Huge Risk – Fraud in the Smart Mobility Space


VP Innovation

Much has been said about the threat cyber attacks pose to connected cars, however, there are other significant risks for companies using such vehicles. Many businesses in the automotive industry rely on the new technologies introduced by connected cars and the smart mobility world as their main way to operate. Such businesses include car rental agencies, car leasing companies, and the expanding realm of car sharing companies. Mobile apps enable these companies to operate as they do today, providing modern services, and together with data gathered by connected cars they can track and monitor their vehicle fleets. While these innovations are very beneficial to businesses, they also entail the risks of fraud and misuse which can have a grave impact.

The first danger lurking in car sharing mobile apps is identity theft by hackers who penetrate the real users’ mobile devices. Mobile malware is constantly evolving and infect an ever-increasing number of users. These nefarious threats can completely compromise a mobile device and steal all credentials stored on it, or target a specific app, including car apps, as a Kaspersky research demonstrated all too well. From the moment an attacker obtained your credentials to a car-sharing app or breached it, he can use your account as if it was his own and inflict serious fraud damages upon the car sharing company.

Attackers can also use fake identities to register for Car on Demand services just like they do with any other credit card fraud. With identity leakage incidents like the Equifax breach and a record increase of data breaches in the US in general, hackers can pick whichever stolen identity which suits them from the millions sold on the black market for pennies, and use it to make unauthorized car rides on the victim’s behalf. With card-not-present frauds on the rise, there’s no reason to suspect they will not affect the automotive industry as well.

The new technologies of the smart mobility world also provide an opportunity for car rental agencies to fight misuse better than ever before. An example of a common misuse is rental cars used for taxi services such as Uber and Lyft, which strictly violate the car rental terms of service, or drivers driving recklessly and disregarding the rented vehicle’s integrity. While in the past rental agencies had no way of monitoring and enforcing their fleet’s policies, the data gathered by connected cars can be used to their advantage, if analyzed properly.

We at Upstream, can not only protect your fleet against cyber-threats but also provide you with advanced machine learning and big data analytics which will help you prevent such cases of fraud and misuse. Our solution is cloud-based, non-intrusive and uses data your fleet is already collecting. By constantly monitoring vehicle and driver behaviors, we can detect anomalies in the patterns and alert the fleet manager about any fraud attempt or misuse by one of the drivers. In the world of connected cars, fleet and IT managers should take care of their fleets’ security and prevent frauds, just like they tend to the vehicles physical conditions.

Newsletter Icon

Upstream’s 2023 Global Automotive Cybersecurity Report

Newsletter Icon

to our newsletter

Sign up to receive updates delivered to your inbox

Cleared for takeoff? Upstream’s vSOC is the traffic control center for vehicles

Air traffic control centers play a critical role in ensuring the safety and efficiency of air traffic. The control centers help prevent aircraft collisions, maintain…

Read more

Discovery: An Essential First Step in Securing APIs

API security is a crucial facet of cybersecurity in this era of rapid digitalization. While APIs serve as potent tools operating across every aspect of…

Read more

Securing the Road Ahead: The Automotive Perspective of the New SEC Cybersecurity Rules

Cybersecurity has been recently positioned as a top priority by the SEC, requiring corporate America to disclose information on material cyber attacks. In addition to…

Read more

Upstream Security joins AWS ISV Accelerate: What does it mean for Connected Mobility and SDV makers?

On May 24, 2023 Upstream was selected to join the AWS Independent Software Vendor (ISV) Accelerate Partner Program. This marks an important milestone in our…

Read more