture in a real life scenario.

“It is possible to go five years or so without injuries at your plant,” said Tommy Short, health and safety manager at L’Oreal during his presentation. “Yes, it is possible, but you have to believe.”

That is where the issue lies, people have to believe and buy into a true safety culture. “Safety is a lot of work and it takes a lot of energy from everybody involved,” Short said.

“I hear safety is the number one priority at our company,” said Craig Torrance, global senior manager of health, safety and well being operations at PepsiCo. “I don’t agree, I feel it should be a value. It should be something we just do.”

Short talked about three areas in the safety culture spectrum: Dependent safety culture, independent safety culture and interdependent safety culture.

Dependent is more restrictive, doing things people are told, following rules and regulations to the letter. Independent, he said, allows for personal values, and good practices and habits. Interdependent allows for a caring culture where people work well with one another; more of a true communication environment.

He showed a chart that proved the interdependent safety culture that had true worker participation had the lowest rate of safety incidents.

He talked about an employee program at L’Oreal where there was participation and a reporting system. This was not about getting other workers in trouble, but rather, ensuring there was a safe work environment. This means the culture at the company was able to change and be more active because workers were looking out for one another.

“True ownership comes from employees,” Short said. “You really need to focus on what matters and make sure everyone is actively engaged. Actively engages employees will reduce safety issues.”

Torrance agrees, but his issues were all about implementing a safety program across a truly global enterprise. With over 800 manufacturing plants located around the world, implementing any kind of plan can be very difficult to say the least.

In a decentralized, autonomous, innovative and fast-paced corporation, it is difficult to get everyone thinking on the same page.

“That environment makes it very difficult to implement any kind of standardized safety program,” Torrance said.

He said it is difficult to have people buy into anything about safety until you start buying safety related items.

“Once you start spending dollars on safety, that had a huge impact on the culture,” Torrance said. “We actually had operators say to us, ‘you are actually serious about this.’”

Torrance talked about a 10-year machine safety program he launched this year. Before he could really get it going he knew the most important factor he had to work with was getting true executive level buy in from the beginning. He then sought out the various chief executives and business heads for all the units within PepsiCo. He was able to achieve the buy in, but that endeavor took him nine months.

“Without leadership buy in, you can’t implement a global safety program,” Torrance said. After you get executive sponsorship, you also need to implement an accountability measure.

“Accountability is something that has gone away. For safety, you need accountability,” Torrance said. “We have accountability on the business side, but not as much with health and safety.”

One more important element that will help get the job done in a global initiative is keeping everything as simple as possible. “Too often,” he said, “global programs get lost in the details.”

One of the other areas he often encounters is when engineers meet and go over programs they will say to him the plan we have works well and we have a solid return on investment, but the problem we have is the safety part of the program is too costly and we can’t get a return. They will then want to unbundle safety from the package.

“If you can’t afford to do the project with safety, you can’t afford to do the project,” Torrance said.

That all goes back to the credibility issue that talks about safety as a value within the mindset of the organization.

“You need to dialogue with workers to be fluid, effortless and spontaneous,” said Mike Douglas, senior manager for safety at General Motors. “That is how you achieve all the goals you need.”

Tuesday, September 21, 2010 @ 11:09 AM gHale

Electric vehicles are coming of age and will soon be hitting the mass market. While that bodes well for the environment because there will be less carbon emissions, on the other hand, what do you do when the batteries in these vehicles wear out?
GM and ABB are investigating that very issue.
The two industry giants signed a non-exclusive memorandum of understanding to cooperate on a research and development project that will investigate uses for electric vehicle batteries once their useful life in the vehicle is over.
The project will examine the potential of reusing spent lithium-ion battery packs from GM’s electric car, the Chevrolet Volt, as a means of providing cost-effective energy storage capacity, which will improve the efficiency of electrical systems as they evolve into smart grids.
“Future smart grids will incorporate a larger proportion of renewable energy sources and will need to supply a vast e-mobility infrastructure – both of which require a wide range of energy storage solutions,” said Bazmi Husain, head of ABB’s smart grids initiative. “We are excited to explore the possibility of employing electric car batteries in a second use that could help build needed storage capacity and provide far-reaching economic and environmental benefits.”
The Volt’s battery will still have significant capacity to store electrical energy, even after its automotive life, GM officials said.
“That’s why we’re joining forces with ABB to find ways to make the Volt batteries provide environmental benefits that stretch beyond the highway,” said Micky Bly, executive director of Electrical and Hybrid Systems.
Economical grid storage is a key enabler technology of smart grids that can drive the wider use of a variety of applications, including:
• Managing the intermittency of wind and solar resources
• Mitigating spikes in electricity demand
• Providing backup power
• Allowing the use of cheaper off-peak power during peak periods

Tuesday, April 13, 2010 @ 07:04 PM gHale

Attempting to stay one step ahead and also implementing global safety standards, General Motors will install a new brake safety measure that can prevent unintended acceleration on all its new vehicles by 2012.

In light of Toyota’s accelerator pedal issues, federal regulators are now mulling over legislation to make the technology mandatory on new cars and trucks. Congress is also exploring the issue after a series of hearings last month on Toyota’s recall of millions of vehicles over gas pedals that get stuck or trapped on floor mats.

You need to be logged in to see this part of the content. Please Login to access.

Archived Entries