How a burgeoning technology can be a potential vulnerability.
by Martin Banks, Managing Editor, Modded
The growing utility of vehicle telematics has resulted in their widespread adoption by businesses that want better tools to track vehicle fleet and equipment performance.
While telematics can offer significant benefits for businesses with vehicle fleets, any networked device can create new security vulnerabilities.
Each telematics sensor that a fleet owner adds to its network can create additional attack surfaces for hackers to take advantage of. Without the right security precautions, the business’s network could be at risk.
As the number of cyberattacks on small businesses grows, the implementation of basic security practices will become essential for companies that need to protect networked devices — like those that power a telematics system.
The Structure of a Telematics System
Every telematics system has a few essential components, including in-vehicle control units, telematics sensors, cloud servers, a service platform, apps and APIs for third-party integrations.
The complexity of these systems means that there is significant room for error when it comes to cybersecurity.
The structure of telematics systems means they face a few main vulnerabilities. Hackers can intercept data when it’s transferred between telematics sensors and processing or storage servers. They can also gain access to the servers with a breach of the business network and compromise data and the devices themselves.
Managing these vulnerabilities with the right practices can help businesses with telematics keep their networks safe.
1. Starting With Secure Devices
When building or buying a new telematics solution, selecting trusted hardware and software providers with good track records in security will be essential.
Developers with full control over their entire design and manufacturing process will have the best chance of creating secure telematics hardware and software.
Limiting the number of providers necessary to make the system work can also help — the fewer third parties a business has to engage with, the easier it will be to secure the overall telematics solution.
When implementing a telematics solution, business owners should review the benefits of telematics they need most, then consider choosing devices that help them gain those benefits.
Business owners should also consider how the number of devices they use may impact network security. The greater number of networked devices, the more opportunities a hacker has to break into the telematics network. Focusing on essential devices and key data can reduce the overall cost of the telematics solution and make it easier to secure.
2. Firmware and Software Security
An effective telematics maintenance plan depends on devices that are kept up to date. Otherwise, devices could remain vulnerable to exploits the device’s developer has patched out.
Many telematics devices update themselves without interrupting the user or collection of data by using software or firmware over-the-air (SOTA/FOTA) updates. These updates simplify security for the end-user, but they can also create new security risks.
Requiring digital signing for firmware updates helps ensure that each update is coming from a trusted source and has not been tampered with — reducing the chance that hackers can take advantage of OTA updates to compromise telematics devices.
For devices that don’t use OTA updates, ensuring that they are kept updated will be essential. The IT or cybersecurity team should know which devices will require special attention and how often they should go offline for updates.
3. Restrict Device Access
Aftermarket telematics devices should be installed in such a way that they can’t be easily accessed or tampered with.
Vehicle access should also be closely managed and monitored. At any given time, the business owner should know roughly who has access to each vehicle or who is authorized to use them. Only those employees who need to use the vehicles daily should have access, and they should know how to store keys in a way that will keep the vehicles secure.
For example, where will off-duty employees store vehicle keys when they clock out? Where should vehicles be parked, and should they be left locked or unlocked?
Business owners should also carefully manage access to telematics data. Like the vehicles themselves, only those who need access to the data for their jobs should have that access.
Network segmentation and user access management can reduce the possibility that telematics data will be at risk if an employee account is compromised.
4. Secure Data Transfer
Once the business owner is confident that data will be secure while at rest, they should begin to think about how data could be compromised in transit.
Because vehicles are often on the road, most telematics solutions rely on cell networks — 2G/3G, 4G and increasingly 5G in urban areas — to transfer data between sensors and the cloud. These cell networks have unique vulnerabilities, and businesses can’t directly secure them in the same way as business wi-fi or a wired network.
Encrypting telematics data is a good way to ensure it won’t provide much value to a hacker even if it is intercepted.
5. Train Employees in Cybersecurity
Often, the weakest link in a business’s cybersecurity defenses isn’t hardware or software. Instead, it’s employees who haven’t received the right training to keep devices and network access secure.
Phishing attacks have been on the rise for the past few years and work best when used against employees and individuals with minimal cybersecurity knowledge.
If the employees with direct access to the telematics hardware and software don’t have good knowledge of best practices and how to apply them to their day-to-day work, they may open up the business to attack.
Providing in-house training and effective cybersecurity education during employee onboarding will ensure that all team members have the knowledge they need to keep the network secure.
Defending Telematics Against Attackers
Telematics systems can provide serious benefits for businesses that manage vehicle fleets. Sensors coordinated by these systems can offer real-time information on things like vehicle location, performance and health.
However, these systems can be difficult to secure because of their complexity and how they are used. Cybersecurity professionals who work with businesses that use telematics should be aware of the risks they pose and how they can minimize the chance of a successful attack.
Implementing the right security practices — like working with trusted partners, keeping devices updated, training employees and managing device access — will ensure that businesses can use telematics without increasing their risk of a data breach.
About the Author
Martin Banks is the founder and Editor-in-Chief of Modded. You can find his writing all over the internet. He covers tech, gear, cars, and more.
Martin can be reached on Twitter @TModded and at his company website, https://modded.com/
