Connectivity has become a competitive edge in the automotive industry. Like in so many other industries such as finance, healthcare, or insurance, stakeholders in the automotive sector realize the enormous potential that lies in connecting cars to the internet; using the data coming from the connected vehicle makes everyone happy: on the one hand drivers gain easier servicing and maintenance, and on the other, car manufacturers can use it to improve services, upgrade software, boost marketing, while car-fleets can use it for diagnostics such as maintenance alerts, health status reports, improve logistics, and even to monitor drivers’ behavior.
Car-fleets using aftermarket telematics face great risks
Connectivity is not only available as an embedded infrastructure within the car; thanks to the massive revenue and business value that lie in connected cars for all stakeholders, connectivity also became available through aftermarket devices installed in cars already on the road. These aftermarket telematics devices enable car-fleets interested in leveraging the functionalities of the connected car, to enjoy them without buying new connected vehicles.
A seemingly perfect solution for car-fleets looking to gain better operative performance using the car-generated data, it also bears risks: once the fleet is connected, it is immediately exposed to the most dangerous cyber threat today – a fleet-wide attack. The aftermarket telematics device serves as an entry point for hackers to penetrate either the vehicle itself, the telematics backend servers, or even the company’s IT network. Judging from experience, it’s clear today that telematics servers are an attractive target for hackers.
And car-fleet organizations are beginning to be aware of those risks: only recently, organizations such as the American Trucking Associations (ATA) and the National Motor Freight Traffic Association (NMFTA) emphasized the need for fleets and service providers to enforce security in their companies’ systems and equipment, due to the growing risks of integrating Automated Driving Systems (ADS) in commercial vehicles.
But what does “enforce security” really mean when talking about cars already on the road?
While an IDC research already estimated a 3-year security lag before systems catch-up with ever-evolving cyber threats, OEMs are ‘chasing their tales’ trying to secure every potential vulnerability and release safer connected cars to the market. But what about the cars already on the road today with telematics devices exposing them daily to cyber hacks? Companies running connected car-fleets need a security solution to protect their data, staff, and vehicles today, not in 3 years!
According to Gartner, there are over 100 million connected cars on the road today, and in some countries, the majority of the cars are already connected. Among these, car-fleets, many of the cars are connected via aftermarket telematics devices, and are in immediate risk of cyber attacks and data breaches. For these fleets, waiting for vulnerability patches from the Telematics Service Providers (TSP) or adding security components (either hardware or software) to the telematics device is not an option. The only viable solution for these car-fleets is a non-intrusive security mechanism that does not require any hardware installations or software updates, and can be deployed immediately on the cars already on the road today.
Protecting connected fleets already on the road today
Upstream Security protects car-fleets from fleet-wide attacks, vehicle hacks and data breaches by securing the technologies and applications of connected vehicles fleet and the data flow to and from the aftermarket telematics devices completely un-intrusively, and without requiring any hardware changes or OTA software updates. With comprehensive monitoring of the entire connected car ecosystem, Upstream uses proprietary AI (specifically machine learning) algorithms to track patterns, identify behaviors, and detect anomalies along the data flow between the vehicle, any service apps, and the backend telematics servers. This wholesome approach to securing both the vehicle and the network offers intelligent visibility to detect real-time incidents, giving the fleet’s stakeholders greater control and peace of mind.
Upstream’s 1000th Automotive Cybersecurity Incident: Use NFC Card to Gain Control in 130 Seconds
As a part of Upstream’s ongoing effort to monitor, analyze and assess the impact of automotive-related cybersecurity incidents and vulnerabilities, we recently marked an important…Read more
Charging Station’s Cybersecurity Risks Endanger EV Adoption
Automakers and consumers are experiencing a breakthrough in electronic vehicle (EV) adoptability. Wide-spread easily accessible charging station networks are quelling range anxiety and replacing it…Read more
Protecting Vehicles Requires a Fresh Outlook on Product Cybersecurity
Cybersecurity is an ever-transforming realm. As vehicles become significantly more connected, the threat landscape increases exponentially. In the race between threat actors and security teams,…Read more
Cybersecurity for Connected Vehicles: From Cost Centre to Value Centre (Part 2)
This blog is part of a series on the monetization of connected vehicles through cloud-based agentless cybersecurity tools, written by Ric Vicari, Upstream’s UK-based VP…Read more