Search This Blog

Friday, March 21, 2014

Flying Drones Can Monitor Smartphones From the Air Posing As WiFi Networks

Turn off your Wi-Fi.  This flying drone could be hacking your
smartphone from the air.
As reported by International Business Times: UK security firm Sensepost has discovered that unmanned flying drones can be used to hack into smartphones by simply flying over London pretending to be a Wi-Fi network.

Smartphones are constantly sending out signals trying to find familiar Wi-Fi networks to connect to, such as your home or work network, or even the Starbucks free Wi-Fi network you accessed two weeks ago.

Using a simple off-the-shelf helicopter drone it bought on Amazon, the researchers were able to create a piece of software called Snoopy that can detect those signals and trick the phone into thinking that the drone is a familiar Wi-Fi network.

Once the phone is connected to the drone, all data traffic sent from apps like email, Facebook and even banking apps captured and fed back to those controlling the drone. This shows that cybercriminals don't have to infect your smartphone with malware in order to monitor your activity.

Sensepost developers tested their flying drone two weekends ago by flying it over people's heads on a sunny afternoon in London Fields, Hackney, and to their amazement, no one noticed the drone at all.

The drone is watching you
"In the old days, to hack someone you needed a laptop with a big antenna which would be really obvious, but now we're in the age of really small devices. We thought, can we apply an old-school Wi-Fi hack called Karma?" Sensepost's chief operating officer Daniel Cuthbert tells IBTimes UK.

Not only can the drone monitor your smartphone, but it's also very easy to track someone's movements and habits through their phone.

The firm first programmed an old Nokia N900 smartphone to become a spying device two years ago, put the device in their pocket and then spent some time hanging out in major London train stations Liverpool St, Oxford St, Victoria and Kings Cross St Pancras.

While they blended in and sat having a coffee, the device picked up data from over 60,000 smartphones in the four stations.

Sensepost took the data and put it into Wigle, an open-source geo-location service. When they cross-referenced the data with Google Streetview, they were then able to track all the people and their smartphones as they moved throughout the stations and beyond.


Turn off your Wi-Fi
"People put so much trust into the Internet, it's mind-boggling. Stop putting so much trust in the Internet. When you go out, turn your Wi-Fi off on your phone," Cuthbert warns.

"We want more pressure put on the developers of iOS, Android, Windows Phone and BlackBerry to improve security on smartphones. You wouldn't buy a car with poor security, why are we willing to do it with the Internet?"

Cuthbert also warns against connecting to free public Wi-Fi if you're not sure where it's coming from.

"If you don't know who the Wi-Fi network belongs to, how do you know if it's malicious? Someone could be accessing your data and you don't know where it's going," he says.

Sensepost will be presenting their research at the Black Hat Asia cybersecurity conference in Singapore next week.

The firm is also working on non-security deployments of unmanned flying drones being used for crowd management and to collect data about people in a certain geographic location, so that advertisers can serve them targeted advertising.

How Your Tweets Can Reveal Your Home Location

IBM researchers have developed an algorithm that predicts
your home location using your last 200 tweets.
As reported by MIT Technology Review: One of the optional extras that Twitter allows is for each tweet to be tagged with the user’s location data. That’s useful if you want people to know where you are or so that you can later remember where certain events took place. It also gives researchers a valuable tool for studying  the geographical distribution of tweets in various ways.


But it also raises privacy issues, particularly when users are unaware, or forget that, their tweets are geotagged. Various celebrities are thought to have given away their home locations in this way. And in 2007, four Apache helicopters belonging to the US Army were destroyed by mortars in Iraq when insurgents worked out their location using geotagged images published by American soldiers.  

Perhaps these kinds of concerns are the reason why so few tweets are geotagged. Several studies have shown that less than one per cent of tweets contain location metadata.

But the absence of geotagging data does not mean your location is secret. Today, Jalal Mahmud and a couple of pals at IBM Research in Almaden, California, say they’ve developed an algorithm that can analyse anybody’s last 200 tweets and determine their home city location with an accuracy of almost 70 per cent.

That could be useful for researchers, journalists, marketers and so on wanting to identify where tweets originate. But it also raises privacy issues for those who would rather their home location remained private.

Mahmud and co’s method is relatively straightforward. Between July and August 2011, they filtered the Twitter firehose for tweets that were geotagged with any of the biggest 100 cities in the US until they had found 100  different users in each location.

They then downloaded the last 200 tweets posted by each user, rejecting those that posted privately. That left them with over 1.5 million geotagged tweets from almost 10,000 people.

They then divided this data set in two, using 90 per cent of the tweets to train their algorithm and the remaining 10 per cent to test it against.

The basic idea behind their algorithm is that tweets contain important information about the probable location of the user. For example, over 100,000 tweets in the dataset were generated by the location-based social networking site Foursquare and so contained a link that gave the exact location. And almost 300,000 tweets contained the name of cities listed in the US Geological Service gazetteer.

Other tweets contained clues to their location like phrases such as “Let’s Go Red Sox”, a reference to the Boston-based baseball team. And Mahmud and co say that distribution of tweets throughout the day is roughly constant across the US, shifted by time zone. So a user’s pattern of tweets throughout the day can give a good indication of which time zone they’re in.

So the question these guys set out to answer was whether it was possible to use this information to predict a user’s home location, a result they could test by matching it against the user’s geotagged metadata.
Mahmud and co used an algorithm known as a Naive Bayes Multimonial to do the number crunching. The trained it by feeding it the training dataset along with the geolocation data.

They then tested the algorithm on the remaining 10 per cent of the data to see whether it could predict  the geolocation.

The results are interesting. They say that when they exclude people who are obviously travelling, their algorithm correctly predicts people’s home cities 68 per cent of the time, their home state 70 per cent of the time and their time zone 80 per cent of the time. And they say their algorithm takes less than a second to do this for any individual.

That could be a useful tool. Journalists, for example, could use it to determine which tweets were coming from a region involved in a crisis, such as an earthquake, and those that were just commenting from afar.  Marketers might use it to work out the popualrity of their products in certain cities.

And it also suggests ways that people can improve their privacy–by not mentioning their home location, of course.

Mahmud and co say their algorithm could do better in future. For example, they think they can get more fine-grained detail by searching tweets for mentions of local landmarks that can be pinpointed more accurately. Whether that turns out to be possible, we’ll have to wait and see.

An interesting corollary to all this is that our notion of privacy is more fragile than most of us realize. Just how we can strengthen and protect it should be the subject of considerable public debate.

Ref: arxiv.org/abs/1403.2345 : Home Location Identification of Twitter Users

GPS Technology Takes Root In Agriculture

As reported by the Imperial Valley Press: The history of agriculture is full of ideas and concepts that have allowed farmers to incrementally improve efficiency to unprecedented levels.

Global Positioning System satellites orbiting the Earth — the same satellites that guide automobiles and allow smartphone users to “check in” are helping farmers reach unprecedented levels of efficiency even as they try to figure out the best use for it.

“GPS in agriculture is new as far as heavy implementation,” said Tom Mastin, bio-resource and agricultural engineering lecturer at Cal Poly San Luis Obispo.

“Without GPS, large-scale farming is going to be way too inefficient. Large-scale farms now have guidance systems and a GIS (geographical information system) manager.”
Some applications are obvious.

Farm implements, like tractors and fertilizer applicators, nowadays are self-guided and require minimal driver input.

“As far as a guidance system, it has reduced labor,” Mastin said.

Other applications are arguably more impressive.

For instance, GPS technology allows farmers to precisely level their fields and map the location of ditches, underground tile drainage lines and subsurface drip irrigation tape.

“You can disc the surface and you never lose the (subsurface drip) tape,” said David Layton, manager of an alfalfa farm in Calipatria.

Extensive use of GPS technology has allowed his company to profitably work land that might not be economically viable with conventional techniques. He asked that the name and location of the company not be published.

The idea is to be able to not just fine-tune the amount of water and fertilizer for given field, but to maximize the use of space.

“GPS makes the whole thing work,” said Ed Hale, an Imperial Valley farmer and consultant for Layton’s company.

Hale cites subsurface drip irrigation technology as a case in point.

“Drip (irrigation) doesn't work without GPS,” he noted.

He said he keeps running across examples where good concepts did not reach their potential.

“We’re tearing out the evidence of the drip that was tried by the Israelis during the late ’70s and early ’80s. They’re the pioneers of drip. When they first started they were so enamored with drip, they thought that it cured everything. That was a fallacy. 

They didn't have GPS technology.”
While he declined to say how much money that his companies have saved through a systematic use of GPS technology, he said that water savings at the Calipatria farm were “substantial.”

“Our feeling is that true conservation isn't so L.A. can grow. It’s so we can get more crop per drop,” Hale said.

The technology allows his operation to compete with growers around the world that operate with fewer constraints.

“Large ranches have compared efficiency with and without GPS,” he said. “GPS is 22 percent more efficient. That’s the difference between losing money and making a profit.

The cost of fuel and equipment has skyrocketed in recent years, he noted.

“Our costs are local. Markets are global. We’re competing with guys growing the same crop in Argentina, where there are no regulations or social safety nets. My local costs are important to me,” Hale said.

Thursday, March 20, 2014

There Are Real And Present Dangers Around The Internet of Things (IoT) - But Not Everything Is A Threat

Modern electric cars are just one category of Internet of Things
devices that will be targeted by hackers.
As reported by The Guardian: As with any buzz topic in the tech world, there’s a lot of misinformation around the Internet of Things. And in the security sphere, there’s much unnecessary FUD - Fear, Uncertainty and Doubt – spread by industry vendors to get people suitably scared so they splash cash on purportedly necessary protection.


Take the case of the spamming refrigerator. Researchers suggested the smart fridge had been compromised to relay reams of annoying emails, as often happens to normal PCs. Yet Symantec discovered the fridge was simply on the same network and using the same IP address as a hacked Windows PC, which was really the thing responsible for the spam. Digital listeria this was not.

Yet there are reasons to be fearful of the Internet of Things (IoT), a name covering the networks of embedded devices, from smart meters to connected automobiles, which communicate with each other in an automated fashion to help make our lives more efficient.

Such connected, autonomous machines have been around for years, but the reason it is now on the tips of tech firms’ PR tongues every day is that the number of connected devices is escalating rapidly into new areas, like toothbrushes and bathtubs. According to Gartner estimates, the IoT will consist of 26 billion units by 2020, and by that time the industry will be worth $300 billion.

The problem is that many of the manufacturers of these machines are not taking the secure-by-design approach. “They are learning on the job at this point in time,” says Gunter Ollmann, chief technology officer at IOActive, a consultancy firm that has done much research on IoT security.

Hacking vehicles

There are a handful of real and present threats. In automobiles, trucks are a major concern. Many contain standardized code to manage vehicles, such as the control area network (CAN) bus protocol, used for internal communications between devices in a vehicle.

“CAN messages that control physical attributes are standardized. Therefore, if you figure out a hack for one manufacturer others could be quite similar if not identical,” says Chris Valasek, director of security intelligence for IOActive.


One of the functions that has understandably worried onlookers in the trucking and security industries is the kill switch that powers the vehicles down. “Some fleets use the GPS tracking and ‘check-out’ systems to control access to the trucks when they are in depots or secure overnight storage locations to prevent the truck being stolen,” Ollmann adds.

“The open architecture of the trucks CAM bus has made it much easier for the integration of fleet tracking and control technologies like these. But conceptually, any wireless technology that can receive remote commands and affect the operation of a truck is a potential target for researchers and targets. What if someone figures out the master shutdown code for all the trucks, and they get all the trucks in London to stop at 7am?”

It’s a nasty thought, but this isn’t science fiction. Trucking companies are working with Ollmann and his team to close off any potential flaws that could lead to disaster. “We’re working with some of them and doing additional research on this now … they’re worried about it.”

The car industry is aware of the problems too, at least in its more progressive corners. When Valasek and noted security researcher Chris Miller showed on video how they could hack a car when inside the vehicle (below), it gave rise to both mirth and misery in the car industry.


Tesla has reacted the most positively. Having recruited some noted security pros, including former Apple “hacker princess” Kristin Paget, it has set up a vulnerability disclosure program rewarding researchers for uncovering flaws. It’s similar to bug bounty programs run by major software firms, like Facebook, Google and Microsoft. Evidently, the Rubicon has been crossed.



Hacking the home

The home is a viable target too, amusingly highlighted by the discovery of a hackable Japanese smart toilet last year. More recently, IOActive detailed flaws in home automation kit made by Belkin, including switches to turn electrical devices on and off, which could have been used to cause real-world damage, possibly a fire.

Those vulnerabilities were eventually addressed, but Ollmann says there are numerous flaws in connected home technologies from other manufacturers that will be disclosed in the near future.
TVs that run Google’s Android operating system are vulnerable to many of the same attacks that affect smartphones. MWR Infosecurity, a consultancy, has tested out an Android exploit on a Kogan TV running Android.

The attack took advantage of a documented weaknesses that allow hackers to use of a piece of code known as a JavaScriptInterface, included in ad libraries to let further actions be initiated on Android machines.
In theory, anyone hacking a TV in this way could take photos, if the TV had a built-in camera, or create invasive applications to spy on viewers. That weakness has been found in numerous ad libraries used by many of the world’s top free apps.

“It should affect any TV running Android and definitely if they’re running apps which use the flawed ad networks,” says David Chismon, researcher at MWR.


Home routers are ridden with vulnerabilities too, as uncovered by digital security non-profit Team Cymru in March. It found a network of 300,000 home and office routers had been compromised, thanks to worrying weaknesses in the devices’ software, from predictable or non-existent passwords to flaws in the web applications used to control them.

The hackers decided to use these security holes to redirect victims to whatever website they wanted when they started using the internet.


Taking over industrial controls

Connected, and therefore hackable, devices can also be found in control systems running nations’ critical infrastructure. Researchers across the world have been panicking about supervisory control and data acquisition (SCADA) systems, used to monitor and manage industrial machines, from nuclear power plants to oil and gas pipelines.
 

SCADA machines produced by various manufacturers have been shown to contain various weaknesses, like those exploited by Stuxnet, the infamous malware that disrupted centrifuges at an Iranian nuclear plant. What’s worrying is that more vulnerabilities continue to emerge.


In January, the US government’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued a warning about a buffer overflow vulnerability, a type of weakness that allows an outside hacker to write code to a device and which has been largely eradicated from modern systems.

The Guardian knows of one major security firm that is aware of a number of theoretical flaws, ones that could be used to play with the power controls on SCADA systems, but they do not currently have the right labs to test the potential for real-world impact.

This is another key problem: the threat is poorly understood, with many apparent vulnerabilities that may or may not be exploited to endanger critical infrastructure. “We keep seeing small examples of attacks that may or may not be cyber attacks against SCADA systems, but it’s still a theoretical threat in terms of spectacular and long lived degradation of a specific service,” says Steve Santorelli, a researcher at Cymru.

His outlook for the future of SCADA-like machines is not optimistic, though. “The internet is not secure frankly, in any way at all. That matters when it comes to control systems.”



Could your internet fridge be vulnerable? Yes. Photograph: Martin Argles for the Guardian
Could your internet fridge be vulnerable? Yes. Photograph: Martin Argles for the Guardian

Send in the Cavalry

Santorelli has a similarly bleak prospectus for IoT in general. “Someone asked me recently: is my fridge going to DDoS me and, frankly the answer is, yes … probably,” he adds. “Anything with an IP address is a commodity in the underground economy, to be bought or bartered for if there is a way to make money from it.”

“The privacy and criminal implications are diverse and they need to be at the heart of the design of these new technologies. The bottom line is that we've never truly seen security be at the heart of a new technology and anything that connects to the Internet will be inherently insecure by its very nature. The future is not looking bright.”

Time to batten down the hatches and prepare for cybergeddon then? Perhaps not. Help is on the way, even if it’s not from government.

A movement started by noted security professional Josh Corman has been gathering pace in recent months, since it was first conceived at last year’s DEFCON hacking convention. Its name is I Am The Cavalry. Its intention is to act as a hub for vulnerability research that affects four areas: medical devices, automobiles, home services and public infrastructure.

The plan is to give altruistic researchers a place to share their findings in a pro bono fashion, in the hope that the weaknesses will be covered off by whatever manufacturers are affected. I Am The Cavalry will act as a hyperactive middleman, coordinating vulnerability disclosures and pushing for more than just quick fixes. It wants to encourage total cultural change to instill  security across organisations’ processes.

It’s an ambitious plan, born out of a sense of responsibility in a world ridden with hackable technologies. But will researchers really give away their secrets for free, especially the most technically gifted who can make millions by selling just a handful of the most serious flaws to nation states? Corman believes the ethical side of the hacking community will come out in force.

“I’m not making an economic argument yet,” he says. “Our role and what sets us apart is that we’re speaking to those who have something in them ... that altruistic gene. We’re describing something that is a shared risk and a shared concern and if that appeals to someone, they should gravitate to us.”

Praise for Tesla

Even ahead of its formation as an official organisation (it is consulting with lawyers on whether to become an educational foundation or an industry association), I Am The Cavalry has already facilitated some vulnerability disclosures.

Corman says the body has had successes in both the car and medical industries, but can’t disclose whom they involved. He has also been invited to consult with car manufacturers in the US and Europe, and is particularly impressed with the way in which Tesla has responded to the problems at hand.


“We are very encouraged to see such a policy [at Tesla]. A fear we've had as a research community is that we would have a 10-15 year learning curve where this new industry was in the denial and lawsuit stage towards researchers,” says Corman.

“If this is an indicator of how the rest of the automotive industry will respond in kind, this will dramatically accelerate the maturity and the engagement of white hat researchers who wish to help.”
As a sign of his sway with mandarins walking the murky halls of power, Corman has already met with Senator Ed Markey of Massachusetts, who recently urged car makers to act on cyber security issues, and others on Capitol Hill to discuss the weaknesses that urgently need addressing.

Despite limited “in the wild” attacks, Internet of Things threats are real. As connected devices proliferate, the hope is that they do so securely. If they volunteer for the Cavalry, that might just happen. Then we can go about our quotidian lives feeling a little less insecure.

New UCSD Airborne GPS Technology Aims To Crowdsource Weather Data from Commercial Flights

As reported by e! Science NewsGPS technology has broadly advanced science and society's ability to pinpoint precise information, from driving directions to tracking ground motions during earthquakes. A new technique led by a researcher at Scripps Institution of Oceanography at UC San Diego stands to improve weather models and hurricane forecasting by detecting precise conditions in the atmosphere through a new GPS system aboard airplanes. The first demonstration of the technique, detailed in the journal Geophysical Research Letters (GRL), is pushing the project's leaders toward a goal of broadly implementing the technology in the near future on commercial aircraft.

Current measurement systems that use GPS satellite signals as a source to probe the atmosphere rely on GPS receivers that are fixed to ground and can't measure over the ocean, or they rely on GPS receivers that are also on satellites that are expensive to launch and only occasionally measure in regions near storms. The new system, led by Scripps Institution of Oceanography geophysicist Jennifer Haase and her colleagues, captures detailed meteorological readings at different elevations at targeted areas of interest, such as over the Atlantic Ocean in regions where hurricanes might develop.
"This field campaign demonstrated the potential for creating an entirely new operational atmospheric observing system for precise moisture profiling from commercial aircraft," said Haase, an associate researcher with the Cecil H. and Ida M. Green Institute of Physics and Planetary Physics (IGPP) at Scripps. "Having dense, detailed information about the vertical moisture distribution close to the storms is an important advancement, so if you put this information into a weather model it will actually have an impact and improve the forecast."
"These are exciting results, especially given the complications involved in working from an airplane," says Eric DeWeaver, program director in the National Science Foundation's (NSF) Division of Atmospheric and Geospace Sciences, which funded the research. "Satellite-based measurements are now regularly used for weather forecasting and have a big impact, but airplanes can go beyond satellites in making observations that are targeted right where you want them."
The GRL paper details a 2010 flight campaign aboard NSF aircraft and subsequent data analysis that demonstrated for the first time that atmospheric information could be captured by an airborne GPS device. The instrumentation, which the scientists labeled "GISMOS" (GNSS [Global Navigation Satellite System] Instrument System for Multistatic and Occultation Sensing), increased the number of atmospheric profiles for studying the evolution of tropical storms by more than 50 percent.
"We're looking at how moisture evolves so when we see tropical waves moving across the Atlantic, we can learn more about which one is going to turn into a hurricane," said Haase. "So being able to look at what happens in these events at the early stages will give us a lot longer lead time for hurricane warnings."
"This is another case where the effective use of GPS has the potential to improve the forecast and therefore save lives," said Richard Anthes, president emeritus of the University Corporation for Atmospheric Research, which currently runs the satellite based GPS measurements system called COSMIC (Constellation Observing System for Meteorology, Ionosphere, and Climate).
While the current GISMOS design occupies a refrigerator's worth of space, Haase and her colleagues are working to miniaturize the technology to shoe box size. From there, the system can more feasibly fit onto commercial aircraft, with hundreds of daily flights and a potential flood of new atmospheric data to greatly improve hurricane forecasting and weather models.
The technology also could improve interpretation of long-term climate models by advancing scientists' understanding of factors such as the moisture conditions that are favorable for hurricane development.
Paytsar Muradyan, who recently received a Ph.D. from Purdue University in atmospheric sciences, started working with Haase in 2007 as a graduate student during the formative stages of GISMOS's design and development. She eventually flew with the group in the 2010 campaign and took away a wealth of experience from the demands of the project.
"It was a lot of responsibility but certainly rewarding to work with a group of world-known scientists in an interdisciplinary project," said Muradyan.

Astronaut: Min-Satellites Could Track Planes

As reported by CNN: A fleet of tiny satellites released from the International Space Station could be a tool to help solve future aviation mysteries like the disappearance of Malaysian Airlines Flight 370, said retired astronaut Chris Hadfield, who commanded the space station for five months last year.

Speaking to the media after giving a talk at the opening session of the TED2014 conference Monday, Hadfield said that the shoebox-sized satellites, once fully deployed, will cover the entire planet with frequently refreshed images at a resolution down to 4 meters and could have helped in a mystery such as the question of what happened to the Malaysian Airlines Boeing 777.

Planet Labs, a San Francisco-based company, arranged for the first group of the satellites to be released from the space station last month. Hadfield said those satellites are in initial testing.

Asked by CNN to comment, Planet Labs provided a statement by its co-founder and CEO, William Marshall, a former NASA scientist, who is due to speak later this week at TED: "Planet Labs just last month deployed a fleet of 28 satellites, Flock 1, from the International Space Station. This is the largest Earth imaging constellation in history. We are turning on each of the satellites and are now putting them into position. With this constellation, we will measure the planet on a more regular basis to enable various applications. One of those applications is disaster response, including natural and man-made disasters. Other applications range from monitoring deforestation to helping to improve agricultural yields to monitoring urban growth." Another 100 such satellites are in the works, according to the Financial Times.

Hadfield said "tracking one thin aluminum tube" like the Boeing 777, in a place that is not heavily covered by radar is very hard.

"Obviously something happened fast and deliberate, exactly what process, whether it was the crew themselves or someone forcing themselves in, we don't know," Hadfield said. He said he suspects that if the aircraft did crash, wreckage will eventually be found.


In his talk on the TED stage, Hadfield gripped the audience's attention with a message urging people to conquer irrational fears, with images of the Earth's beauty from space and with a performance on guitar of a portion of David Bowie's "Space Oddity," a song he also sang while weightless on the space station. His video, one of about 100 he shot on the space station, went viral.

Astronauts train themselves to overcome fear, and thus are willing to take considerable risks, whether being launched on a rocket or walking in space, Hadfield said. By contrast, some people will let themselves be paralyzed by unreasoning fear of spiders; the way to conquer that is to walk through spider webs (assuming the spiders aren't venomous).

"There's a difference between danger and fear," he said after the talk. And Hadfield said that, incongruously, "I'm afraid of heights," but had mostly overcome it through training.

Tuesday, March 18, 2014

Danny Kim Wants to Change How You Drive

As reported by SlashDot: In early March, Lit Motors founder Danny Kim hit the road to meet investors. The Portland native needed to keep the momentum growing for his small firm, which builds the two-wheeled C-1. His modest lab, located in San Francisco’s SoMa neighborhood, could accommodate another 12 employees—but he needed the money to fund them, and to build a manufacturing facility capable of turning his prototype ideas into a reality.

Like Elon Musk and other manufacturing savants, Kim is someone who enjoys the challenge of building things—whether it’s eyeglasses, chairs, or motor vehicles from scratch. He’s spent the past five years re-thinking modern transportation, and using those insights to design prototypes of two-wheeled, motor-driven vehicles that can self-balance with a dancer’s grace, thanks to an integrated software platform and a patented gyroscopic system.

Even as he traveled to New York to raise funds, Kim’s heart was back in San Francisco, and the three-story workshop that serves as a sort of DIY museum to his ambitions. Part of the space includes a storefront for the C-1, which (if everything goes well) will begin mass production at the end of this year. The attached shop features lots of space for engineers and designers to collaborate over their plans to change how people get around, especially in urban settings.

In a wide-ranging conversation, Kim discussed his plans for manufacturing the C-1, as well as the challenges in convincing consumers to try out a new kind of vehicle.

KimQ: How did you develop an instinct for design? Do you think this is something that comes naturally to you, given the way you perceive the world?
Danny Kim: After I dropped out of Reed College, studying physics and biology, I was interested in how to invent things. There’s a path to design and there’s a path to engineering. I started developing my own philosophy of design and engineering, where they drive each other in a simultaneous process. I think that’s what got me interested to go to Rhode Island School of Design to get a degree in Industrial Design and Sustainable Transportation.

When you are designing a car, it’s hard to hire 10 separate people [to work on the design and the engineering and expect it all to line up]. What I’ve been able to do is combine those roles by being the architect, while leading the transportation design, and acting as the mechanical designer. This way, I can come up with a reasonable solution to any problems that arise. I’m the intersection between design and engineering, and that’s why we can get so much done so quickly and cheaply. Engineers are interested in the details, and then rarely can zoom out into high-level discussions on how to integrate electrical wiring to code to dynamics and mechanical systems.

Q: You talk a lot about engineering. But I want to know more about how you think about design.
DK: Besides the technical aspects of vehicle design, how do you create a product that feels amazing? How do you make a product with natural and intuitive human experience? That’s where design sets in. It ensures that products’ exterior, interior, and experience evokes an emotional relationship with of the driver/user.
I have these conversations in my head: What does the exterior need to look like? How does the UX make you feel? Are we within the confines of the H-point?

To support that with the engineering and have a robust platform, I manage or lead all those fronts. I could not have done that without the previous experience I had. I dropped out of college, traveled the world, worked as a Land Rover mechanic and built two custom SUVs from the ground up and went to design school.

There’s no real education or academic track of how to start your own car company, you just have to do it.

Q: Why did you drop out of Reed College?
DK: It was a pretty academically rigid institution… it was really fun. You go there to get a PhD, or become a lawyer or professor. It didn't fit me really well. I learned quite a bit. I told my parents that I was doing the Steve Jobs thing by dropping out. My parents said: “What, who is Steve Jobs?”

Q: How did you settle on a 2-wheeled vehicle as the way you want to solve the transportation problem?
DK: Well, 72 percent of commuters drive alone, so it just made sense to cut the car in half. You have to think about this two-wheeled car as a robot because of its stability. It purely uses our AI/stability algorithm so it can balance and you don’t have to. We had to develop our own firmware for our own dynamic system. It is code heavy. We have four people writing the firmware on it for the last four months. It’s relatively complex; it’s not something you can hack. I’m thinking about opening it up to Android so someone could create their own skin for the interface or design the interior display. Right now, however, it’s our own platform that uses ARM processors. It would be easy to open it up to Android.


Q: What made you think about transportation as the thing you want to devote your life to?
DK: I had an accident that almost killed me when I was rebuilding one of the two Land Rover Range Rovers. It made me ask myself, why am I building big SUVs? It’s more efficient to build a motorcycle.
I began to ask questions such as, why don’t people use motorcycles more? It’s inconvenient because of rain. But it is dangerous on the highway.

Why couldn’t you have something in between a car and a motorcycle? Why don’t we just cut the car in half? Could it be a two-wheeled car? It’s impossible to keep a fully enclosed motorcycle in balance. It makes sense to put a gyroscope in the vehicle.

I did a quick calculation to see if it would make sense to have a gyroscope in a bicycle. So it made sense to do it in a motorcycle too. I wrote a provisional patent, and signed up to attend Rhode Island School of Design to learn how to build a product and manage engineers.

Q: From when you started Lit Motors to now, how has your philosophy about design and engineering changed?
DK: My philosophy hasn’t changed too much. It has been substantiated with other technologist and validated with adjacent industries. We need a sustainable vehicle. The field of robotics is becoming more commonplace for aspiring entrepreneurs. Sustainable vehicles are the future and if you can make it affordable and safe you have a recipe for the Model T of the 21st century.

Q: What’s practically necessary when thinking about mass producing a vehicle?
DK: We established a production process: a sequence of assembly and bill of materials: two things that are essential to producing anything. You have to know what your sequence of assembly is and your bill of materials. Besides your supply chain and having an actual factory, there are the four big things that you have to worry about. Some people call them the four Ps: Product, Process. Plant. People.

I've been working on those four Ps… the last one we don’t have: people. I’m looking for a manufacturing plant. We have our product. The product is going to get better over time. We are on prototype number four-and-a-half.

We are building an awesome team of diverse skill sets. I’m a pretty hands-on type, I learn and synthesize predominantly through the empirical processes. Sometimes the best thing to do is to just do it. It’s hardware, so you need all hands-on deck, the ability to iterate quickly, learn on the fly, and have a peer review. I ask smart people who have 10-20 years experience or so, and have been able to learn a lot from them.

Q: How do you know if you should actually listen to their advice?
DK: I have been compiling a rather large dataset of advice; I can usually tell when someone is [expletive] me. I know a lot of people who have done production for larger runs. Depending on scale, there’s a pretty consistent language and processes involved and a level of concern of which to mitigate failure. You are going to be making mistakes. The difference between a smart founder and one that isn’t is, the smart founder when making a complex decision might pick a somewhat logical direction without all the correct information, moving the company forward. Carefully monitoring the progress and change directions quickly if needed to mitigate the damage. It is about staying on your toes, and I have been doing that somewhat well over the last four years on a really small budget.

We've raised $2.2 million, with almost $1 million in pre-earned sales of our first production run (around 890 pre-orders). It cost half a million dollars to build a high-speed prototype. That will be something that we will have finished over the next few months. Right now, we have 5 patents that have been granted. Our team has grown from 6 to 18 people. We are very well poised to get further funding and go into production.

Q: Are you working hard?
DK: Yes, I work 14-hour days and usually work until I go to sleep. We are developing a rather large product so it takes time to build. Regardless, you have to put in the time to make it happen; my entire team knows this. We are here to make change and eventually make some money in the process.