17 minute read
NE WS From Around the Horn
BOSTON
Motional Gets Self-Driving Cars Ready For Roads
Hyundai and Aptiv announced that their new autonomous driving joint venture will be called Motional and aims to introduce driverless vehicles for ride-hailing fleets by 2022. Launched virtually on August 11 to its employees around the world, the self-driving pioneer is hoping to make driverless vehicles a safe, reliable, and accessible reality.
Motional is developing and commercializing SAE Level 4 vehicles – autonomous vehicles that perform all driving tasks. Motional have begun testing fully driverless systems in 2020, and its driverless systems and supporting technology will be available for robotaxi providers and fleet operators in 2022.
The name Motional is intended to connect two words: motion and emotional. Motion is meant to imply both movement and its experience moving the industry forward, while Emotional tries to evoke the company’s people-first approach - the focus on safety and reliability that ultimately delivers peace of mind.
“Motional, in all of its previous forms, has been leading driverless technology for decades. Our DNA – a combination of Aptiv’s expertise in advanced technology and Hyundai’s leadership in both vehicle manufacturing and R&D – is uniquely powerful, and positions us to fundamentally change how people move through their lives,” said Karl Iagnemma, President and CEO of Motional. “What we’re building is more relevant than ever. The pandemic has challenged the global community to re-think transportation, and governments and individuals want more and better options. We’re excited to bring driverless technology safely and comfortably into everyday life.”
Interest in robotaxis had been pushed aside lately by the autonomous vehicle industry in favor of automated trucks and delivery vehicles, partly because the need for contactless delivery seems more immediate during the pandemic. While other companies are pivoting to self-driving trucks or delivery vans, Motional is sticking to its original ride-hailing mission.
“Our strategy is to focus on the biggest opportunity out there, which is moving people,” Motional CEO Karl Iagnemma. One day, the company might expand its focus to automated trucking and goods delivery, he said, but not now.
The company says its research shows self-driving cars are even more relevant today. Hyundai and Aptiv surveyed 1,000 consumers during the pandemic to see how their attitudes toward self-driving technology had changed. Nearly one in five (19%) Americans are more interested in self-driving vehicles now than they were before the pandemic; 70% of Americans say that the risk of infection is a real concern impacting their transportation decisions. “Safety is not just about avoiding crashing,” says Iagnemma.
The $4 billion, 50-50 joint venture was formed in March to commercialize self-driving vehicles. Hyundai invested $1.6 billion in cash and contributed $400 million in R&D resources, while Aptiv transferred its autonomous driving technology, in
GREENFIELD
Dillon Chevrolet Puts PPE Out Front
tellectual property and about 700 engineers to the new company.
Tom and Jay Dillon have drawn attention to their Greenfield dealership, with over-sized masks for their vehicles.
MANCHESTER, NH
Live Free or Fly: New Hampshire Makes Flying Cars Road-Legal
Even for folks following the technology, the idea of flying cars cluttering the skies still seems ridiculous, but New Hampshire has just made strides towards making the Jetsons a reality. The state legislature passed, and the governor has signed, House Bill 1182, which makes it legal to have a “roadable aircraft,” better known as a flying car, in the state. These flying cars would have to take off and land from an actual airstrip, but the new law means they can drive there and back on public roads.
Taylor Caswell, New Hampshire’s Department of Business and Economic Affairs Commissioner, said the state’s commitment to innovation has been bolstered.
“A major economic policy goal for New Hampshire is to be one step ahead, and I believe applying tech solutions in the
transportation sector are full of opportunity,” Caswell said. “Providing foundations for business development in this area is something you will see more of in the future.”
When you get your flying car registered, there’s going to be a municipal permit fee of $2,000. Under the provisions of the bill, the vehicles would be legal to be driven just like an ordinary vehicle on public roads. According to the bill, “All roadable aircraft shall be required to take off and land from a suitable airstrip and shall be prohibited from taking off and landing from any public roadway, unless under conditions of an emergency.”
Right now there are two companies looking to manufacture flying cars: Massachusetts-based Terrafugia, which has been keeping a low profile since their purchase by China-based Geely, and Oregon’s Samson Sky, whose roadable aircraft, the Switchblade, has been delayed. t
The Best Thing You Can Do Is Implement Two-factor Authentication The worst thing you can do is rely on it
Jill Kamperides IT Security Analyst, OCD Tech
Jill Kamperides is an IT Securi y Analys focused on priva ely held companies and in ernaionalban ingclien s. Aspar of hepene ra ion es ing eam, she u ilizes her deep nowledge of programming and au oma ion hrough scrip ing and uses ha nowledge o quic ly discover misconfigura ions in arge sys ems. Jill is also responsible for he OCD Tech phishing pla form and oversees he main enance of wee ly clien employee securi y awareness campaigns.
Passwords are everywhere. In general, you cannot have an account somewhere without also having a password to that account. Your password should be something that you, and only you, know. That way, if a “bad guy” tries to access your account, they will be stopped by not knowing your password. Of course, things do not always work this way.
Passwords can be stolen, forgotten, and even cracked or essentially deciphered by the bad guys. We at OCD Tech have a team of penetration testers that try to prevent this. To do so, we put ourselves in the bad guys’ shoes and do what they would do. If we are successful, it means that the bad guys could be as well, so when we find vulnerabilities, we report on and remediate them. We are like hackers, but for the good guys. The OCD Tech team has recently made some observations concerning passwords, phishing, and two-factor authentication. This article discusses how they are intertwined, and how it affects you.
Password-based authentication is inherently weak on its own, even if you have the strongest password ever. Maybe your password is 25 characters and there is no way it could be cracked. If your account is compromised in a data breach, your password is suddenly meaningless. If you have shared that password between multiple accounts, you are in even more trouble. As penetration testers, it is one of the first things we check for, and the bad guys do, too.
Two-factor authentication (2FA) was developed as a way to strengthen password-based logins by adding an extra layer of security, and it works really well, most of the time. However, during a recent penetration test, the OCD Tech team proved that even two-factor authentication is not the be-all and end-all of user security. It can be bypassed.
It started with reconnaissance of our target, as most real-world attacks will. With the power of open-source intelligence gathering tools, and with search engines at our disposal, we compiled a list of email addresses that would be the foundation of a phishing campaign against our client.
Review of the in-scope IP addresses revealed a few different websites that were hosting login pages – we noted Citrix, Outlook, and some others that made potential targets for this campaign. Citrix is a popular software company that provides, among other things, networking services, which includes remote-access applications. Outlook provides access to users’ email inboxes. We decided to start by phishing for credentials to the client’s Outlook Web Application login portal, because if we had success there, we would have gained access to business emails. If a bad guy were to accomplish this, it could be detrimental to a company.
Our client’s instance of Outlook Web App was not protected by 2FA, which also made for an easier starting point. We crafted a phishing email along the lines of, “We’ve had an update. Please login to your account at this link to validate your credentials.” It was prettier than that, of course, and there was some back-end work involved, such as setting up a fake login page, but before long we were ready to start. We fired off our phishing email to the list of addresses we had assembled during the recon stage, and then we waited. Ultimately, we received three sets of credentials, which meant that three individual users clicked the link in our phishing email and entered their username and password into our fake login page, thinking it was the company’s real login page. Their credentials came straight to us.
As luck (and Active Directory) would have it, these credentials were also valid on the client’s Citrix web portal, with one caveat – Citrix was protected by two-factor authentication. More specifically, Citrix was protected by a Google One-Time Password (OTP). We decided to phish for it. We set up a new fake login page, a clone of Citrix, and then we emailed only the three users who responded to our first round of phishing, knowing they would be most susceptible to responding again. This method of picking and choosing targets, as opposed to addressing an entire mailing list, is known as spear phishing. Our email this time looked something like, “Some users have reported issues accessing Citrix following our update. Please validate your Citrix credentials here to ensure your access is not affected. Remember, this must include your Google OTP.” And we waited.
There are a few problems when it comes to phishing for two-factor authentication: If the target’s 2FA service only generates a code when a real login attempt is made, this strategy will fail since the target is logging in to our fake page and will therefore not generate
an alert. Google’s OTP, however, is a rolling code that automatically refreshes every 60 seconds. This code lives on the user’s device and is valid whether they are actively trying to login or not. All we needed was for one of the targeted users to enter their current code into our fake login page. With any other configuration, our attempt at bypassing 2FA would have been significantly more difficult, and likely less successful. The second problem is if the code is time-sensitive! If it is not entered within a very limited window of time, authentication will fail.
So, we again waited for a user to enter their credentials on our fake login page. We watched our web server logs, which would provide a live feed of any phished credentials, and we did not dare step away from our screens until an hour or so later, after we had gotten three hits. Our hunch was right; the three users who were phished once were all phished again. The usernames, passwords, and OTPs they provided were all accepted by Citrix. We logged into Citrix using these newly-phished credentials, which allowed us to connect to a server on our client’s internal network. This server was poorly configured, and we discovered that each user was highly privileged. Because of this, we were able to utilize common penetration testing techniques to elevate our privileges to domain admin. If a bad guy were to get this far, they could do anything, ranging from stealing sensitive documents, to encrypting every machine on the network and holding them for ransom. Despite two-factor authentication, we demonstrated complete network compromise for the client, all while being entirely remote.
How can you protect yourself from attacks like this? The first step is realizing the root of the problem. Although two-factor authentication can leave a lot to be desired in the way of security, this is not the biggest issue. The problem lies with phishing, and your users’ susceptibility to fall for a phishing attack. All it takes is one unaware user to result in network compromise. Phishing can be partially mitigated with a mail filter and robust spam settings, but if one email should slip through, your organization is still vulnerable if your users are not trained in security awareness. The best way to do this is to phish them yourself – familiarize your users with what phishing looks like, train them when they are fooled, and, in the future, they will know what to look for and will know not to click again.
Two-factor authentication, although flawed, is still extremely important. Passwords can be cracked, guessed, or stolen; it happens all the time. Two-factor authentication helps to protect against this. It is one of the best defenses against an attacker trying to break into your account, but its flaws cannot be ignored. Like
most things, it is imperfect, and it can be bypassed. This is why you should not rely solely on two-factor authentication to protect you. When you stack your defenses not only with 2FA but also with a staff that will never fall for a phishing email, you stand a far greater chance of withstanding attacks. t
Contact OCD Tech if you would like to learn about the security awareness training we offer to help keep your users safe from phishing attacks, and check out our free external web breach assessment to understand what the biggest outside risks are to your organization.
New light-vehicle sales improved for the third consecutive month in July. The July SAAR totaled 14.5 million units, a decline of 14.4% compared with July 2019 but up from the SAAR of 13.1 million units for June 2020. In terms of raw volume, July sales were up by just over 120,000 units from June. And through the first seven months of the year, new light-vehicle sales were off by 22.1% compared with the same period in2019. American consumers continue to choose light-trucks over cars, with light trucks representing 76% of all vehicles sold in July and 75.4% of all new vehicles sold so far this year.
Similar to May and June, fleet sales fell more than retail sales did in July. According to Wards Intelligence, retail sales were off by 10% year over year, while fleet sales declined by a substantial 60% year over year. Vehicles have been selling quickly once they reach dealer lots. According to J.D. Power, 41% of all vehicles sold in July spent fewer than 20 days on the lot, up from 35% a year ago. Inventory constraints in
Patrick Manzi
NADA Senior Economist
Boyi Xu
Economist
popular segments may have limited some sales in July, and according to Wards Intelligence, final inventory numbers are expected to register an eight-year low for the month. Because of such robust demand, incentive spending was dialed back in July. Preliminary estimates from J.D. Power peg incentive spending per unit at $4,236, down from June 2020 but up by $166 compared with July 2019.
Our outlook has not changed much since last month. We expect new-vehicle retail sales will continue to recover for the rest of the year, while fleet sales will continue to struggle. Inventory constraints in popular segments will be a headwind for new-vehicle sales for the rest of the summer. But barring any unexpected parts delays or vehicle plant shutdowns stemming from new COVID-19 outbreaks, we expect that vehicle inventory levels will be at close to normal levels by the end of the summer. For 2020, we expect new light-vehicle sales will fall to between 13 million and 13.5 million units.
JANUARY 2016
By Steve Bassett
Chairman, American Truck Dealers
Steve i the e ler princip l of Gener l Truck S le in Muncie, In i n . He l o h loc tion in In i n poli , In i n , n Tole o, Ohio. He ell Volvo, I uzu, Hino, n M ck truck .
Revisit All That Your ATD Membership Offers
When we, as a business community, face many unknowns and uncharted territory in front of us, there is power in going back to the basics. With just a few months left in this challenging year, I want to remind every commercial truck dealer that the heart of our business revolves around this basic principle: We are a people business above all else. So let’s take advantage of everything ATD offers to help strengthen and empower our managers, sales forces and service technicians through the rest of the year.
The commercial truck industry is rebounding from the COVID-19 pandemic. Last month, truck orders showed the strongest levels on record since October 2019. Class 8 net orders for the past 12 months now total 168,000 units, and experts say we are hitting the height of the summer demand. While the market has endured the worst of the decline since the onset of the pandemic, we need to work hard to keep the industry moving upward despite high levels of unemployment.
The greatest hidden secret in ATD is that you might not be taking advantage of the resources at your fingertips. In a world of fragile markets, it is time to use your basic membership offerings, which include ATD Academy and 20-Group, workshop recordings, online webinars, and much more. These basics are the building blocks of longevity. They teach us how to sharpen our business skills; to manage our expenses; to navigate the regulatory maze post COVID-19; to retain our workforce; and to recruit much-needed diesel technicians for the future.
I am proud to say that the ATD Academy has reopened its doors in Tysons, Virginia. The Academy never stopped educating truck and car dealers throughout the pandemic. I urge you to review the valuable online webinars on countless issues, like dealer data, Paycheck Protection Program rules, ATD Best Practices or Passing the COVID-19 stress test. Recordings of all webinars in the Dealership Lifeline Series are available to ATD and NADA members 24/7, free of charge.
There are also many NADA Driven guides to download for free and share with your staff, including “Safely Operating your Dealership During a Pandemic” and “Re-opening Your Dealership During a Pandemic.” The ATD website and the weekly ATD Insider catches you up on the latest industry news. ATD Truck Beat captures the current market and latest sales analyses. Remember all these resources are items you’re already paying for. Take advantage of the education, training, and multimedia resources at your disposal.
When I first addressed fellow truck dealers just six months ago on the Las Vegas stage, I mentioned that dealers—and our small-town businesses—have many odds stacked against us. Yet we persevere and win every day because we are not just competitors; we are one powerful team. Despite an extremely challenging year, we leaned on one another, we learned from our mistakes, and we have returned to the basic principles that have always made us successful. America is still moving, and I am confident truck dealers everywhere will keep up the pace through the remainder of 2020.
Expected FET Suspension Decision Waits
By David Bell, NADA
Direc or of Legisla ive Affairs
Since April, ATD has been focused on temporarily suspending the 12% federal excise tax (FET) on new heavy-duty trucks and trailers through 2021 in the next Coronavirus economic recovery legislation. FET suspension is under consideration for inclusion in the economic stimulus legislation in Congress.
The ATD-led Modernize the Truck Fleet Coalition, along with 198 industry groups and the UAW, have advocated to temporarily suspend the 12% FET to help save jobs, boost the economy, and modernize truck fleets by accelerating the purchase of new trucks with the latest environmental and safety technology.
Due to government-ordered shutdowns and the pandemic, Class 8 truck sales are predicted to decrease 50% this year; however, a recent American Trucking Associations survey showed that 60% of fleets are likely or very likely to purchase new trucks if the FET were suspended.
Fifty-five House Democrats sent a letter to Speaker Pelosi and Ways and Means Chair Richard Neal (DMA) urging them “to suspend the FET until the end of 2021 in upcoming Coronavirus legislation as the best and fastest way to help save or restore trucking-related jobs and jumpstart the economic recovery of this vital sector.”
On July 27, Senate Republicans released the “Health, Economic Assistance, Liability Protection, and Schools (HEALS) Act,” a $1 trillion economic stimulus bill that includes provisions to extend unemployment benefits, liability reform, and small business relief. It did not include FET suspension, however.
ATD welcomes the opportunity to put you in touch with your Members of Congress. Please contact Patrick Calpin or David Bell of ATD Legislative Affairs at pcalpin@nada.org or dbell@nada.org for more information. t
