Turn off your Wi-Fi. This flying drone could be hacking your
smartphone from the air.
As reported by International Business Times: UK security firm Sensepost has discovered that unmanned flying drones
can be used to hack into smartphones by simply flying over London
pretending to be a Wi-Fi network.
Smartphones are constantly sending out signals trying to find
familiar Wi-Fi networks to connect to, such as your home or work
network, or even the Starbucks free Wi-Fi network you accessed two weeks
ago.
Using a simple off-the-shelf helicopter drone it bought on Amazon,
the researchers were able to create a piece of software called Snoopy
that can detect those signals and trick the phone into thinking that the
drone is a familiar Wi-Fi network.
Once the phone is connected to the drone, all data traffic sent from
apps like email, Facebook and even banking apps captured and fed back to
those controlling the drone. This shows that cybercriminals don't have
to infect your smartphone with malware in order to monitor your
activity.
Sensepost developers tested their flying drone two weekends ago by
flying it over people's heads on a sunny afternoon in London Fields,
Hackney, and to their amazement, no one noticed the drone at all.
The drone is watching you
"In the old days, to hack someone you needed a laptop with a big
antenna which would be really obvious, but now we're in the age of
really small devices. We thought, can we apply an old-school Wi-Fi hack
called Karma?" Sensepost's chief operating officer Daniel Cuthbert tells
IBTimes UK.
Not only can the drone monitor your smartphone, but it's also very
easy to track someone's movements and habits through their phone.
The firm first programmed an old Nokia N900 smartphone to become a
spying device two years ago, put the device in their pocket and then
spent some time hanging out in major London train stations Liverpool St,
Oxford St, Victoria and Kings Cross St Pancras.
While they blended in and sat having a coffee, the device picked up data from over 60,000 smartphones in the four stations.
Sensepost took the data and put it into Wigle, an open-source
geo-location service. When they cross-referenced the data with Google
Streetview, they were then able to track all the people and their
smartphones as they moved throughout the stations and beyond.
Turn off your Wi-Fi
"People put so much trust into the Internet, it's mind-boggling. Stop
putting so much trust in the Internet. When you go out, turn your Wi-Fi
off on your phone," Cuthbert warns.
"We want more pressure put on the developers of iOS, Android, Windows
Phone and BlackBerry to improve security on smartphones. You wouldn't
buy a car with poor security, why are we willing to do it with the Internet?"
Cuthbert also warns against connecting to free public Wi-Fi if you're not sure where it's coming from.
"If you don't know who the Wi-Fi network belongs to, how do you know
if it's malicious? Someone could be accessing your data and you don't
know where it's going," he says.
Sensepost will be presenting their research at the Black Hat Asia cybersecurity conference in Singapore next week.
The firm is also working on non-security deployments of unmanned
flying drones being used for crowd management and to collect data about
people in a certain geographic location, so that advertisers can serve
them targeted advertising.
IBM researchers have developed an algorithm that predicts
your home location using your last 200 tweets.
As reported by MIT Technology Review: One of the optional extras that Twitter allows is for each
tweet to be tagged with the user’s location data. That’s useful if you
want people to know where you are or so that you can later remember
where certain events took place. It also gives researchers a valuable
tool for studying the geographical distribution of tweets in various
ways.
But it also raises privacy issues, particularly
when users are unaware, or forget that, their tweets are geotagged.
Various celebrities are thought to have given away their home locations
in this way. And in 2007, four Apache helicopters belonging to the US
Army were destroyed by mortars in Iraq when insurgents worked out their
location using geotagged images published by American soldiers.
Perhaps
these kinds of concerns are the reason why so few tweets are geotagged.
Several studies have shown that less than one per cent of tweets
contain location metadata.
But the absence of geotagging
data does not mean your location is secret. Today, Jalal Mahmud and a
couple of pals at IBM Research in Almaden, California, say they’ve
developed an algorithm that can analyse anybody’s last 200 tweets and
determine their home city location with an accuracy of almost 70 per
cent.
That could be useful for researchers, journalists,
marketers and so on wanting to identify where tweets originate. But it
also raises privacy issues for those who would rather their home
location remained private.
Mahmud and co’s method is
relatively straightforward. Between July and August 2011, they filtered
the Twitter firehose for tweets that were geotagged with any of the
biggest 100 cities in the US until they had found 100 different users
in each location.
They then downloaded the last 200
tweets posted by each user, rejecting those that posted privately. That
left them with over 1.5 million geotagged tweets from almost 10,000
people.
They then divided this data set in two, using 90
per cent of the tweets to train their algorithm and the remaining 10
per cent to test it against.
The basic idea behind their
algorithm is that tweets contain important information about the
probable location of the user. For example, over 100,000 tweets in the
dataset were generated by the location-based social networking site
Foursquare and so contained a link that gave the exact location. And
almost 300,000 tweets contained the name of cities listed in the US
Geological Service gazetteer.
Other tweets contained
clues to their location like phrases such as “Let’s Go Red Sox”, a
reference to the Boston-based baseball team. And
Mahmud and co say that distribution of tweets throughout the day is
roughly constant across the US, shifted by time zone. So a user’s
pattern of tweets throughout the day can give a good indication of which
time zone they’re in.
So the question these guys
set out to answer was whether it was possible to use this information
to predict a user’s home location, a result they could test by matching
it against the user’s geotagged metadata.
Mahmud and co
used an algorithm known as a Naive Bayes Multimonial to do the number
crunching. The trained it by feeding it the training dataset along with
the geolocation data.
They then tested the algorithm on the remaining 10 per cent of the data to see whether it could predict the geolocation.
The
results are interesting. They say that when they exclude people who are
obviously travelling, their algorithm correctly predicts people’s home
cities 68 per cent of the time, their home state 70 per cent of the time
and their time zone 80 per cent of the time. And they say their
algorithm takes less than a second to do this for any individual.
That
could be a useful tool. Journalists, for example, could use it to
determine which tweets were coming from a region involved in a crisis,
such as an earthquake, and those that were just commenting from afar.
Marketers might use it to work out the popualrity of their products in
certain cities.
And it also suggests ways that people can improve their privacy–by not mentioning their home location, of course.
Mahmud
and co say their algorithm could do better in future. For example, they
think they can get more fine-grained detail by searching tweets for
mentions of local landmarks that can be pinpointed more accurately.
Whether that turns out to be possible, we’ll have to wait and see.
An
interesting corollary to all this is that our notion of privacy is more
fragile than most of us realize. Just how we can strengthen and protect
it should be the subject of considerable public debate.
As reported by the Imperial Valley Press: The history of agriculture is full of ideas and concepts that
have allowed farmers to incrementally improve efficiency to
unprecedented levels.
Global Positioning System satellites orbiting the Earth — the
same satellites that guide automobiles and allow smartphone users to
“check in” are helping farmers reach unprecedented levels of efficiency
even as they try to figure out the best use for it.
“GPS in agriculture is new as far as heavy
implementation,” said Tom Mastin, bio-resource and agricultural
engineering lecturer at Cal Poly San Luis Obispo. “Without GPS, large-scale farming is going to be
way too inefficient. Large-scale farms now have guidance systems and a
GIS (geographical information system) manager.” Some applications are obvious. Farm implements, like tractors and fertilizer applicators, nowadays are self-guided and require minimal driver input. “As far as a guidance system, it has reduced labor,” Mastin said. Other applications are arguably more impressive. For instance, GPS technology allows farmers to
precisely level their fields and map the location of ditches,
underground tile drainage lines and subsurface drip irrigation tape. “You can disc the surface and you never lose the
(subsurface drip) tape,” said David Layton, manager of an alfalfa farm
in Calipatria. Extensive use of GPS technology has allowed his
company to profitably work land that might not be economically viable
with conventional techniques. He asked that the name and location of the
company not be published. The idea is to be able to not just fine-tune the
amount of water and fertilizer for given field, but to maximize the use
of space. “GPS makes the whole thing work,” said Ed Hale, an Imperial Valley farmer and consultant for Layton’s company. Hale cites subsurface drip irrigation technology as a case in point. “Drip (irrigation) doesn't work without GPS,” he noted. He said he keeps running across examples where good concepts did not reach their potential. “We’re tearing out the evidence of the drip that
was tried by the Israelis during the late ’70s and early ’80s. They’re
the pioneers of drip. When they first started they were so enamored with
drip, they thought that it cured everything. That was a fallacy. They didn't have GPS technology.” While he declined to say how much money that his
companies have saved through a systematic use of GPS technology, he said
that water savings at the Calipatria farm were “substantial.” “Our feeling is that true conservation isn't so L.A. can grow. It’s so we can get more crop per drop,” Hale said. The technology allows his operation to compete with growers around the world that operate with fewer constraints. “Large ranches have compared efficiency with and
without GPS,” he said. “GPS is 22 percent more efficient. That’s the
difference between losing money and making a profit.” The cost of fuel and equipment has skyrocketed in recent years, he noted. “Our costs are local. Markets are global. We’re
competing with guys growing the same crop in Argentina, where there are
no regulations or social safety nets. My local costs are important to
me,” Hale said.
Modern electric cars are just one category of Internet of Things
devices that will be targeted by hackers.
As reported by The Guardian: As with any buzz topic in the tech world, there’s a lot of misinformation around the Internet of Things. And in the security sphere, there’s much
unnecessary FUD - Fear, Uncertainty and Doubt – spread by industry
vendors to get people suitably scared so they splash cash on purportedly
necessary protection.
Take the case of the spamming
refrigerator. Researchers suggested the smart fridge had been
compromised to relay reams of annoying emails, as often happens to
normal PCs. Yet Symantec discovered the fridge was simply on the same network
and using the same IP address as a hacked Windows PC, which was really
the thing responsible for the spam. Digital listeria this was not.
Yet
there are reasons to be fearful of the Internet of Things (IoT), a name
covering the networks of embedded devices, from smart meters to
connected automobiles, which communicate with each other in an automated
fashion to help make our lives more efficient.
Such connected,
autonomous machines have been around for years, but the reason it is now
on the tips of tech firms’ PR tongues every day is that the number of
connected devices is escalating rapidly into new areas, like
toothbrushes and bathtubs. According to Gartner estimates, the IoT will consist of 26 billion units by 2020, and by that time the industry will be worth $300 billion.
The
problem is that many of the manufacturers of these machines are not
taking the secure-by-design approach. “They are learning on the job at
this point in time,” says Gunter Ollmann, chief technology officer at IOActive, a consultancy firm that has done much research on IoT security.
Hacking vehicles
There
are a handful of real and present threats. In automobiles, trucks are a
major concern. Many contain standardized code to manage vehicles, such
as the control area network (CAN) bus protocol, used for internal
communications between devices in a vehicle.
“CAN messages that
control physical attributes are standardized. Therefore, if you figure
out a hack for one manufacturer others could be quite similar if not
identical,” says Chris Valasek, director of security intelligence for
IOActive.
One of the functions that has understandably worried
onlookers in the trucking and security industries is the kill switch
that powers the vehicles down. “Some fleets use the GPS tracking and
‘check-out’ systems to control access to the trucks when they are in
depots or secure overnight storage locations to prevent the truck being
stolen,” Ollmann adds.
“The open architecture of the trucks CAM
bus has made it much easier for the integration of fleet tracking and
control technologies like these. But conceptually, any wireless
technology that can receive remote commands and affect the operation of a
truck is a potential target for researchers and targets. What if
someone figures out the master shutdown code for all the trucks, and
they get all the trucks in London to stop at 7am?”
It’s a nasty
thought, but this isn’t science fiction. Trucking companies are working
with Ollmann and his team to close off any potential flaws that could
lead to disaster. “We’re working with some of them and doing additional
research on this now … they’re worried about it.”
The car industry
is aware of the problems too, at least in its more progressive corners.
When Valasek and noted security researcher Chris Miller showed on video
how they could hack a car when inside the vehicle (below), it gave rise
to both mirth and misery in the car industry.
Tesla has reacted
the most positively. Having recruited some noted security pros,
including former Apple “hacker princess” Kristin Paget, it has set up a
vulnerability disclosure program rewarding researchers for uncovering
flaws. It’s similar to bug bounty programs run by major software
firms, like Facebook, Google and Microsoft. Evidently, the Rubicon has
been crossed.
Those
vulnerabilities were eventually addressed, but Ollmann says there are
numerous flaws in connected home technologies from other manufacturers
that will be disclosed in the near future.
TVs that run Google’s
Android operating system are vulnerable to many of the same attacks that
affect smartphones. MWR Infosecurity, a consultancy, has tested out an
Android exploit on a Kogan TV running Android.
The attack took
advantage of a documented weaknesses that allow hackers to use of a
piece of code known as a JavaScriptInterface, included in ad libraries
to let further actions be initiated on Android machines.
In
theory, anyone hacking a TV in this way could take photos, if the TV had
a built-in camera, or create invasive applications to spy on viewers.
That weakness has been found in numerous ad libraries used by many of
the world’s top free apps.
“It should affect any TV running
Android and definitely if they’re running apps which use the flawed ad
networks,” says David Chismon, researcher at MWR.
Home routers are ridden with vulnerabilities too, as uncovered by digital security non-profit Team Cymru in March.
It found a network of 300,000 home and office routers had been
compromised, thanks to worrying weaknesses in the devices’ software,
from predictable or non-existent passwords to flaws in the web
applications used to control them.
The hackers decided to use
these security holes to redirect victims to whatever website they wanted
when they started using the internet.
Taking over industrial controls
Connected,
and therefore hackable, devices can also be found in control systems
running nations’ critical infrastructure. Researchers across the world
have been panicking about supervisory control and data acquisition
(SCADA) systems, used to monitor and manage industrial machines, from
nuclear power plants to oil and gas pipelines.
SCADA machines
produced by various manufacturers have been shown to contain various
weaknesses, like those exploited by Stuxnet, the infamous malware that
disrupted centrifuges at an Iranian nuclear plant. What’s worrying is
that more vulnerabilities continue to emerge.
In January, the US government’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)
issued a warning about a buffer overflow vulnerability, a type of
weakness that allows an outside hacker to write code to a device and
which has been largely eradicated from modern systems.
The
Guardian knows of one major security firm that is aware of a number of
theoretical flaws, ones that could be used to play with the power
controls on SCADA systems, but they do not currently have the right labs
to test the potential for real-world impact.
This is another key
problem: the threat is poorly understood, with many apparent
vulnerabilities that may or may not be exploited to endanger critical
infrastructure. “We keep seeing small examples of attacks that may or
may not be cyber attacks against SCADA systems, but it’s still a
theoretical threat in terms of spectacular and long lived degradation of
a specific service,” says Steve Santorelli, a researcher at Cymru.
His
outlook for the future of SCADA-like machines is not optimistic,
though. “The internet is not secure frankly, in any way at all. That
matters when it comes to control systems.”
Send in the Cavalry
Santorelli has a similarly bleak
prospectus for IoT in general. “Someone asked me recently: is my fridge
going to DDoS me and, frankly the answer is, yes … probably,” he adds.
“Anything with an IP address is a commodity in the underground economy,
to be bought or bartered for if there is a way to make money from it.”
“The
privacy and criminal implications are diverse and they need to be at
the heart of the design of these new technologies. The bottom line is
that we've never truly seen security be at the heart of a new technology
and anything that connects to the Internet will be inherently insecure
by its very nature. The future is not looking bright.”
Time to
batten down the hatches and prepare for cybergeddon then? Perhaps not.
Help is on the way, even if it’s not from government.
A movement
started by noted security professional Josh Corman has been gathering
pace in recent months, since it was first conceived at last year’s
DEFCON hacking convention. Its name is I Am The Cavalry.
Its intention is to act as a hub for vulnerability research that
affects four areas: medical devices, automobiles, home services and
public infrastructure.
The plan is to give altruistic researchers a
place to share their findings in a pro bono fashion, in the hope that
the weaknesses will be covered off by whatever manufacturers are
affected. I Am The Cavalry will act as a hyperactive middleman,
coordinating vulnerability disclosures and pushing for more than just
quick fixes. It wants to encourage total cultural change to instill security across organisations’ processes.
It’s an ambitious plan,
born out of a sense of responsibility in a world ridden with hackable
technologies. But will researchers really give away their secrets for
free, especially the most technically gifted who can make millions by
selling just a handful of the most serious flaws to nation states?
Corman believes the ethical side of the hacking community will come out
in force.
“I’m not making an economic argument yet,” he says. “Our
role and what sets us apart is that we’re speaking to those who have
something in them ... that altruistic gene. We’re describing something
that is a shared risk and a shared concern and if that appeals to
someone, they should gravitate to us.”
Praise for Tesla
Even
ahead of its formation as an official organisation (it is consulting
with lawyers on whether to become an educational foundation or an
industry association), I Am The Cavalry has already facilitated some
vulnerability disclosures.
Corman says the body has had successes
in both the car and medical industries, but can’t disclose whom they
involved. He has also been invited to consult with car manufacturers in
the US and Europe, and is particularly impressed with the way in which
Tesla has responded to the problems at hand.
“We are very
encouraged to see such a policy [at Tesla]. A fear we've had as a
research community is that we would have a 10-15 year learning curve
where this new industry was in the denial and lawsuit stage towards
researchers,” says Corman.
“If this is an indicator of how the
rest of the automotive industry will respond in kind, this will
dramatically accelerate the maturity and the engagement of white hat
researchers who wish to help.”
As a sign of his sway with
mandarins walking the murky halls of power, Corman has already met with
Senator Ed Markey of Massachusetts, who recently urged car makers to act
on cyber security issues, and others on Capitol Hill to discuss the
weaknesses that urgently need addressing.
Despite limited “in the
wild” attacks, Internet of Things threats are real. As connected devices
proliferate, the hope is that they do so securely. If they volunteer
for the Cavalry, that might just happen. Then we can go about our
quotidian lives feeling a little less insecure.
As reported by e! Science News: GPS technology has broadly advanced science and society's ability to pinpoint precise information, from driving directions to tracking ground motions during earthquakes. A new technique led by a researcher at Scripps Institution of Oceanography at UC San Diego stands to improve weather models and hurricane forecasting by detecting precise conditions in the atmosphere through a new GPS system aboard airplanes. The first demonstration of the technique, detailed in the journalGeophysical Research Letters (GRL), is pushing the project's leaders toward a goal of broadly implementing the technology in the near future on commercial aircraft.
Current measurement systems that use GPS satellite signals as a source to probe the atmosphere rely on GPS receivers that are fixed to ground and can't measure over the ocean, or they rely on GPS receivers that are also on satellites that are expensive to launch and only occasionally measure in regions near storms. The new system, led by Scripps Institution of Oceanography geophysicist Jennifer Haase and her colleagues, captures detailed meteorological readings at different elevations at targeted areas of interest, such as over the Atlantic Ocean in regions where hurricanes might develop.
"This field campaign demonstrated the potential for creating an entirely new operational atmospheric observing system for precise moisture profiling from commercial aircraft," said Haase, an associate researcher with the Cecil H. and Ida M. Green Institute of Physics and Planetary Physics (IGPP) at Scripps. "Having dense, detailed information about the vertical moisture distribution close to the storms is an important advancement, so if you put this information into a weather model it will actually have an impact and improve the forecast."
"These are exciting results, especially given the complications involved in working from an airplane," says Eric DeWeaver, program director in the National Science Foundation's (NSF) Division of Atmospheric and Geospace Sciences, which funded the research. "Satellite-based measurements are now regularly used for weather forecasting and have a big impact, but airplanes can go beyond satellites in making observations that are targeted right where you want them."
The GRL paper details a 2010 flight campaign aboard NSF aircraft and subsequent data analysis that demonstrated for the first time that atmospheric information could be captured by an airborne GPS device. The instrumentation, which the scientists labeled "GISMOS" (GNSS [Global Navigation Satellite System] Instrument System for Multistatic and Occultation Sensing), increased the number of atmospheric profiles for studying the evolution of tropical storms by more than 50 percent.
"We're looking at how moisture evolves so when we see tropical waves moving across the Atlantic, we can learn more about which one is going to turn into a hurricane," said Haase. "So being able to look at what happens in these events at the early stages will give us a lot longer lead time for hurricane warnings."
"This is another case where the effective use of GPS has the potential to improve the forecast and therefore save lives," said Richard Anthes, president emeritus of the University Corporation for Atmospheric Research, which currently runs the satellite based GPS measurements system called COSMIC (Constellation Observing System for Meteorology, Ionosphere, and Climate).
While the current GISMOS design occupies a refrigerator's worth of space, Haase and her colleagues are working to miniaturize the technology to shoe box size. From there, the system can more feasibly fit onto commercial aircraft, with hundreds of daily flights and a potential flood of new atmospheric data to greatly improve hurricane forecasting and weather models.
The technology also could improve interpretation of long-term climate models by advancing scientists' understanding of factors such as the moisture conditions that are favorable for hurricane development.
Paytsar Muradyan, who recently received a Ph.D. from Purdue University in atmospheric sciences, started working with Haase in 2007 as a graduate student during the formative stages of GISMOS's design and development. She eventually flew with the group in the 2010 campaign and took away a wealth of experience from the demands of the project.
"It was a lot of responsibility but certainly rewarding to work with a group of world-known scientists in an interdisciplinary project," said Muradyan.
As reported by CNN: A fleet of tiny satellites released from the International Space Station could be a tool to help solve future aviation mysteries like the disappearance of Malaysian Airlines Flight 370, said retired astronaut Chris Hadfield, who commanded the space station for five months last year. Speaking to the media after giving a talk at the opening session of the TED2014 conference Monday, Hadfield said that the shoebox-sized satellites, once fully deployed, will cover the entire planet with frequently refreshed images at a resolution down to 4 meters and could have helped in a mystery such as the question of what happened to the Malaysian Airlines Boeing 777. Planet Labs, a San Francisco-based company, arranged for the first group of the satellites to be released from the space station last month. Hadfield said those satellites are in initial testing. Asked by CNN to comment, Planet Labs provided a statement by its co-founder and CEO, William Marshall, a former NASA scientist, who is due to speak later this week at TED: "Planet Labs just last month deployed a fleet of 28 satellites, Flock 1, from the International Space Station. This is the largest Earth imaging constellation in history. We are turning on each of the satellites and are now putting them into position. With this constellation, we will measure the planet on a more regular basis to enable various applications. One of those applications is disaster response, including natural and man-made disasters. Other applications range from monitoring deforestation to helping to improve agricultural yields to monitoring urban growth." Another 100 such satellites are in the works, according to the Financial Times. Hadfield said "tracking one thin aluminum tube" like the Boeing 777, in a place that is not heavily covered by radar is very hard. "Obviously something happened fast and deliberate, exactly what process, whether it was the crew themselves or someone forcing themselves in, we don't know," Hadfield said. He said he suspects that if the aircraft did crash, wreckage will eventually be found.
In his talk on the TED stage, Hadfield gripped the audience's attention with a message urging people to conquer irrational fears, with images of the Earth's beauty from space and with a performance on guitar of a portion of David Bowie's "Space Oddity," a song he also sang while weightless on the space station. His video, one of about 100 he shot on the space station, went viral. Astronauts train themselves to overcome fear, and thus are willing to take considerable risks, whether being launched on a rocket or walking in space, Hadfield said. By contrast, some people will let themselves be paralyzed by unreasoning fear of spiders; the way to conquer that is to walk through spider webs (assuming the spiders aren't venomous). "There's a difference between danger and fear," he said after the talk. And Hadfield said that, incongruously, "I'm afraid of heights," but had mostly overcome it through training.
As reported by SlashDot: In early March, Lit Motors
founder Danny Kim hit the road to meet investors. The Portland native
needed to keep the momentum growing for his small firm, which builds the
two-wheeled C-1. His modest lab,
located in San Francisco’s SoMa neighborhood, could accommodate another
12 employees—but he needed the money to fund them, and to build a
manufacturing facility capable of turning his prototype ideas into a
reality.
Like Elon Musk and other manufacturing savants, Kim is someone
who enjoys the challenge of building things—whether it’s eyeglasses,
chairs, or motor vehicles from scratch. He’s spent the past five years
re-thinking modern transportation, and using those insights to design
prototypes of two-wheeled, motor-driven vehicles that can self-balance
with a dancer’s grace, thanks to an integrated software platform and a
patented gyroscopic system.
Even as he traveled to New York to raise funds, Kim’s heart was back
in San Francisco, and the three-story workshop that serves as a sort of
DIY museum to his ambitions. Part of the space includes a storefront for
the C-1, which (if everything goes well) will begin mass production at
the end of this year. The attached shop features lots of space for
engineers and designers to collaborate over their plans to change how
people get around, especially in urban settings.
In a wide-ranging conversation, Kim discussed his plans for
manufacturing the C-1, as well as the challenges in convincing consumers
to try out a new kind of vehicle.
Q:How did you develop an instinct for design? Do you think
this is something that comes naturally to you, given the way you
perceive the world? Danny Kim: After I dropped out of Reed College, studying
physics and biology, I was interested in how to invent things. There’s a
path to design and there’s a path to engineering. I started developing
my own philosophy of design and engineering, where they drive each other
in a simultaneous process. I think that’s what got me interested to go
to Rhode Island School of Design to get a degree in Industrial Design
and Sustainable Transportation.
When you are designing a car, it’s hard to hire 10 separate people
[to work on the design and the engineering and expect it all to line
up]. What I’ve been able to do is combine those roles by being the
architect, while leading the transportation design, and acting as the
mechanical designer. This way, I can come up with a reasonable solution
to any problems that arise. I’m the intersection between design and
engineering, and that’s why we can get so much done so quickly and
cheaply. Engineers are interested in the details, and then rarely can
zoom out into high-level discussions on how to integrate electrical
wiring to code to dynamics and mechanical systems.
Q: You talk a lot about engineering. But I want to know more about how you think about design. DK: Besides the technical aspects of vehicle design, how do
you create a product that feels amazing? How do you make a product with
natural and intuitive human experience? That’s where design sets in. It
ensures that products’ exterior, interior, and experience evokes an
emotional relationship with of the driver/user.
I have these conversations in my head: What does the exterior need to
look like? How does the UX make you feel? Are we within the confines of
the H-point?
To support that with the engineering and have a robust platform, I
manage or lead all those fronts. I could not have done that without the
previous experience I had. I dropped out of college, traveled the world,
worked as a Land Rover mechanic and built two custom SUVs from the
ground up and went to design school.
There’s no real education or
academic track of how to start your own car company, you just have to do
it.
Q: Why did you drop out of Reed College? DK: It was a pretty academically rigid institution… it was
really fun. You go there to get a PhD, or become a lawyer or professor.
It didn't fit me really well. I learned quite a bit. I told my parents
that I was doing the Steve Jobs thing by dropping out. My parents said:
“What, who is Steve Jobs?”
Q: How did you settle on a 2-wheeled vehicle as the way you want to solve the transportation problem? DK: Well, 72 percent of commuters drive alone, so it just made
sense to cut the car in half. You have to think about this two-wheeled
car as a robot because of its stability. It purely uses our AI/stability
algorithm so it can balance and you don’t have to. We had to develop
our own firmware for our own dynamic system. It is code heavy. We have
four people writing the firmware on it for the last four months. It’s
relatively complex; it’s not something you can hack. I’m thinking about
opening it up to Android so someone could create their own skin for the
interface or design the interior display. Right now, however, it’s our
own platform that uses ARM processors. It would be easy to open it up to
Android.
Q: What made you think about transportation as the thing you want to devote your life to? DK: I had an accident that almost killed me when I was
rebuilding one of the two Land Rover Range Rovers. It made me ask
myself, why am I building big SUVs? It’s more efficient to build a
motorcycle.
I began to ask questions such as, why don’t people use motorcycles
more? It’s inconvenient because of rain. But it is dangerous on the
highway.
Why couldn’t you have something in between a car and a motorcycle?
Why don’t we just cut the car in half? Could it be a two-wheeled car?
It’s impossible to keep a fully enclosed motorcycle in balance. It makes
sense to put a gyroscope in the vehicle.
I did a quick calculation to see if it would make sense to have a
gyroscope in a bicycle. So it made sense to do it in a motorcycle too. I
wrote a provisional patent, and signed up to attend Rhode Island School
of Design to learn how to build a product and manage engineers.
Q: From when you started Lit Motors to now, how has your philosophy about design and engineering changed? DK: My philosophy hasn’t changed too much. It has been
substantiated with other technologist and validated with adjacent
industries. We need a sustainable vehicle. The field of robotics is
becoming more commonplace for aspiring entrepreneurs. Sustainable
vehicles are the future and if you can make it affordable and safe you
have a recipe for the Model T of the 21st century.
Q: What’s practically necessary when thinking about mass producing a vehicle? DK: We established a production process: a sequence of
assembly and bill of materials: two things that are essential to
producing anything. You have to know what your sequence of assembly is
and your bill of materials. Besides your supply chain and having an
actual factory, there are the four big things that you have to worry
about. Some people call them the four Ps: Product, Process. Plant.
People.
I've been working on those four Ps… the last one we don’t have:
people. I’m looking for a manufacturing plant. We have our product. The
product is going to get better over time. We are on prototype number
four-and-a-half.
We are building an awesome team of diverse skill sets. I’m a pretty
hands-on type, I learn and synthesize predominantly through the
empirical processes. Sometimes the best thing to do is to just do it.
It’s hardware, so you need all hands-on deck, the ability to iterate
quickly, learn on the fly, and have a peer review. I ask smart people
who have 10-20 years experience or so, and have been able to learn a lot
from them.
Q: How do you know if you should actually listen to their advice? DK: I have been compiling a rather large dataset of advice; I
can usually tell when someone is [expletive] me. I know a lot of people
who have done production for larger runs. Depending on scale, there’s a
pretty consistent language and processes involved and a level of concern
of which to mitigate failure. You are going to be making mistakes. The
difference between a smart founder and one that isn’t is, the smart
founder when making a complex decision might pick a somewhat logical
direction without all the correct information, moving the company
forward. Carefully monitoring the progress and change directions quickly
if needed to mitigate the damage. It is about staying on your toes, and
I have been doing that somewhat well over the last four years on a
really small budget.
We've raised $2.2 million, with almost $1 million in pre-earned sales
of our first production run (around 890 pre-orders). It cost half a
million dollars to build a high-speed prototype. That will be something
that we will have finished over the next few months. Right now, we have 5
patents that have been granted. Our team has grown from 6 to 18 people.
We are very well poised to get further funding and go into production.
Q: Are you working hard? DK: Yes, I work 14-hour days and usually work until I go to
sleep. We are developing a rather large product so it takes time to
build. Regardless, you have to put in the time to make it happen; my
entire team knows this. We are here to make change and eventually make
some money in the process.