Truemag

  • Newsletters
  • Thought Leadership
  • Mobility
  • Autonomous
  • Safety
  • Work Trucks
  • Videos
  • Home
  • Subscribe
  • Contact Us
  • Media Kit
  • Who We Are

Cybersecurity Expert: Many Fleets Are Unprotected Against a Massive, Calamitous Hack

By Mark Boada, Executive Editor

Most fleets are unaware that they might be defenseless against a cyber-attack that could disable all of their vehicles, according to a long-time veteran of the cybersecurity industry.

In an extensive interview with Fleet Management Weekly, Dan Sahar, vice president of product at Upstream Security, a cloud-based automotive cybersecurity company, said that the adoption of telematics and the proliferation of other digital connections has created a growing number of “connected” vehicles that are vulnerable to long- and short-range hacks from criminals that could disable every vehicle they operate.

“Fifteen years ago, vehicles weren’t connected, and maybe the worst case was somebody left the car unlocked and it was stolen,” he said. “Today, vehicles are connected, which helps to manage fleets more efficiently, but it comes at a price. The second you introduce that technology, you unknowingly create the ability for hackers to disrupt your fleet if they choose to do so. Nobody knows whether they’ll choose to do so, but they might.”

Sahar foresees a scenario where, through a single hack, every driver of a particular manufacturer’s vehicle model or of any fleet vehicle could be unable to unlock it or start the engine. It would be a major catastrophe, he noted, especially for a sales or a delivery fleet.

“Think of a FedEx or UPS or Amazon on Christmas Eve, not being able make deliveries. It would be extremely damaging to them as well as to the entire country. It’s not a wild dream. It’s totally within the realm of possibility if that fleet is connected.”

Complacency predominates
For the most part, he said, fleet managers are unaware of the danger or lack a sense of urgency because the industry hasn’t yet had its “Equifax moment,” a reference to the theft of the personal data of 147.7 million consumers from the credit rating company’s computers. “Many fleets are aware of the danger, but they think it’s still theoretical,” said Sahar.

But in a report it issued earlier this year, Upstream said the number of automotive hacks doubled last year, more than half of which were malicious (as opposed to events conducted by researchers). One malicious attack involved a hacker who broke into thousands of accounts belonging to users of two GPS tracker apps, giving him the ability to monitor the locations of tens of thousands of vehicles and even turn off the engines for some of them while they were in motion.

Fleets the “soft underbelly” of business
While large companies in many industries have become adept at protecting their core business operations against hackers, Sahar said that fleet operations are companies’ “soft underbelly” which, in many cases, have not been given the same level of attention from enterprise computer security teams. He said it’s not unusual for his company to talk with connected fleets that fail to take even the most fundamental security measures, like encrypting the data that flows from their vehicles through devices called “dongles” that plug into an onboard diagnostic port.

“When you talk to some fleets and ask them what cybersecurity they have, they said their dongles are read-only, which means illegitimate commands cannot enter the vehicle’s computer system. What they don’t know is when the software in the dongles is hacked to read-write, it’s no longer secure.”

Upstream’s report counts 12 different automotive systems that can become doorways to hackers. Keyless entry and key fob systems account for the largest single avenue, at some 30 percent of all successful recorded attacks since 2010. The others include company servers, mobile application, onboard diagnostic ports, infotainment systems, sensors, Wi-Fi, electric control units, Bluetooth, cellular networks, OBD dongles and in-vehicle networks.

Looking for data anomalies
Upstream’s approach to vehicle security is based on an understanding of the pattern of normal data flows between a manufacturer’s vehicle models or a fleet of vehicles and a back-end computer system. After Upstream’s computers determine what’s normal, it monitors all subsequent data flows for patterns that lie outside the norm. Sahar said these can be as simple as vehicles being started outside normal business hours, or commands that originate outside a company’s established network.

When such anomalies are detected, the fleet receives an alert that triggers one or more remediation responses contained in a “playbook.” In addition to analyzing the data, Sahar said Upstream can help fleets create and maintain those playbooks.

Upstream offers its software solution to auto manufacturers, telematics companies, mobile security system providers and directly to fleets. Sahar said the 2 million vehicles enrolled in its company’s business is largely split between customers in the United States and Europe. Its direct customers include oil and gas companies, service fleets, car-sharing and car rental companies, and the manufacturers of commercial and consumer vehicles.

Upstream is privately held, Sahar said, but recently took on as partners Volvo, Renault-Nissan, Mitsubishi, Hyundai and Nationwide Insurance.

What fleet managers should do
Sahar said that while fleet managers aren’t experts in cyber security, they need to find out from others how well they’re protected against remote hackers. Experts they should turn to include their own company’s computer security team, if it has one, its wireless technology providers or, specialized automotive cybersecurity consultants.

Questions he said they should ask include:
• What security software is embedded in my vehicle’s dongles?
• Is my data encrypted and, if so, how?
• Show how my data is passed from vehicles to the fleet management platform.
• If the data is stored in a cloud, what does the cloud infrastructure look like?
• How are you making sure my data is private?
• What are you doing for access control?

Sahar said that while some telematics companies do a good job protecting against hackers, not all do. “Let’s say a major delivery fleet that relies on a telematics provider suffers a disabling hack. It can blame the telematics provider, but ultimately the problem is more theirs than the telematics provider’s.”

 

 

May 24, 2020Janice
Spread Positivity and Productivity Across the Fleet, Not CoronavirusWholesale Prices Rebound in the First Half of May After Historic Fall
You Might Also Like
 
American Le Mans Series Race Cars Continue Clean Fuel Improvements
 
Leading, Listening and Learning

Leave a Reply Cancel reply

Recent Posts
  • Electric Car Batteries with Five-Minute Charging Times Produced
  • 5G Will Transform Fleet: Safer, Smarter and Maybe Autonomously
  • Want to Make Your Case for Motor Pool? Here’s How
  • Wheels Inc & GM’s OnStar Partner to Extend Vehicle Connectivity Services
  • Jon Stafford Appointed SVP of LeasePlan USA Corporate Fleet
  • Meet the Newly-Formed Fleet Advisory Council at NTEA
  • Talk to FMW: Succession Planning and Experience Retention
  • Fleets, Leasing Firms and Dealers Urged to Train Drivers on ADAS
  • Speed, Alcohol, and Drugs Increase U.S. Traffic Fatality Rate
  • GM Launches BrightDrop Company to Make Electric Delivery Vehicles
ASSOCIATION NEWS
The Ultimate Guide to Understanding Fleet Utilization & Achieving a Right-Sized Fleet
NAFA 2021 Institute & Expo Rescheduled to August
2020 NETS Conference Reveals Latest Fleet Safety Best Practices
Last Week to Register and Attend NAFA’s Essentials of Fleet Management Seminar: The Toolbox
AFLA 2020 President’s Awards Announced
Donlen President Tom Callahan Elected Into Fleet Hall of Fame
Bryan Flansburg, CAFM, Receives NAFA’s Distinguished Service Award
TECHNOLOGY
5G Will Transform Fleet: Safer, Smarter and Maybe Autonomously
Donlen Risk Center Wins 2021 BIG Innovation Award
What Buttigieg’s Nomination to Transportation Secretary Means for Cars
Toyota to Unveil Electric Car with 10-Min Fast-Charging Solid-State Battery Next Year
Private Autonomous Vehicles: The Other Side of the Robo-Taxi Story
New UK Police Speed Gun Can Read License Plates From Nearly Half a Mile Away—at Night
This New Feature is About to Make Electric Cars Way Easier to Use
CONFERENCES & WEBINARS
NAFA 2021 Institute & Expo Rescheduled to August
2020 NETS Conference Reveals Latest Fleet Safety Best Practices
NETS Virtual Strength IN Numbers®Fleet Safety Benchmark Conference
Tom Johnson Receives NAFA’s Honorary Lifetime Membership Award
Countdown to AFLA NextGen 2020
eDriving Webinar — Grey Fleet: The Myths, The Liabilities, The Solutions
Leadership Panel on The State of the Fleet Industry Takes Place at NAFA’s Virtual I&E
INDUSTRY ANNOUNCEMENTS
Merchants Fleet 2021 Outlook
FMW Welcomes Donald Dunphy
Holman Enterprises Names Chris Conroy President and COO
Michael Stafford Named Sales Director, Western Region, at Lordstown Motors
Fleet Industry Expert Steve Saltzgiver Joins RTA
Bill Schankel, CAE Appointed New CEO at NAFA
Merchants Fleet Secures $50 Million in Growth Financing from Bain Capital Credit

Fleet Management Weekly Newsletter Archive
Access to back issues of the FMW newsletter.

FMW Mobility
How mobility is rapidly changing the fleet management landscape.

Newsletter

Subscribe

FMW Fleet Videos
Video clips of industry leaders speaking on a variety of engaging hot topics in fleet.

2014-2020 © Fleet Management Weekly