#ISO 26262 services | Explore Tumblr posts and blogs

dorleco · 7 months ago

Text

Role of embedded systems in VCU design

June 6, 2024

by dorleco

with no comment

Autonomous Vehicle Technology

Edit

INTRODUCTION

Embedded technologies have a significant role in the design and functionality of modern automotive Vehicle Control Units (VCUs). The vehicle control unit (VCU) is a key component that controls a car’s engine, gearbox, brakes, and other subsystems. Embedded systems contribute the following to VCU design:

1. Integration of Sensors

VCUs’ embedded systems are in charge of combining data from a variety of sensors throughout the vehicle. This includes data from accelerometers, gyroscopes, wheel speed sensors, engine sensors, and other sensors that provide the VCU with the knowledge it requires to make decisions.

2. Data Management and Control:

The VCU’s embedded processors assess incoming sensor data to make real-time decisions about the vehicle’s operation. Regulating engine settings, adjusting transmission shifts, and monitoring brake systems are all necessary to ensure peak performance and safety.

3. Communication protocols:

VCUs frequently need to communicate with other electronic control units (ECUs) in the vehicle, such as the ABS, Transmission Control Unit (TCU), and Engine Control Unit. Embedded systems handle the implementation of communication protocols, ensuring that data transfers between subsystems run smoothly.

4. Identifying and repairing faults:

Embedded systems are vital for implementing diagnostic functionalities in the VCU. In addition to identifying flaws or malfunctions, they monitor the state of several automotive systems and components and generate diagnostic trouble codes (DTCs) to help technicians locate and resolve issues during maintenance.

5. Power management:

Embedded systems in the VCU control power distribution. To enhance energy efficiency, they control power utilization and ensure components receive adequate power supply.

6. Functional Safety:

Safety is critical in car systems. VCU embedded systems are designed to meet functional safety requirements such as ISO 26262. They implemented safety precautions and redundancy to ensure that critical operations continue uninterrupted, even in the case of faults or malfunctions.

7. Software Updates and Upgrades:

Over-the-air (OTA) updates are enabled by embedded systems, which allow manufacturers to update the VCU’s software remotely to improve performance, add new features, or solve security problems without having to physically visit a service center.

8. Advanced Driver Assistance Systems (ADAS) Integration:

VCUs commonly interact with ADAS components to increase vehicle safety by providing features like adaptive cruise control, lane-keeping assistance, and collision avoidance. These cutting-edge technologies are more easily integrated thanks to embedded systems.

Advantages of embedded systems in VCU design.

The incorporation of technologies into Vehicle Control Units (VCUs) provides numerous benefits that improve the overall efficacy, security, and usefulness of modern automobiles. Here are a few major advantages:

1. Real-time Processing:

Embedded systems’ fast and real-time processing capabilities allow VCUs to make quick decisions based on sensor data. This is critical for key activities like stability control, braking, and engine control.

2. Optimized performance:

Engine performance, gearbox shifts, and brake systems are just a few of the vehicle aspects that can benefit from the use of embedded systems. This leads to improved reaction, fuel efficiency, and overall vehicle performance.

3. Integrating Complex Functions:

VCUs are responsible for a wide range of duties, including advanced driver assistance systems (ADAS) and engine management. Embedded systems facilitate the integration of these complex duties by ensuring smooth communication among the car’s many components.

4. Reduced size and weight:

The lightweight and compact nature of embedded systems helps to reduce the overall size and weight of VCUs. This is especially important in the automotive industry, where weight and space limits are critical for both fuel efficiency and vehicle design.

5. Energy efficiency:

Power management within the VCU architecture is enabled by embedded systems, which ensure that each component receives the required power while using the least amount of energy feasible. As a result, the car’s total energy efficiency improves.

6. Stability and reliability:

embedded system design improves VCU stability and reliability by using redundant and fault-tolerant components. It is critical to ensure that important vehicle functions continue regardless of malfunctions or breakdowns.

7. Diagnostic capabilities:

VCU’s embedded technologies provide advanced diagnostic capabilities. They generate diagnostic trouble codes (DTCs), which aid in the early discovery and resolution of problems during maintenance, and they constantly monitor the condition of the vehicle’s components.

8. Adaptability and Flexibility:

Manufacturers can add new features, improve performance, and correct security problems in embedded systems with software updates and upgrades, all without physically altering the VCU design.

9. Cost-effectiveness:

Embedding technologies in VCUs can save expenses throughout the vehicle’s lifecycle, even with initial development costs. Long-term cost savings may emerge from the ability to remotely update software, immediately diagnose faults, and improve performance without the need for hardware modifications.

10. Compliance with Standards:

Embedded systems in VCUs can comply with industry standards and laws, including functional safety criteria (such as ISO 26262). This ensures that autos meet the safety and performance criteria established by regulatory organizations.

Disadvantages of embedded systems in VCU design

Although embedded systems are necessary for the operation and design of vehicle control units (VCUs), employing them has several drawbacks. To overcome difficulties and increase the overall performance and dependability of automotive systems, it is necessary to consider these constraints. Some of the downsides are:

1. Software complexity:

Embedded systems in VCUs can run exceedingly complex applications. Complex software is difficult to manage and debug, and errors or faults can have major consequences for a vehicle’s performance and safety.

2. Security Issues:

The possibility of cyber security problems increases as cars become more networked. Embedded systems are vulnerable to hacking and unauthorized access, threatening drivers’ privacy and safety. Strong cyber security protections are necessary.

3. Limited upgradeability:

Although some embedded systems accept software upgrades, there may be hardware limitations that impede the addition of new technology. Hardware component updates can be complicated and costly, and they may cause obsolescence issues.

4. Rigid Design:

Specific functionality is commonly considered when creating embedded systems. Adapting to new requirements or technological breakthroughs may be challenging without significant changes to the hardware or software architecture.

5. The cost of development and maintenance:

It can be expensive to create and maintain embedded systems for VCU designs. Higher total vehicle expenses may result from both the initial development cost and the need for ongoing maintenance and updates.

6. Vendor Dependence:

When obtaining embedded system components, automakers may need to rely on specific manufacturers or providers. This reliance may limit adaptability and increase susceptibility to supply chain disruptions or changes in vendor affiliations.

7. Limited Processing Capacity:

As vehicle functionality advances, the processing capability of embedded systems may become a limiting factor. High computing needs may put a strain on embedded processors, especially when it comes to complex AI algorithms and autonomous driving.

8. Integration Challenges:

It might be challenging to combine embedded systems with other electronic components found in cars. Careful control of compatibility issues and communication protocols is required to ensure smooth operation and avoid system conflicts.

9. Environmental challenges:

Harsh external conditions, such as extreme temperatures and vibrations, can have an impact on the dependability of an embedded system. For automotive applications, it is critical to ensure that these systems are resistant to such circumstances.

10. Long development cycles:

Because of the stringent testing and certification procedures, embedded system development cycles for automotive applications can be lengthy. As a result, cutting-edge technology may not be applied as quickly as intended.

Conclusion:

Finally, embedded systems play a critical role in the design of vehicle control units (VCUs), considerably adding to the efficiency, safety, and overall performance of modern cars. Embedded systems are the technological backbone that allows the integration, processing, and control of various processes inside the VCU design. From real-time sensor data processing to smooth communication between multiple subsystems, embedded systems play a critical role in molding the vehicle’s behavior.

The preferences of implanted frameworks in the VCU plan are clear in terms of execution, vitality, effectiveness, and flexibility. These systems enable the integration of complicated functions, ensuring that vehicles perform with precision and reactivity. The ability to add diagnostic features improves dependability, while over-the-air updates and upgrades help with long-term cost-effectiveness and the adoption of new technologies.

However, it is critical to recognize certain disadvantages associated with embedded systems, such as software complexity, security problems, and potential limitations in upgradeability. Addressing these issues is critical to guaranteeing the ongoing progress and resilience of embedded systems in VCU design.

As technology advances, continued research and development activities are directed toward reducing downsides, strengthening cyber security measures, expanding processing power, and increasing adaptability to suit the changing demands of the automobile sector. In essence, embedded systems in VCU design are a dynamic and expanding field that is shaping the future of intelligent and connected cars by combining innovation with the need for strong safety and reliability criteria.

Check out all VCU-related products and services here, and for further inquiries, you can contact us at [email protected].

#VCU #VCUSupplier #evcc #ccu #evse #ProgrammableVCU #embeddedsystem #Dorleco

0 notes

arjunvib · 9 months ago

Text

SOFTWARE DEVELOPMENT & INTEGRATION PARTNER FOR BODY, GATEWAY & HIGH-PERFORMANCE COMPUTE PLATFORMS

KPIT provides comprehensive solutions for Vehicle Body & Gateway from concept development to maintenance for current & next generation programs

AUTOSAR Stack Integration

High Performance Compute – HPC & Zonal Architecture

Multicore Architecture

Future Technologies

Application Migration and Integration

Functional Safety

Cyber Security

Virtual Validation

Body electronics - Offerings

SDV Programs

Body System Engineering Services

Application Development & Integration Services

Body Features Validation Service

High-Performance Compute (HPC) Application

Zonal ECUs

System Architecture Definition (SoA + signal based) and Specification development

EE architecture and System model using PREEVision, MagicDraw, Rhapsody, EA

ISO 26262 based Functional Safety analysis (HARA, DFMEA)

Cyber security TARA analysis

System Architecture Definition (SoA + signal based)

Application Migration strategy definition for Classic/Adaptive SWCs

Application and Feature development in MBD/CBD

End-to-end Body feature software integration

Multidomain Feature Integration in HPC and Zonal ECUs

Model based Testing (MIL, SIL)

Plant model development for Body features

Body Virtual Validation Platform development

HIL testing of different Body features & Test Automation using dSPACE, Vector & KPIT Solutions (Technica)

Vehicle Testing and Calibration

Single Function ECU

Architecture re-design of legacy system based on new SDV systems

Migration of legacy system requirement to Model based system engineering

Application and Feature development in MBD/CBD

Body software Model based Testing (MIL, SIL and PIL)

Body Virtual validation platform development with standalone ECUs

#Body electronics #Body System Engineering Services#Application Development & Integration Services #Body Features Validation Service #SDV programs #vehicle body and gateway solutions #Body & Gateway software development #Body Gateway Module #automotive

0 notes

sindujah · 11 months ago

Text

Functional Safety (FuSa) Services in India, USA, Europe

Leading automakers are quickly evolving to Software Defined Vehicles, with modern vehicles having multiple electronic systems with millions of lines of code running on them. In an industry like Automotive, humans are increasingly dependent on electronic systems to monitor and control many aspects of the vehicle. Therefore passenger safety becomes paramount.

Functional Safety (FuSa) Services is an integral part of the product development process in any Automotive Electrical and Electronic system, to ensure the safe and reliable operation of the system. Therefore, FuSa is about adopting a systematic approach to identify, assess, and devise ways to mitigate the risk/potential hazards that may arise. In other words, should something fail, we want it to fail predictably.

For automotive applications, the “ISO 26262 - Road vehicles -Functional safety Services” standard serves as the directive based on which the Functional safety development process is to be based.

Functional Safety Process

We begin by conducting a thorough Hazard and Risk Analysis (HARA) where potential risks are identified and categorized. This is used to determine the ASIL Level ranging from A to D. Further analysis is conducted by DFMEA (Design Failure Mode Effect Analysis) and FMEDA (Failure modes, Effects and Diagnostic Analysis), and based on the assessment, the Functional Safety concept is developed, where safety requirements are defined and this is used to arrive at the System Level, Hardware and Software level requirements are defined in the implementation phase, along with rigorous testing and validation procedures used to ensure that the system meets the designed requirements. We base these processes as guided by ISO 26262 standards that is crucial in ensuring that the electronic systems operate predictably and can handle failures and events in a predetermined manner.

Our Functional Safety Services

We support major parts of ISO 26262 development such as the Concept Phase, Product Development at the System, Hardware, and Software Levels, along with Supporting processes.

Our team has a wide range of experience from more than a decade of working on individual system projects and full vehicle development projects. We can support individual aspects of the process as well as end-to-end services, traveling along with the development process.

#fusa #functional safety #engineering

0 notes

lanshengic · 1 year ago

Text

Microchip launches new 10BASE-T1S Ethernet solution to help OEMs easily connect automotive devices

【Lansheng Technology News】Microchip Technology Inc. today announced the launch of the LAN8650/1 MAC-PHY series of new devices that meet automotive application requirements, further expanding its automotive-grade Ethernet solution product lineup. The LAN8650 and LAN8651 MAC-PHY include a media access controller and serial peripheral interface for connecting devices at the edge of the automotive network.

The LAN8650/1 device with built-in MAC and SPI enables designers to connect 8-, 16- and 32-bit microcontrollers without built-in Ethernet MAC to 10BASE-T1S single-pair Ethernet networks. This enables sensors and actuators that connect the digital and real worlds to become part of a full Ethernet architecture. Connecting to even the simplest microcontrollers reduces the overall size and cost of the design.

Matthias Kaestner, vice president of Microchip's automotive business, said: "Microchip will continue to develop automotive connectivity solutions through the 10BASE-T1S product line to provide the industry with turnkey solutions that meet customer requirements. This new technology will bring sensors and execution to the physical world. The controller is always connected to the cloud, enabling a seamless Ethernet architecture in the car, reducing development effort and time to market."

The new family of devices has built-in Time Sensitive Networking (TSN) support, enabling synchronized timing on long-distance Ethernet networks. This time synchronization is critical for many automotive applications such as advanced driver assistance systems (ADAS).

The LAN8650/1 MAC-PHY is automotive qualified and meets AEC-Q100 Level 1 certification standards for enhanced stability in harsh environments, including extended operating temperature range of -40ºC to 125ºC. These devices meet functional safety requirements and are suitable for ISO 26262 applications.

Ethernet solutions maintain strong momentum in the automotive industry due to their comprehensive security protocols to ensure network system security. These systems can be extended to the edge of the network without requiring extensive changes or new development efforts.

Lansheng Technology Limited, which is a spot stock distributor of many well-known brands, we have price advantage of the first-hand spot channel, and have technical supports.

Our main brands: STMicroelectronics, Toshiba, Microchip, Vishay, Marvell, ON Semiconductor, AOS, DIODES, Murata, Samsung, Hyundai/Hynix, Xilinx, Micron, Infinone, Texas Instruments, ADI, Maxim Integrated, NXP, etc

To learn more about our products, services, and capabilities, please visit our website at http://www.lanshengic.com

#electronic components #semiconductor #chip model #electronic #chip manufacturing #lanshengic

0 notes

mr-automotive · 3 years ago

Text

The automotive industry

HISTORY

The automotive industry began in the 1860s with hundreds of manufacturers that pioneered the horseless carriage. For many decades, the United States led the world in total automobile production. In 1929, before the Great Depression, the world had 32,028,500 automobiles in use, and the U.S. automobile industry produced over 90% of them. At that time, the U.S. had one car per 4.87 persons. After 1945, the U.S. produced about 75 percent of world's auto production. In 1980, the U.S. was overtaken by Japan and then became world leader again in 1994. In 2006, Japan narrowly passed the U.S. in production and held this rank until 2009, when China took the top spot with 13.8 million units. With 19.3 million units manufactured in 2012, China almost doubled the U.S. production of 10.3 million units, while Japan was in third place with 9.9 million units. From 1970 (140 models) over 1998 (260 models) to 2012 (684 models), the number of automobile models in the U.S. has grown exponentially.

Early car manufacturing involved manual assembly by a human worker. The process evolved from engineers working on a stationary car, to a conveyor belt system where the car passed through multiple stations of more specialised engineers. Starting in the 1960s, robotic equipment was introduced to the process, and today most cars are produced largely with automated machinary.

SAFETY

Safety is a state that implies being protected from any risk, danger, damage, or cause of injury. In the automotive industry, safety means that users, operators, or manufacturers do not face any risk or danger coming from the motor vehicle or its spare parts. Safety for the automobiles themselves implies that there is no risk of damage.

Safety in the automotive industry is particularly important and therefore highly regulated. Automobiles and other motor vehicles have to comply with a certain number of regulations, whether local or international, in order to be accepted on the market. The standard ISO 26262, is considered one of the best practice frameworks for achieving automotive functional safety.

In case of safety issues, danger, product defect or faulty procedure during the manufacturing of the motor vehicle, the maker can request to return either a batch or the entire production run. This procedure is called product recall. Product recalls happen in every industry and can be production-related or stem from raw material.

Product and operation tests and inspections at different stages of the value chain are made to avoid these product recalls by ensuring end-user security and safety and compliance with the automotive industry requirements. However, the automotive industry is still particularly concerned about product recalls, which cause considerable financial consequences.

MR.AUTOMOTIVE

Mr.Automotive is one of the best automotive industry in kerala, since 2020. Mr.Automotive provides several services to our customers with exciting offers. The customer can access the sevices through our official Mr.Automotive application. Mr.automotive providing services are vehicle services like mechanical,water wash,spare parts,tyre services,pick up vehicles, rent a car, taxi services, etc. In our services, the customer can scedule the vehicle pickup time,then our worker will comes to your door, then collect the vehicle, after the work we will deliver your vehicle to your home, the customer can buy spare parts from our application. now a days Mr.Automotive is the best option for customers to deal with the vehicle issues.

for more information - https://mrautomotive10.000webhostapp.com/

#automobile #automotive #car mechanic #garage

1 note · View note

tuvsud · 4 years ago

Text

ISO 26262 FUNCTIONAL SAFETY TRAINING AND CERTIFICATION FOR AUTOMOTIVE

Gaining an ISO 26262 Functional basic security training and certificate offers operational security experts and their businesses that an upperhand in the business. It will help individuals develop a spot for themselves at the business enterprise. These aims are fulfilled while you gets an ISO 26262 Functional Security instruction:-

TÜV SÜD conducts instructor-led training programs to offer a practical comprehension of the idea of ISO 26262 operational safety of street vehicles at the automotive trade. The training program is tailored in accordance with the dependence on their audience. But, there are particular requirements for attending our Instructor-led ISO 26262 Functional Security Training Software conducted by TÜV SÜD at India. The requirements for your instruction module are as follows:

Make sure that you satisfy the requirements of the business enterprise through a whole comprehension of the model-based procedures to come up with safety related systems in accordance with ISO 26262 benchmark Prove your know how of operational safety with an internationally recognised ISO 26262 certificate and eventually become an essential component of the state TÜV SÜD operational security professional communityGain expertise for a operational basic security engineer, specialist or professional from the automotive industryConstruct internal competencies to successfully undertake operational security projects efficiently and economically and gain a competitive advantage WHAT ARE THE BENEFITS OF searching for THE iso 26262 training AND CERTIFICATION plan?

Any professional who's interested in realizing the operational safety related electric and electrical systems composed of hardware and software components in electrical vehicles, either working or prepared to generate a livelihood within the automotive industry sector has to attend the application. The path can be obtained upto really possess a crystal very clear understanding and working experience of the way that safety- related systems needs to be managed and commanded to mitigate threats and avoid errors. They can sometimes incorporate product programmers, R&D professionals, control engineers, engineers, safety engineers, system integrators, EPCs, managers of technology departments, sales agents to safety services and products systems and services, sales engineers, professionals and managers, promotion pros or anyone who would like to acquire their operational basic security knowledge certified in the relevant area of ISO 26262 Functional Security at the automotive trade.

Breakdown of ISO 26262 Training Program MODULES:

Course modules inch to 4 present one to the procedures essential for the function in the security lifecycle (recommended for beginners). You're going to be made knowledgeable about the respective topics together with the assistance of practical examples. All class modules 1 - 4 embrace a situation-based method of the use of safety investigations and encouraging procedures and the subsequent deliverables. Explanations of those essential job services and products and proper treatment of their security plan are naturally an integrated portion of modules.

This content with the brand new variant was revised related to the very first variant in some specific locations. Furthermore to two new parts into the variant, the Edition two introduces many developments, concretizations and brand fresh instances, that were originated from the adventures from the technical application of their norm from early decades. The 1day class offers a synopsis of the important shifts in Edition two and also exemplifies its own proper implementation with the assistance of examples.

ISO 26262 Functional Security Certification and Training Application, trains professionals to own absolute comprehension and upgraded technical understanding about their safety related systems which the normal makes up about. It is aimed in building a simple understanding about safety related works connected to electronic and electrical systems to minimise failure and risks from the automotive industry. Thus, fundamentally it covers the total life cycle of this automotive item. Implementing ISO 26262 at the original phase, really helps ensure no such risks routine at a subsequent period of manufacturing, even as it will become costly to repair the issue.

Together with gaining functional knowledge in security associated purposes, the iso 26262 certification and Training Program Offers additional advantages that are as follows-

Improve your efficacy with courses, joining theory with practical expertise in the field of operational basic security Minimise risks by maintaining your employees current concerning regulations and standards in mathematics and technology, thereby permitting them to spot issues before your surgeries are influenced Prevent product recalls and lack in standing by employing an optimized tailored procedure Prevent product failures, and save some time and monetary deficits Profit competitive advantage by employing your understanding of this diverse functions all through the security life cycle, as a way to come up with the best services for you and your clients WHO SHOULD ATTEND THE ISO 26262 TRAINING & CERTIFICATION PROGRAM?

Based on years of technical expertise within the industry of Profession basic safety training, we offer you the essential expertise in learning and understanding about ISO 26262 second Edition. Safety is just one of the vital issues in evolution now legal for several road vehicles such as buses, trucks, motor cycles and the rest of the automobiles. The sector-specific wants of electric or electronics (E/E) systems concerning road vehicles is clarified within this standard. Our training modules are all derived from the technical use with the standard in your ordinary business to prevent increasing hazard from systematic and arbitrary hardware failures. Our purpose is to offer professionals practical wisdom and experience with your assessments courses, to take informed decisions and mitigate risks.

The electric and electrical systems composed of both hardware and software components in vehicles have been regulated by this standard. Compliance to ISO 26262 operational security standards in automotive is now vital for its OEMs, automotive designers and providers for both automotive and protection improvement. ISO 26262 operational security hires automotive OEMs and providers to check out and record the operational security process to make sure their apparatus and procedures run safely and precisely with no malfunction. It places a summary for quantifying risks and ascertaining hazard categories called ASILs (Automotive Safety Integrity Levels) and targets at reducing potential threats in automotive systems. It defines the security life cycle from the concept phase before decommissioning of this automotive merchandise or system. It monitors and measures risks to make sure an acceptable degree of safety is achieved from the automotive item. With evolving automation and application of automotive systems, ISO 26262 makes up about establishing the principle for risk management by establishing the standards for hardware and applications development in addition to analyzing, looking to get the greatest levels of safety. Thus, in the modern period it's essential to coach professionals from the automotive industry to possess complete understanding of ISO 26262 operational safety automotive standards to effectively handle their systems together without minimum quantities of danger.

General Breakdown of the newest attributes of ISO 26262 Edition Two Display of this newest Part 1 2 for bicycles Display of this new Part 1-1 for semiconductor growth Changed demands Partly 2 9 New alternative options Cases of execution

TÜV SÜD has got the skill to give ISO 26262 Functional Security Certification and Training Software for all street vehicles such as buses, trucks, motor cycles and the rest of the automobiles depending on latest variant in India.

#iso 26262 certification #iso 26262 training

1 note · View note

ramadevimadire-blog · 5 years ago

Link

TESSY - Automated testing of embedded software

The powerful and certified Unit and Integration Testing Tool for C / C ++ Embedded Software with support for a wide range of microcontrollers, compiler environments and target platforms. TESSY is qualified for safety-related software development according to IEC 61508 and ISO 26262.

TESSY automates the whole unit test cycle including regression testing for your embedded software in C/C++ on different target systems. As an easy-to-install and easy to operate testing tool TESSY guides you through the unit test workflow from the project setup through the test design and execution to the result analysis and reporting. TESSY takes additionally care of the complete test organization as well as the test management, including requirements, coverage measurement, and traceability.

1 note · View note

wolfliving · 5 years ago

Text

Meanwhile, in self-driving car circles

*They don’t work.

https://blog.piekniewski.info/2019/11/18/late2019-the-wizards-of-oz/

Self driving cars

As time goes, more and more cracks are showing on the self driving car narrative. In June, one of the prominent startups in the competition - Drive.ai got acqui-hired by Apple, reportedly days before it would have ran out of cash. For those not well versed in startup valuation, this is not the best imaginable outcome. Startup employees are typically getting stock options (an option is basically a contract that allows one to buy a given number of shares at a fixed price), often trading off better salary they'd earn in an established company. These options are typically for common stock - in ways the least secured part of the equity structure. Investors buy shares of a company in investment rounds and often get at least in part what is called a preferred stock and other forms of liquidation preference.

This means that in the event of liquidation, those shares will need to get payed off first, before any of the outstanding common shares. In any case the best outcome for a startup is an IPO (Initial Public Offering) when the shares get registered and can be traded freely at an open market, or an acquisition at a highest possible valuation. At high valuations the preferred stock effectively becomes same with common stock and common stock holders and option holders can cash out. However when the valuation at the acquisition is low, there may not be enough to cover the preferred stock (or any outstanding debt or convertible notes) in which case the common stock holders end up with nothing (and option holders can even end up negative if they exercised them). Anyway, long story short, this seems to be the case at drive.ai since they've been showing signs of financial distress earlier this year. As a curiosity, one of Drive.ai cofounders is Andrew Ng's wife, apparently having a spouse AI prodigy was of little help to the problem. Voyage, another similar startup now wants to solve the self driving problem with Deep Reinforcement Learning. Why? Because this is the latest buzzword in AI circles. Does it make any sense? None at all, since it can only work in simulation and as we all know in theory there is no difference between simulation and reality, but in reality there is. Anyway, autonomy is all about the corner cases and the nasty thing about corner cases is exactly that they were not anticipated by anybody, and consequently cannot be simulated.

Other self driving car players have been getting somewhat mixed press as well. Cruise is apparently plagued with glitches, one of Alphabet's execs admitted that there has been much hype in the space, while Waymo's valuation got pretty seriously (40% !!!) slashed by Morgan Stanley. Not surprisingly Waymo, which is typically rather quiet in media, rolled out a big PR offensive, started showing off cars without drivers (remote supervised) driving around Phoenix suburbs and inviting automotive journalists for a ride. I view this as an attempt to regain control over the crumbling narrative, which may be effective for a while. For those who never visited Phoenix, the suburbs where Waymo tests their cars near Chandler AZ are pretty much the ideal case for an AV - wide streets, few pedestrians (especially in the summer when it is really hot). I visited that area this summer and saw a bunch of these Waymo cars myself, pointlessly cruising around like some lost sheep without a purpose.

We've also learned a few new facts about the infamous Uber incident, apparently Uber AVs were involved in some 37 crashes before the fatal accident in Arizona last year, while “The system design did not include a consideration for jaywalking pedestrians,” as we learned from a stunning NTSB report. This may explain why Uber is now looking to pay for Waymo tech while their ex AV boss-star responsible for Uber-Waymo fiasco, Anthony Levandowski got charged with trade secret theft, facing many years in prison time. I'm old enough to remember when Anthony's startup -Otto - was delivering beer in Colorado to great fanfares, something I've mentioned in this blog before, back in 2016.

Meanwhile Daimler joined the crowd of companies slowly deflating the self driving balloon, to the point of even admitting they'd be cutting spending on it.

Tesla keeps the story up with promises of a million of self driving cars by 2020 - they raised money in May based on that promise so they need to keep it alive. While the stuff that Tesla does is in many ways impressive - recent talk by Andrej Karpathy - head of AI there - revealed some of the details, the grim reality is that as of today even unusual illumination is able to throw the system off. To get the idea of how far way is Tesla from autonomy it's enough to search Youtube to see hundreds of failures, particularly with recently released enhanced summon. I keep my prediction that there will be exactly zero fully autonomous Tesla's in 2020, and most likely 2021, 2022 and at least 2023. I would not expect anything really usable by 2025 and that is only given that somebody finally makes a scientific breakthrough. If that fundamental shift does not happen, chances are self driving cars will remain a pipe dream for a few decades or more (aside maybe from some heavily geofenced, low speed local services, such as for example at a university campus).

In general the sentiment regarding autonomous vehicles seems to be changing with more prominent news outlets pouring buckets of cold water on the technological hot shots e.g. [1], [2], [3].

Finally since we are on technological hot shots, I had the pleasure to meet George Hotz, the founder of Comma.ai and a known hacker. Earlier this year Comma moved to San Diego, since in George's own words "San Francisco is a scam". He attended the same event at UCSD where he gave a somewhat entertaining and amusing talk in which he called self driving "a scam". Anyway, Comma is "proudly delivering level 2 autonomy", which is pretty much in line with the functionality of Tesla autopilot, only their system actually has driver monitoring which I think is a huge plus. Anyway, I would not let their hackish software ever talk to the CAN bus in my car and I certainly do not recommend anyone to do so - CAN allows to essentially control every aspect of the vehicle and any code responsible to controlling the vehicle should adhere to strict safety standards such as ISO 26262. On the other hand I have a suspicion Tesla does not adhere to these standards either...

2 notes · View notes

icsskolkata · 2 years ago

Text

Why is this car cybersecurity standard needed?

As the automotive world evolves towards connected cars and smart mobility, an additional element of security vulnerability is emerging, the threat of cyberattacks. Because automotive cybersecurity is a new and growing field, traditional automotive security and safety standards do not fully cover the topic of cybersecurity. Therefore, in response to these cyber security threats and increased concern for driver safety and security, OEMs, Tier 1 vendors and others often adopt methods individual approach (if any). Unfortunately, an individual approach is not enough; With the growth, prevalence, and sophistication of cyberattacks, it becomes necessary to establish specific guidelines and standards for automotive cybersecurity. In 2016, SAE International, the trade association and standards development organization for technical professionals, and ISO, the International Organization for Standardization, an international standards body made up of representatives from international organizations. different standards organizations, came together to solve the problem of establishing this industry. Automotive network security standards.

Both organizations have worked individually on automotive safety and security standards in the past; ISO 26262 previously established functional safety standards, and SAE J3061 laid the foundation for cybersecurity standards. When the two organizations realized they had a common goal, they met with OEMs, ECU vendors, cybersecurity vendors, and government organizations, and with more than 100 experts from over 82 companies. Based in more than 16 countries, a joint working group has been formed to create a comprehensive and effective global standard for automotive cybersecurity. Utilize four main working groups focused on risk management; product development; production, operation, maintenance and decommissioning; and process overview, the ISO/SAE 21434 project was born.

The need for this standard is clear:

First, there is a need for common cybersecurity-related terms for use in the automotive industry. In the past, many different terms were used making it difficult to understand cyber risk and how to mitigate it. Second, criteria for effective cybersecurity within a vehicle are also needed; Prior to ISO/SAE 21434, there was never a definition of what “sufficient cybersecurity” meant. Third, although there are advanced and accepted automotive safety standards in which the concept of ASIL (Automotive Safety Integrity Level) is understood and applied, there is no standard definition of a safety standard. additional cybersecurity, because proprietary cybersecurity assurance levels vary from company to company. And finally, there must be a standardized standard that regulators can identify and use to enforce vehicle compliance by ensuring that connected vehicle drivers are protected from damage. cyber threats and attacks.

What is within the scope of the standard?

ISO/SAE 21434, in draft form as of May 2020, is the standard for vehicle manufacturers and suppliers to ensure cybersecurity risks are effectively and efficiently managed. This standard has been developed specifically to ensure the safety and security of end users/drivers on the road, and as such, the identification of the risk level and the corresponding cybersecurity measures are determined. determined according to the ultimate impact on the driver.

This standard provides a standardized cybersecurity framework that establishes cybersecurity as an integral element of engineering throughout the lifecycle of a vehicle, from concept to dismantling, ensuring ensure that cybersecurity is considered in post-production processes (software updates, service and maintenance, feedback issues, etc.), and call for effective methods of feedback, training, and communication results related to automotive cybersecurity.

More specifically, the scope of the standard includes:

Specific requirements for cybersecurity risk management

Cybersecurity Process Framework

A common language to help manufacturers and organizations communicate with their cybersecurity risks

The benefits of standards are obvious. ISO/SAE 21434 brings potential for common supply chain terminology, industry consensus, clear minimum criteria for vehicle cybersecurity engineering, cybersecurity integrated into vehicle design right out of the box. From the ground up, a well-defined threat landscape, key standards for regulators, and a new level of trust are built between stakeholders.

By design, ISO/SAE 21434 does not prescribe specific cybersecurity technologies or solutions, remediation methods, or cybersecurity requirements for telecommunications or office systems. connectivity, EV chargers or autonomous vehicles.

Instead, this standard places great emphasis on risk identification methods and established procedures to deal with cyber risks. As such, it stipulates that if a compromised facility, charger or autonomous vehicle poses a direct risk to road users, it must be monitored, controlled and mitigated. Upstream Security enables stakeholders in the automotive ecosystem to identify risks and respond as required by the standard.

Reference:

Privacy settings on social media accounts

Loads of private statistics are being exchanged for the sake of personalization each second. And that offers upward push to a worrisome concern!

How are we able to alter on-line privateness? Well, revealing an excessive amount of records on-line leaves the door open to fraudulent activities.

Thanks to more potent protection enforcement, you may determine what is going public and what remains private. With in-intensity probing of the privateness settings of your social media accounts, you may experience a secure on-line experience.

As a marketer, we're the usage of social media to sell our business. However, we nonetheless want to take heed to our privateness. It is all too clean for hackers to get a keep of touchy records.

In this post, let`s discover a way to extrade social media privateness settings without affecting your boom and reach.

But first, research what the complete factor of this whole exercising is!

Why do you need to verify your privacy settings?

Photos and content uploaded to social media platforms are not always secure. They can be downloaded in the event of impersonation, inappropriate circulation, or other unethical activities. Therefore, it is essential to learn and understand how to use the security features offered by social networking sites.

Remember that every social media platform has its settings and some are more complicated than others. We'll look at the privacy settings of the most frequently used channels like Facebook, Twitter, LinkedIn, Pinterest, and Instagram.

Facebook privacy settings

Facebook allows you to set privacy from the Privacy tab, profile and photo settings. Let's take a look at each.

1. Facebook Privacy Tab

You can access the privacy settings by clicking the down arrow in the farright corner of the feed page. Click “Settings & Privacy”, then “Settings”.

Click "Security" in the left panel to open the "Settings and Security Tools" tab. You have multiple categories to tweak your visibility. You can also manage your privacy when posting to your timeline with the audience selector. This control remembers your changes, so future posts will be shared with the same audience unless you change them. It also has a feature that many people are not aware of. It's the ability to limit the audience of old posts on your timeline. For example, let's say you post publicly all the time on Facebook and want to improve your security. Click the Limit Previous Posts button. As a result, the content on your timeline that you have shared with friends of friends or the public becomes friends. However, there may be people who have shown interest in the position. People who have liked, commented on, or tagged them can still see the post. Additionally, you have the ability to modify the audience of your messages individually. Just go to the post you want to edit and select a different audience.

You can tweak a few other things, such as choosing who can send you friend requests. In addition, you can define who can search for you. This includes your personal information such as the email address and phone number used to find you. In addition, you can decide where to store message requests from friends of friends and others.

2. Facebook profile settings

Next, you need to update the privacy settings on your Facebook profile. Go to your profile and click "About". Here you can access your basic information. Various sections like work, education, contacts, family and relationships, life events, etc. will appear. In each section, you will find several items with separate privacy settings. Click the edit icon to the right of each section and choose who can see the information: public, friends or customs to make the necessary changes.

Here you can customize each section of your profile to set privacy to your comfort level. For example, if you want the public to know about your work and education, or hide your contact details and background information, you can set it as needed.

3. Facebook Photo Settings

Finally, adjust the privacy settings for the photo section. You can set your photo settings in two ways. The first is per album and the second is per image. If you're uploading photos directly to an album, click the object in the bottom right of the album to set privacy. For images you have uploaded individually, click on the desired image and select the edit icon to moderate specific settings.

Twitter privacy settings

Twitter's privacy settings are simple. Either you have a separate account or you don't have one. By default, the "Protect my posts" setting is disabled. Correspondingly, this setting allows anyone to see your tweets, be it your followers or anyone searching on Google.

Therefore, to change the privacy settings of your Twitter account, click the More button and then the "Security & Privacy" option on the left panel. Select "Your Account" and go directly to "Account Information".

Enter your password. Then click "Protected Tweets". Check the "Protect your Tweets" box to limit the visibility of your tweets to your followers. Uncheck the same box if you want to approve people to follow instead of allowing people to read your tweets.

Additionally, Twitter offers the option to add a location to your tweets. When you tweet with the location, Twitter will store the location. You can change the "on/off position" before each tweet. Additionally, you can decide whether users can find your Twitter profile using your email address or phone number. After making changes, be sure to click the Save Changes button at the bottom.

LinkedIn privacy settings

LinkedIn's privacy settings are slightly different from those of Facebook and Twitter. To change your privacy, click the "Me" button and select Settings and Privacy. There are many privacy settings here, but most deal with how your information is shared on LinkedIn.

If you want to decide what information people can see on LinkedIn, click "Edit your public profile". Uncheck all to keep all your connections private.

You can change the secret table to public, but you cannot change the public table to secret.

Instagram privacy settings

Like Twitter and Pinterest, Instagram's privacy settings are much simpler. By default, anyone can see your profile and posts and can also tag you in photos. However, you can make your posts private so that only your approved followers can see them.

Instagram's desktop site has limited functionality, and you can't change your image privacy there. Therefore, you will need to use the mobile app to change the privacy settings. Click on your profile icon and select "Settings". Edit the required sections from your Edit Profile tab.

You can also change your privacy account settings. If you make it private, only your users can see your photos. Even if you switch to a private profile, your existing followers will remain the same. Alternatively, if you want to block a specific follower, find that user's profile and tap the three-dot icon to block or restrict them.

Noteworthy:

Even if you have a private post and you like a public post or comment on a photo or video that a public user has uploaded, it is still visible to everyone. Alternatively, you can remove yourself from a tagged photo. This is useful if you find yourself tagged in a photo that you don't want to be tagged for work reasons. Inference

Social media privacy is a hot topic for individuals as well as marketers. Recent data breaches and information leaks have made it important to comply with privacy and security rules. With everyone taking off their socks to double their reach, calculated steps must be taken to protect their content and profiles from malicious users. Controlling privacy settings should not be in the middle of your end goals. Refer to the steps we mentioned above to stay protected without compromising participation.

Reference:

What is malware?

Malware, or malicious software, is any program or file that intentionally harms a computer, network, or server.

Types of malware include computer viruses, worms, Trojan horses, ransomware, and spyware. These malicious programs steal, encrypt and delete sensitive data; modify or disrupt basic computer functions and monitor end-user computer activity.

What does malware do? Malware can infect networks and devices and are designed to harm devices, networks, and/or their users in some way.

Depending on the type of malware and its purpose, this damage can manifest differently to the user or the device. In some cases, the impact of malware is relatively mild and benign, while in others it can be catastrophic.

Regardless of the method, all types of malware are designed to exploit devices at the expense of the user and for the benefit of the hacker i.e. the person who designed and/or implemented the software toxic.

How do malware infections happen? Malware authors use a variety of physical and virtual means to deliver malware that infects devices and networks. For example, malware can be delivered to the system by means of a USB drive, through popular collaboration tools, and by downloading via the drive, which automatically uploads the malware to the system without fail. without the user's consent or knowledge.

Phishing attacks are another common pattern of malware distribution, where emails disguised as legitimate messages contain malicious links or attachments that deliver malware executables. to unsuspecting users. Sophisticated malware attacks often involve the use of command and control servers that allow hackers to communicate with infected systems, steal sensitive data, and even remotely control devices compromised or compromised server.

New lines of malware include new evasion and obfuscation techniques designed not only to trick users, but also security administrators and anti-malware products. Some of these evasion techniques are based on simple tactics, such as using web proxies to hide malicious traffic or source IP addresses. More sophisticated threats include polymorphic malware that can repeatedly modify its underlying code to avoid detection by signature-based detection engines; anti-sandbox techniques that allow malware to detect when it is scanned and delay execution until it exits the sandbox; and unfiltered malware reside only in system RAM to avoid detection.

What are the different types of malware?

Different types of malware have distinct characteristics and characteristics. Types of malware include:

Viruses are the most common type of malware that can run and spread by infecting other programs or files.

The worm can reproduce itself without a host program and often spreads without any interaction from the malware's author.

A Trojan horse is designed to appear as legitimate software to gain access to the system. Once activated after installation, Trojans can perform their malicious functions.

Spyware collects information and data of devices and users, and observes user activities without their knowledge.

Ransomware infects users' systems and encrypts their data. The cybercriminal then demands ransom from the victim in exchange for decrypting the system data.

Rootkits gain administrator-level access to the victim's system. Once installed, the program gives hackers root or privileged access to the system.

A backdoor virus or Remote Access Trojan (RAT) secretly creates a backdoor in an infected computer system that allows hackers to gain remote access without warning users or system security programs.

The adware tracks the user's browser and download history for the purpose of displaying pop-up ads or banners to entice the user to make a purchase. For example, advertisers may use cookies to track the websites users visit for better ad targeting.

Keyloggers, also known as system monitors, keep track of almost everything a user does on their computer. This includes email, open web pages, programs, and keystrokes.

How to detect malware

Users can detect malware if they observe unusual activity such as sudden loss of disk space, unusually slow speeds, repeated crashes or crashes, or an increase in activity. unwanted internet and contextual advertising.

Anti-virus and anti-malware software may be installed on the device to detect and remove malware. These tools can provide real-time protection or detect and remove malware by running periodic system scans.

For example, Windows Defender is Microsoft's anti-malware software included with the Windows 10 "OS" operating system in the Windows Defender Security Center. Windows Defender protects from threats such as spyware, adware, and viruses. Users can set "fast" and "full" automatic scans, as well as set low, medium, high, and severe priority alerts.

How to remove malware

As mentioned, a lot of security software is designed to detect and stop malware, as well as remove it from an infected system.

Malwarebytes is an example of an anti-malware engine that handles malware detection and removal. It can remove malware from Windows, macOS, Android and iOS platforms. Malwarebytes can scan a user's registry files, running programs, hard drives, and individual files. If detected, the malware can then be quarantined and removed. However, unlike some other tools, users cannot schedule automatic scans.

How to prevent malware infection

Users can prevent malware in a number of ways. In the case of personal computer protection, users can install anti-malware software.

Users can prevent malware by adopting safety practices on their computers or other personal devices. This includes not opening attachments from unknown email addresses that may contain malware disguised as legitimate attachments - such emails may even be believed to come from companies. legitimate but has an unofficial email domain. Users should regularly update their anti-malware software as hackers are constantly adapting and developing new techniques to breach security software. Security software vendors are responding by releasing updates that fix these vulnerabilities. If users accidentally update their software, they could miss a patch that leaves them vulnerable to a preventable exploit.

In a corporate environment, the network is larger than the home network, and the financial stakes are higher. Organizations should take proactive steps to enforce malware protection. Precautions towards the outdoors include the following:

Double approval for business-to-business (B2B) transactions; and

Perform second-channel verification for business-to-consumer (B2C) transactions.

Internal business precautions include:

Offline malware deployment and threat detection to detect malware before it spreads;

Implement whitelist privacy policies whenever possible; and

Implemented advanced security at the web browser level.

Does Malware Affect Macs?

Malware can affect Macs as well as Windows. Windows devices have historically been considered a bigger target of malware attacks than Macs, in part because users can download apps for macOS through the App Store. Malwarebytes reported in 2020 that Mac malware surpassed PC malware for the first time. This is partly due to the popularity of Apple devices, which attracts more attention from hackers.

Malware History

The term malware was first used by computer scientist and security researcher Yisrael Radai in 1990. However, malware has existed for a long time before that.

One of the earliest known examples of malware was the Creeper virus in 1971, experimentally created by engineer Robert Thomas of BBN Technologies. Creeper is designed to infect mainframes on ARPANET. Although the program did not modify functionality, steal or delete data, it moved from one mainframe to another without permission while displaying a teletype message that read: "I a creep: tell me if you can." Creeper was later modified by computer scientist Ray Tomlinson, who added self-replication to viruses and created the first known computer worm. The concept of malware originated in the technology industry, and examples of viruses and worms began appearing on Apple and IBM PCs in the early 1980s before becoming popular with the advent of the World Wide. Web and the commercial Internet in the 1990s. Since then, malware - and the security strategies to prevent it - have only become more complex.

Malware-like programs

There are other types of programs that share characteristics with malware, but are distinctly different. An example is a PUP or possibly unwanted program. These are applications that trick users into installing them on their systems - such as browser toolbars - but do not perform any malicious functions once installed. However, there are cases where a PUP may contain spyware-like functionality or other hidden malicious functionality, in which case the PUP will be classified as malware.

DDoS on IOT

IoT is about connecting smart devices to the internet to create something that people already use in their daily lives. This article explains how IoT makes DDoS attacks more dangerous than ever, and how to prepare your business against these potentially devastating attacks today?

What is DDoS attack?

Distributed Denial of Service (DDoS) attack is a type of network attack in which multiple devices attack a single server. This is usually done by overloading the server connection and preventing it from receiving more data. The devices that launch this type of attack can be computers, servers, or even personal devices like smartphones, but they all have one thing in common: they need to be connected to the internet to participate. attack. DDoS attacks are so common that the biggest company in the industry, Cloudflare, has had to upgrade its services and add some new features and add an extra layer of protection to keep up with the growing demand. .

Why are these attacks more dangerous?

These attacks become more dangerous because the perpetrators can now use the Internet of Things (IoT) to make them more serious. They can do this by exploiting known vulnerabilities in home devices like Wi-Fi routers, security cameras, and smart TVs. Attackers can use these sensitive devices to deliver traffic to certain websites, disabling their servers. These attacks also pose a more serious threat to those whose devices are used in the botnet. Many victims of this botnet don't even know their devices are being used in this way, leaving them vulnerable to identity theft or even physical harm.

You can take steps to guard against this type of attack. Since most IoT devices have little or no security, updating their firmware is essential. This will reduce your chances of being part of a botnet. You should also ensure that your devices are always updated with the latest security patches for their operating systems. There are also apps you can run on your computer and smartphone to prevent them from being used in botnets. Finally, avoid clicking on links that appear in unsolicited emails. The types of attacks against IoT devices are on the rise. Some experts estimate that by 2022, 20 billion IoT devices will be in use. If you're not careful, you could end up with a botnet and your device will be used against you.

How does an IoT device make DDoS attacks worse? If you are new to DDoS attacks, it is a form of cyber attack in which the perpetrator clings to a single connection point and uses it to send multiple messages or requests for information. An IoT device, such as a baby monitor or thermostat, may have an Internet connection that is not secured by a firewall. The hacker would then hack into that device and use it to trigger a DDoS attack on your company's website or another target. If your business's website is down, it can have a serious impact on your business. The best defense against IoT DDoS attacks is to take steps to secure all of your devices.

What types of IoT devices are most at risk?

Cameras are one of the most common IoT devices targeted by malicious actors. Hackers will scan for any publicly accessible IP address with the camera and then use it to launch their DDoS attack. This is what happened to one of the largest DDoS attacks ever observed, with an estimated size of 1.7 terabits per second.

How to protect my IoT devices? The best way to protect your IoT devices is to configure a firewall to restrict inbound and outbound traffic. It is important that you use a password and preferably the device to change its default login information. To avoid these problems, you can block all incoming and outgoing traffic connecting to your device. Alternatively, you can use a virtual private network (VPN) to secure your internet traffic and revoke your device's access to all external networks.

Inference

In conclusion, IoT has proven to be an integral part of many DDoS attacks. It has been shown that they can be used to spy and launch a distributed attack. In the future, attacks of this type will only become more dangerous as the number of IoT devices grows exponentially.

Reference:

Introduction to XSS Attack

A cross-Site Scripting attack is a malicious code injection, which will be executed in the victim’s browser. The malicious script can be saved on the webserver and executed every time when the user calls the appropriate functionality. It can also be performed with the other methods – without any saved script in the webserver.

The main purpose of this attack is to steal the other user’s identity data – cookies, session tokens, and other information. In most cases, this attack is being used to steal the other person‘s cookies. As we know, cookies help us to log in automatically. Therefore with stolen cookies, we can log in with the other identities. And this is one of the reasons, why this attack is considered one of the riskiest attacks.

An XSS attack is being performed on the client-side. It can be performed with different client-side programming languages. However, most often this attack is performed with Javascript and HTML.

How is XSS performed?

A cross-site scripting attack means sending and injecting malicious code or scripts. Malicious code is typically written using client-side programming languages such as Javascript, HTML, VBScript, and Flash. However, Javascript and HTML are primarily used to carry out this attack.

This attack can be carried out in various ways. Depending on the type of XSS attack, the malicious script will be displayed in the victim's browser or stored in the database and executed each time the user calls the appropriate function.

The main reason behind this attack is improper validation of user input, which can leak malicious input into the output. Malicious users can enter scripts that are injected into the website's code. Then the browser will not be able to determine if the executed code is malicious.

As such, the malicious script is executed in the victim's browser or the user is presented with a fake form. XSS attacks come in several forms.

The main forms of cross-site scripting are:

Malicious scripts running on the client side can lead to cross-site scripting.

A fake page or form presented to the user (where the victim enters credentials or clicks a malicious link).

Websites that display ads.

Malicious emails sent to victims. This attack occurs when a malicious user finds a vulnerable part of a website and submits it as well-formed malicious input. A malicious script is injected into the code and sent as output to the end user.

Types of cross-site scripting attacks

The main purpose of the XSS attack is to steal someone else's girlfriend's identity. As already mentioned, it could be a cookie, session token, etc. XSS can also be used to display fake pages and forms to victims. However, this attack can be carried out in various ways.

This attack falls into three main categories as shown below.

#1) Reflected XSS – This attack occurs when malicious scripts are not stored on his web server, but are reflected in the website results. #2) Stored XSS – This attack occurs when malicious scripts are persistently stored on a web server.

#3) DOM – This happens when the DOM environment has changed but the code remains the same.

Let's take a closer look at them.

XSS test tool

Cross-site scripting attacks are one of the most common and dangerous attacks, so there are many tools to test them automatically. You can find various scanners that look for potential XSS attack vulnerabilities, such as Nesus and Nikto. Both are considered very reliable.

From my career as a software tester, I would like to mention SOAP UI tools. SOAP UI can be considered a very powerful tool for checking for possible XSS attacks. A ready-made template is included to check this attack. This greatly simplifies the testing process.

However, in order to test this vulnerability with the SOAP UI tool, tests at the API level must already be automated with this tool. Another solution for testing against XSS is browser plugins. However, plugins are considered a rather weak tool for defending against this kind of attack. Even with automated testing, the testers should have a good knowledge of this type of attack and be able to analyze the results accordingly.

Good knowledge also helps when choosing a testing tool. It's also important to know that manual testing is also a good practice when using automated tools to scan for vulnerabilities, and that testers can review and analyze the results.

How to prevent XSS

Although this type of attack is considered one of the most dangerous and risky attacks, you should still have a preventive plan in place. Due to the frequency of this attack, there are many ways to prevent it.

The main prevention methods commonly used are:

data verification

filter

escape

The first step in preventing this attack is input validation. User input can lead to output, so anything the user types must be validated for accuracy. Data validation is a cornerstone of ensuring system security. Recall that the idea of validation is to disallow malformed input.

So while this helps mitigate risk, it may not be enough to prevent potential XSS vulnerabilities.

Another good prevention method is user input filtering. The idea of filtering is to look for dangerous keywords from user input and remove them or replace them with empty strings.

These keywords are:

[delete][delete] tag

javascript commands

HTML markup

Input filtering is fairly easy to implement. You can also do it in different ways.

As:

It's from the developer who wrote the server-side code.

Appropriate programming language libraries are used.

In this case, some developers write their own code to check for appropriate keywords and remove them. However, an easier way is to choose the right programming language library and filter the user's input. Note that these libraries are used and tested by many developers, so using them is a more reliable method.

Another possible prevention method is sign escaping. In this case the corresponding character is modified by a special code. For example, the < escape character looks like this: <. It is important to know that you can find a suitable library for escaping the character. In the meantime, don't forget proper testing as well. You should invest in good software testers and knowledge of reliable software testing tools. In this way, good software quality is more reliably guaranteed.

technology prevention

As already mentioned, filtering and escaping are the main prevention methods. However, different programming languages can do it differently. Some programming languages have good filtering libraries, some don't.

Note that the Java and PHP programming languages have appropriate libraries, so filtering can be done very easily.

Java technology is so ubiquitous that there are many solutions. If you're using Spring technology and want to escape HTML throughout your application, you'll need to write the appropriate code in your project's web.xml file.

defaultHtmlEscape

true

This code toggles HTML escaping for the entire application.

If you want to change the HTML escaping of the form on the corresponding page, write the code like this:

defaultHtmlEscape="true">

There are many ready-made XSS filters in the form of .jar files. Remember that you have to add the .jar file to your project or you can't use that library. One such XSS filter is the servlet filter, xssflt.jar. This .jar file can be easily downloaded from the Internet and added to your project.

This filter examines every request sent to your application and removes it from potential injection.

If you add an external.jar file to your project, you must also include it in your web.xml file.

XSSFilter

com.cj.xss.XSSFilter

Another possible solution is the ESAPI library. The ESAPI library is compatible with many programming languages. You can find ESAPI libraries for Java and PHP programming languages. This is an open source free library that helps you control the security of your application.

Conclusion

We strongly recommend that you evaluate the risk posed by a potential XSS attack during testing. XSS attacks can affect web applications that appear safe.

This is considered one of the most dangerous and dangerous attacks. So don't forget this kind of test. It is important to fully understand this attack when testing against XSS. This is the basis for correctly analyzing test results and choosing the right test tool.

Are you a tester investigating cross-site scripting XSS attacks? Do you have any interesting facts about XSS attacks that might help our readers? Share your experiences with us in the comments below!!

Reference

Hacking is widespread on the Internet. Even big companies like Evernote have been hacked, so it's not hard to imagine that you, as an individual, could be hacked too. While this experience is actually quite common, it doesn't always make it less painful. Immediately after a tragic event, you are confused and don't know what to do.

No matter what you've been through, whether it's phishing, hacking, or malware, there are some simple steps you can take right away to help restore your sanity to life. try to find the motive behind the hack

I know you are in a stressful situation. The last thing you can do right now is take the time to understand why you were hacked. A prime example, of course, is when a bank account is hacked. In this case, it is clear that the hackers were most likely after your money.

There may be other cases as well. B. Your email has been hacked. In this case you have many options. Hackers can spam emails from your address or call your contacts to demand money. On the other hand, they may use your email address to reset passwords for other accounts. They may even use your email to try to find their way into your business.In any case, take a moment to figure out what the reason is. You can stop hackers and take appropriate measures to prevent such things from happening in the future. Plus, it can show you how to recover quickly.

password reset

Regardless of which services are affected, you should change your password immediately. In fact, you should not only change your password on the affected service, but also on all other services that use the same or similar password. In fact, reusing passwords is definitely not recommended. Therefore, passwords should be changed regularly. Again, the first response when you realize your account has been hacked is to change your password immediately, both on the affected service and anywhere you've used similar passwords. “Password reuse is actually very common and puts many accounts at risk,” says Pauline Johnson, a security researcher at a local essay service company. In fact, people tend to use similar passwords to aid in memory, not realizing that they are taking huge risks in doing so.

A good way around this is to use a password manager. Using your password to access Password Manager generates strong and different passwords for other services. This way all your passwords are stored in one place. Make sure your password manager password is not similar to other passwords.

Update and scan your machine

Your computer could have been an attacker's primary entry point for him. In most cases, it is the victim who installs the malware on their computer and the first thing the victim has to do when they detect its presence is to remove it. Start updating to the latest version of the operating system. Then download a good antivirus software and scan your computer for any malware that may be present in your account. It's a simple process, but it's important to prevent your machine from being hijacked. Use robust antivirus software. A well-known, trusted, and affordable brand name is more likely to do the job well. However, no antivirus software is perfect. Its success rate ranges from 50% to 75%. However, this hit rate is better than nothing.

get your account back

Luckily, most online social platforms have easy ways to get your account back from someone who has taken over your account. There are methods for Twitter, Microsoft, Google, Facebook, and Apple. They will usually ask you a series of questions about your account that will help verify your identity. helps. You can recover your account even if you don't use the above platforms. Search Google for specific recovery methods for this platform.

Make sure there are no backdoors

The best hackers don't just break into computers and online accounts. It also comes out a backdoor, so even if you kick it out, it will come right back. Therefore, even after the account is restored, we must ensure that there are no backdoors that an attacker can use to regain access. For e-mail, for example, you should check your filters and rules to make sure you are not unknowingly forwarding your e-mail to another account. You should also check your security questions to see if the answers have changed. Check financial activity

If the hacked account is a financial account, all activity on that account should be thoroughly investigated. Address settings, payment methods, linked accounts, and more. return.

Confirm your account

This is more of a mindset than an action you should take. Hackers sometimes hack accounts just to give them access to something else. They can hack your email and reset your password elsewhere. If they hacked your cloud account, it could be to access certain files or folders. So, you should always scrutinize and check all files, folders and accounts associated with hacked accounts. Reset all passwords and move all important information and take steps to protect it. Assume everything is at stake and act accordingly.

credit guarantee

One of his favorite crimes for cyber attackers is identity theft. So take your time and check the security of your loan. Contact all major credit bureaus and let them know you were hacked. You can then block the credit. It may be free or paid, depending on where you live and whether you have already filed a police report. report hacked

Hacking isn't just for you. Hackers may be using your account to trick your friends into sending money. This can be done by impersonating you and claiming that you are in an emergency and need money. You may also want your friend to know because the breach involves accessing data pertaining to your friend.

The above reasons are important reasons to report if you've been hacked, but not the most important reasons. The biggest reason to tell people you've been hacked is to raise awareness. Ultimately prevention is better than cure. Letting your friends and the public know what you went through and how you got hacked gives them a chance to use the correct prevention methods. Keep your software up to date, use good passwords, and always back up your data for security reasons.

Conclusion

Being hacked is certainly confusing and frustrating. However, we recommend that you keep your cool and take necessary steps to mitigate the damage and keep hackers out of your private space. By following the steps above, you can take a step towards restoring sanity to your life.

Reference:

What is a botnet?

A botnet is a collection of devices connected over the internet, each running a single bot or set of bots. Distributed denial of service attacks (DDoS) are the most common use of botnets. However, cryptomining and click fraud are other activities performed by botnets to give hackers access to your device. Once a botnet is established, an attacker can use command and control (C&C) software to control the botnet. One of the main advantages of botnets is that they can use the computing power of hundreds or thousands of computers. Attacks come from so many different devices that the attacker's C&C is hidden and difficult to block or track.

1. Botnet Attacks Increased 23% Quarterly

Spamhaus' Q4 2021 Botnet Threat Update reported a 23% increase in botnet C&C (command and control) attacks from 2,656 in Q3 2021 to 3,271 in Q4 2021. I'm here.

2. Russia has the largest share of botnet C&C

The report further shows that his C&C for botnets increased by 64% between Q2 and Q3 of 2021 in Russia. From Q3 to Q4, these attacks increased by 124%, an even more dramatic increase.

3. The most common type of malware used was a credential stealer

Malware-Dropper is a malware bot that performs various malicious activities such as downloading and executing additional malware, participating in DDoS attacks, stealing credentials, etc. Malware bots tracked in Q3 2021 was the top of In the fourth quarter of 2021, the threat of credential theft grew and even surpassed it.

4. DDoS attacks set new records in the first half of 2021

The NetScout H1 2021 Threat Intelligence Report reveals that 5.4 million DDoS attacks were launched in the first half of 2021, an 11% year-over-year increase. DDoS attacks are typically launched using botnets to overwhelm targeted servers.

5. DDoS Extortion Attacks Targeting ISPs

NetScout also reported a spike in cybercriminals targeting his ISPs via the Lazarus DDoS ransomware campaign, which focused on authoritative domain servers in 2021. These DNS servers match IP addresses with domain names and provide details about the location of recursive DNS name server websites.

6. Adaptive DDoS attacks will rise in 2021

In 2021, attackers have developed adaptive DDoS attack strategies to evade traditional defensive techniques. Attackers tailor each attack to bypass multiple layers of DDoS mitigation for both cloud and on-premises attacks.

7. The financial sector is an industry targeted by botnets

Interpol's 2020 ASEAN Cyberthreat Assessment measured the impact of botnets on various organizations by industry. According to the report, the main targets in 2019 were the financial sector and its customers. Attackers wanted to remotely control victims' computers to collect personal information, such as banking information, or to install and distribute other types of malware.

8. Gafgyt and Mirai IoT Botnets Account for Half of All DDoS Attacks

His 2021 first half report for NetScout also revealed that attackers are using botnet clusters tracked around the world to enable more than 2.8 million DDoS attacks. The Gafgyt and Mirai botnets accounted for over half of these attacks. According to the report, “The ransomware gang added triple extortion DDoS tactics to its repertoire. At the same time, a Fancy Lazarus DDoS extortion campaign was launched, with multiple campaigns specifically focused on his ISP and its authoritative DNS servers. It threatened industry organizations.”

9. Latin America region networks hosted the most active botnet C&C

Spamhaus reports that his 60% of active botnet C&C entries in Q4 2021 were hosted in his Latm region. The chart below shows the networks that hosted the most C&C botnets in Q4 2021. Spamhaus explains that the hosts in the table either have abuse issues or do not take appropriate action when they receive reports of abuse.

How does botnet takeover work?

The first step for an attacker to create a botnet is to obtain or create malware that can be controlled remotely over the Internet.

Attackers install malware on targeted computers over the Internet. This can be by hosting files on compromised websites for victims to download, by sending files as email attachments, or by spoofing via messaging apps that infect devices when users click on links. You can do it by sending the URL of Hackers can also search the internet for vulnerable IoT devices and perform brute force login attempts to infect devices remotely.

Once a computer is infected, it makes the hacker`s job easier to spread the infection to other devices that interact over the internet. For example, the hacker could set up the malware so that the infected system sends spam emails to other systems to spread the infection, thus giving them control of a larger botnet cluster.

The malware used is often a trojan-style variant disguised as a legitimate file hiding behind an executable. Opening the executable is enough to spread the infection to another device, but sometimes IoT infections (see example below) like Mirai don`t require any user input to infect and spread between devices.

Examples of botnet attacks

Malware used to create a botnet comes in many forms, but the following examples are some of the commonly used methods to trick users into opening an infected file:

You visit a compromised website (without knowing) to find a valuable piece of software designed to speed up your computer. When you download the executable, it contains the filename you expect, so go ahead and open it. This infects the device and allows hackers to create botnets.

Someone emails you his message and the sender appears genuine and the image attachment or billing agreement calls for urgent action. You open the attachment, but it's not a PDF or JPG, it's an exe containing malware ready to infect your device.

Malvertising is a new method used by attackers to infect devices. Injects malware into pop-up and banner ads. If you visit a compromised website, you don't even need to click an ad to get infected. A file containing the infection needed to create a botnet may be automatically downloaded to your device.

Reference:

0 notes

excelforeusa · 5 months ago

Text

Future Trends in In-Vehicle Networks: Advancements and Innovations

The future of in-vehicle networks is shaped by technological advancements, consumer demand for connected services, and regulatory requirements for vehicle safety and cybersecurity. This article explores emerging trends, innovations, and the transformative potential of in-vehicle networks in shaping the future of automotive technology.

Evolution of In-Vehicle Networks

From CAN Bus to Ethernet: In-vehicle networks evolve from traditional CAN Bus and LIN protocols to high-speed Ethernet and FlexRay architectures. Ethernet supports bandwidth-intensive applications, such as multimedia streaming, autonomous driving systems, and vehicle-to-everything (V2X) communication.

Integration with IoT Devices: In-vehicle networks integrate with Internet of Things (IoT) devices, smart sensors, and connected infrastructure to enhance vehicle connectivity, gather real-time data, and optimize operational efficiency. IoT integration supports predictive maintenance, traffic management, and personalized driving experiences.

Emerging Technologies and Innovations

5G Connectivity: The deployment of 5G networks accelerates in-vehicle communication speeds, reduces latency, and supports ultra-reliable low-latency communication (URLLC) for safety-critical applications. 5G integration enhances V2X communication, improves traffic flow, and enables seamless vehicle connectivity.

Edge Computing: Edge computing platforms process data locally within in-vehicle networks, reducing latency, optimizing bandwidth usage, and supporting real-time decision-making for autonomous driving and cloud-based applications. Edge computing enhances in-vehicle network performance and responsiveness.

Automotive Cybersecurity and Data Privacy

Secure OTA Updates: Automotive manufacturers implement secure OTA update mechanisms to deploy software patches, firmware upgrades, and security enhancements remotely. Secure OTA ensures data integrity, verifies update authenticity, and protects in-vehicle networks against cyber threats.

Regulatory Compliance: Compliance with automotive safety standards, such as ISO 26262 for functional safety and UN ECE regulations for cybersecurity, ensures vehicle safety and regulatory adherence. Manufacturers integrate cybersecurity measures into in-vehicle networks to protect against cyber threats and ensure consumer trust.

Consumer Demand and User Experiences

Connected Services: Consumer demand for connected services drives the adoption of in-vehicle networks that support advanced features, such as real-time navigation updates, voice-controlled assistants, and personalized infotainment options. Connected services enhance driver convenience, entertainment, and overall vehicle usability.

User-Centric Design: Automotive OEMs prioritize user-centric design principles to enhance the usability and accessibility of in-vehicle networks. Intuitive interfaces, seamless connectivity with mobile devices, and personalized settings improve driver satisfaction and foster brand loyalty.

Future Innovations and Industry Collaboration

AI-Powered Analytics: Integration of artificial intelligence (AI) and machine learning (ML) enables predictive analytics for in-vehicle networks. AI algorithms analyze vehicle data, predict maintenance needs, optimize energy efficiency, and enhance driver safety through real-time insights and proactive recommendations.

Smart City Integration: In-vehicle networks contribute to smart city initiatives by supporting traffic management systems, environmental monitoring, and urban mobility solutions. Vehicle-to-infrastructure (V2I) communication enhances traffic flow, reduces emissions, and improves overall transportation efficiency.

Conclusion

Future trends in in-vehicle networks are driven by technological advancements, regulatory requirements, and evolving consumer preferences for connected services and enhanced driving experiences. By embracing innovations in connectivity, cybersecurity, and user-centric design, automotive stakeholders shape the future of mobility, redefine industry standards, and accelerate the adoption of next-generation in-vehicle networks.

0 notes

govindhtech · 7 months ago

Text

Intel’s Silicon Mobility OLEA U310 SoC Boosts EV Progress

Silicon Mobility OLEA U310

One of the main obstacles to purchasing an electric vehicle (EV) is still its expensive cost, which deters many prospective consumers worldwide. Due in large part to the high expense of developing improved battery and e-motor technologies, electric vehicles (EVs) are now more expensive to construct than conventional gasoline-powered vehicles. Improving the efficiency of current battery technology at the vehicle level through energy savings and better interaction with EV station infrastructure is the short-term solution.

With the release of the new OLEA U310 system-on-chip (SoC) today, Silicon Mobility, an Intel company, has successfully addressed this precise difficulty. The entire performance of electric cars (EVs) will be greatly enhanced by this next-generation technology, which will also expedite the design and production processes and expand SoC services to guarantee smooth operation across a variety of EV station platforms.

Mobility in Silicon

The new SoC, which is a first for the industry, is the first all-in-one solution that combines software and hardware, and it is designed to meet the requirements of distributed software-based electrical architectures for powertrain domain control. With its distinct hybrid and heterogeneous architecture, the OLEA 310 FPCU can take the place of up to six conventional microcontrollers in a system configuration that includes an on-board charger, a gearbox, an inverter, a motor, and a DC-DC converter. Original equipment manufacturers (OEMs) and Tier 1 suppliers can regulate a variety of power and energy functions simultaneously and in real time with the 310 FPCU.

Create a function grouping for your e-powertrain

The OLEA U310 is a recent addition to the Silicon Mobility FPCU line. Its design matches distributed software requirements for powertrain domain control in electrical/electronic designs. Beyond the capabilities of conventional microcontrollers, the OLEA U310 is constructed with a novel hybrid and heterogeneous architecture that embeds numerous software and hardware programmable processing and control units seamlessly integrating functional safety and the cybersecurity into its fundamental design. It hosts and connects, on a single chip, the essential event-based multifunction control requirements with the time-based and multitask software application needs.

Created with the newest demands in automobile control in mind

The OLEA U310 can do more than only powertrain tasks. Additional uses for this adaptable system-on-a-chip include:

Systems for Chassis Control

Fusion of Data

Compressor air

System for Thermal Management

Different Control Mechanisms

EV makers may create a more integrated and effective control system that improves control and performance by utilising the adaptability of the OLEA U310.

Authority of the AxEC

For direct sensor and actuator interfacing, the Advanced eXecution & Event Control (AxEC) unit integrates programmable hardware, mathematical coprocessors, and adjustable peripherals. The core of the FPCU architecture is the programmable hardware known as the Flexible Logic Units (FLU). It is a programmable logic fabric that can be designed using common hardware description languages like Verilog or VHDL. It is furnished with flip-flops, SRAM, lookup tables, and signal processing units. 1-4 FLU partitions are a notion that is introduced by the OLEA U Series.

CPUs are in charge of high-level and low-response-time software, while AxEC deals with real-time control and fast-response processing. For particular jobs, designers have the option of using CPU or AxEC; nevertheless, AxEC usually performs sophisticated processing, minimising CPU utilisation. Regardless of the number or frequency of events, hardware processing guarantees prompt, accurate responses.

Protected by OLEA SiLant

The greatest level of automotive safety integrity specified by the ISO 26262 functional safety standard, ASIL-D design ready, is met by the FPCU. The OLEA U Series Safety Integrity Agent (SiLant) is in charge of identifying, containing, and responding to errors in nanoseconds. It is the key hub for all safety measures integrated within the FPCU. SiLant detects software and system faults in addition to latent and transient faults at the semiconductor level.

OLEA U FLU provides safe multitasking and function grouping with unified firmware virtualization from CPU down to FLU level with the advent of multi-CPU and multi-FLU. OLEA U offers assurances and a deterministic architecture. Worst-Scene Performance It’s time to create applications that require safety.

Protected by OLEA FHSM

For the best defence against current and potential threats, the latest generation of FPCU is available. A subsystem integrated into the OLEA U Series that complies with the ISO 21434 automotive cybersecurity standard and EVITA Full is called the Flexible Hardware Security Module (FHSM). Its specialised programmable hardware allows it to contain hardware-accelerated security functions that can be used to improve protection or keep an eye out for any system security breaches. This special feature makes use of a wider range of cryptographic techniques to enable safe real-time communications as well as secure software updates and execution.

Mobility of Silicon

Together with the bill of material (BoM) reduction, preliminary data indicates that compared to current EVs, there will be a 5% increase in energy efficiency, a 25% reduction in motor size for the same power, a 35% decrease in cooling requirements, and a 30% reduction in passive component size. With fewer components to incorporate, the new Silicon Mobility technology enables EV makers to develop software-defined electric vehicles with superior performance, increased range, and potentially cheaper production costs. The industry’s transition to an all-electric and software-defined future will be accelerated by the new solution, which also enhances Intel Automotive’s current line of AI-enhanced software-defined vehicle (SDV) SoCs.

Silicon Mobility OLEA U310 Features

2nd generation of FPCU

3x Cortex-R52 @ 350MHz – 2196 DMIPS

AxEC 2.0: 2x FLUs @ 175Mhz – 400 GOPS + 9.1 GMAC

SILant 2.0: Safe and Determinist Multi-Core/FLU

Flexible HSM: HW & SW EVITA Full

8MB of P-Flash, 256kB of D-Flash, 1MB of SRAM

CAN FD, CAN XL, Ethernet

ISO/SAE 21434 certifieISO 26262 ASIL-D & ISO/SAE 21434 compliant

AEC-Q100 Grade 1

292 BGA