Truemag

  • Newsletters
  • Thought Leadership
  • Mobility
  • Safety
  • Work Trucks
  • Videos
  • Home
  • Subscribe
  • Contact Us
  • Media Kit
  • Who We Are

Cybersecurity Expert: Many Fleets Are Unprotected Against a Massive, Calamitous Hack

By Mark Boada, Executive Editor

Most fleets are unaware that they might be defenseless against a cyber-attack that could disable all of their vehicles, according to a long-time veteran of the cybersecurity industry.

In an extensive interview with Fleet Management Weekly, Dan Sahar, vice president of product at Upstream Security, a cloud-based automotive cybersecurity company, said that the adoption of telematics and the proliferation of other digital connections has created a growing number of “connected” vehicles that are vulnerable to long- and short-range hacks from criminals that could disable every vehicle they operate.

“Fifteen years ago, vehicles weren’t connected, and maybe the worst case was somebody left the car unlocked and it was stolen,” he said. “Today, vehicles are connected, which helps to manage fleets more efficiently, but it comes at a price. The second you introduce that technology, you unknowingly create the ability for hackers to disrupt your fleet if they choose to do so. Nobody knows whether they’ll choose to do so, but they might.”

Sahar foresees a scenario where, through a single hack, every driver of a particular manufacturer’s vehicle model or of any fleet vehicle could be unable to unlock it or start the engine. It would be a major catastrophe, he noted, especially for a sales or a delivery fleet.

“Think of a FedEx or UPS or Amazon on Christmas Eve, not being able make deliveries. It would be extremely damaging to them as well as to the entire country. It’s not a wild dream. It’s totally within the realm of possibility if that fleet is connected.”

Complacency predominates
For the most part, he said, fleet managers are unaware of the danger or lack a sense of urgency because the industry hasn’t yet had its “Equifax moment,” a reference to the theft of the personal data of 147.7 million consumers from the credit rating company’s computers. “Many fleets are aware of the danger, but they think it’s still theoretical,” said Sahar.

But in a report it issued earlier this year, Upstream said the number of automotive hacks doubled last year, more than half of which were malicious (as opposed to events conducted by researchers). One malicious attack involved a hacker who broke into thousands of accounts belonging to users of two GPS tracker apps, giving him the ability to monitor the locations of tens of thousands of vehicles and even turn off the engines for some of them while they were in motion.

Fleets the “soft underbelly” of business
While large companies in many industries have become adept at protecting their core business operations against hackers, Sahar said that fleet operations are companies’ “soft underbelly” which, in many cases, have not been given the same level of attention from enterprise computer security teams. He said it’s not unusual for his company to talk with connected fleets that fail to take even the most fundamental security measures, like encrypting the data that flows from their vehicles through devices called “dongles” that plug into an onboard diagnostic port.

“When you talk to some fleets and ask them what cybersecurity they have, they said their dongles are read-only, which means illegitimate commands cannot enter the vehicle’s computer system. What they don’t know is when the software in the dongles is hacked to read-write, it’s no longer secure.”

Upstream’s report counts 12 different automotive systems that can become doorways to hackers. Keyless entry and key fob systems account for the largest single avenue, at some 30 percent of all successful recorded attacks since 2010. The others include company servers, mobile application, onboard diagnostic ports, infotainment systems, sensors, Wi-Fi, electric control units, Bluetooth, cellular networks, OBD dongles and in-vehicle networks.

Looking for data anomalies
Upstream’s approach to vehicle security is based on an understanding of the pattern of normal data flows between a manufacturer’s vehicle models or a fleet of vehicles and a back-end computer system. After Upstream’s computers determine what’s normal, it monitors all subsequent data flows for patterns that lie outside the norm. Sahar said these can be as simple as vehicles being started outside normal business hours, or commands that originate outside a company’s established network.

When such anomalies are detected, the fleet receives an alert that triggers one or more remediation responses contained in a “playbook.” In addition to analyzing the data, Sahar said Upstream can help fleets create and maintain those playbooks.

Upstream offers its software solution to auto manufacturers, telematics companies, mobile security system providers and directly to fleets. Sahar said the 2 million vehicles enrolled in its company’s business is largely split between customers in the United States and Europe. Its direct customers include oil and gas companies, service fleets, car-sharing and car rental companies, and the manufacturers of commercial and consumer vehicles.

Upstream is privately held, Sahar said, but recently took on as partners Volvo, Renault-Nissan, Mitsubishi, Hyundai and Nationwide Insurance.

What fleet managers should do
Sahar said that while fleet managers aren’t experts in cyber security, they need to find out from others how well they’re protected against remote hackers. Experts they should turn to include their own company’s computer security team, if it has one, its wireless technology providers or, specialized automotive cybersecurity consultants.

Questions he said they should ask include:
• What security software is embedded in my vehicle’s dongles?
• Is my data encrypted and, if so, how?
• Show how my data is passed from vehicles to the fleet management platform.
• If the data is stored in a cloud, what does the cloud infrastructure look like?
• How are you making sure my data is private?
• What are you doing for access control?

Sahar said that while some telematics companies do a good job protecting against hackers, not all do. “Let’s say a major delivery fleet that relies on a telematics provider suffers a disabling hack. It can blame the telematics provider, but ultimately the problem is more theirs than the telematics provider’s.”

 

 

May 24, 2020Janice
Spread Positivity and Productivity Across the Fleet, Not CoronavirusWholesale Prices Rebound in the First Half of May After Historic Fall
Recent Posts
  • Registration Open for 2024 AFLA Canada Summit in Toronto
  • Mentor Rewards: Can Incentives Help Us Drive More Safely?
  • A Call to Action: All the Ways Fleet Industry Marketers Can Enable Sales & Earn Thought Leadership
  • Subaru’s New Eyesight Technology Can Prevent Crashes with Bicycles
  • Isuzu Celebrates 100,000th Gasoline-powered N-Series Truck
  • Merchants Fleet Appoints Kirk Hoffman as New CFO
  • NAFA Announces the 2023 Green Fleet Awards Competition
  • EV Numbers Rise in Some Conservative Places
  • New Orleans Ignores ‘Clean Fleet’ Law During $50M Vehicle-Buying Spree
  • The Five Cascading Benefits to Creating a Culture of Safety
ASSOCIATION NEWS
Registration Open for 2024 AFLA Canada Summit in Toronto
NAFA Announces the 2023 Green Fleet Awards Competition
Speakers Announced for NAFA’s Fleet Safety Symposium
AFLA Palm Springs Conference — Early Bird Pricing Ends May 31st!
NAFA Fleet Safety Symposium 2023: The Road to Safety
WIFM Profile: Jennifer Chapman’s Rewards Come from Making a Difference in Others
NAFA Webinars: Learn from the 100 Best Fleets
TECHNOLOGY
Subaru’s New Eyesight Technology Can Prevent Crashes with Bicycles
EV Numbers Rise in Some Conservative Places
Protect Your Drivers and Your Business: How to Overcome Driver ADAS Impairment
The Future of Connected Cars Starts with Emergency Vehicle Detection
NVIDIA is Upgrading the In-Car Experience with AI, Streaming, and Advanced Safety Features
Ford’s Deal with Tesla May Encourage Other Carmakers to Follow Suit
2023 Ford Super Duty Now Shipping, Having Passed New Zero Defect Tests
CONFERENCES & WEBINARS
Registration Open for 2024 AFLA Canada Summit in Toronto
Speakers Announced for NAFA’s Fleet Safety Symposium
AFLA Palm Springs Conference — Early Bird Pricing Ends May 31st!
NAFA Webinars: Learn from the 100 Best Fleets
Register Now for NETS 2023 Conferences in Paris & Indianapolis
Fleet Success Summit 2023 Brings Fleet Leaders Together
FMW Brand Acceleration: Meet the Fleet Marketing Experts at NAFA I&E
INDUSTRY ANNOUNCEMENTS
Registration Open for 2024 AFLA Canada Summit in Toronto
Merchants Fleet Appoints Kirk Hoffman as New CFO
NAFA Announces the 2023 Green Fleet Awards Competition
AFLA Palm Springs Conference — Early Bird Pricing Ends May 31st!
NAFA Fleet Safety Symposium 2023: The Road to Safety
NAFA Webinars: Learn from the 100 Best Fleets
Register Now for NETS 2023 Conferences in Paris & Indianapolis

Fleet Management Weekly Newsletter Archive
Access to back issues of the FMW newsletter.

FMW Mobility
How mobility is rapidly changing the fleet management landscape.

Newsletter

Subscribe

FMW Fleet Videos
Video clips of industry leaders speaking on a variety of engaging hot topics in fleet.

2014-2020 © Fleet Management Weekly