Connected Car-Fleets are in Immediate Risk of Cyber Attacks. Here’s What You Can Do About it


VP Innovation

Connectivity has become a competitive edge in the automotive industry. Like in so many other industries such as finance, healthcare, or insurance, stakeholders in the automotive sector realize the enormous potential that lies in connecting cars to the internet; using the data coming from the connected vehicle makes everyone happy: on the one hand drivers gain easier servicing and maintenance, and on the other, car manufacturers can use it to improve services, upgrade software, boost marketing, while car-fleets can use it for diagnostics such as maintenance alerts, health status reports, improve logistics, and even to monitor drivers’ behavior.

Car-fleets using aftermarket telematics face great risks

Connectivity is not only available as an embedded infrastructure within the car; thanks to the massive revenue and business value that lie in connected cars for all stakeholders, connectivity also became available through aftermarket devices installed in cars already on the road. These aftermarket telematics devices enable car-fleets interested in leveraging the functionalities of the connected car, to enjoy them without buying new connected vehicles.

A seemingly perfect solution for car-fleets looking to gain better operative performance using the car-generated data, it also bears risks: once the fleet is connected, it is immediately exposed to the most dangerous cyber threat today – a fleet-wide attack. The aftermarket telematics device serves as an entry point for hackers to penetrate either the vehicle itself, the telematics backend servers, or even the company’s IT network. Judging from experience, it’s clear today that telematics servers are an attractive target for hackers.

And car-fleet organizations are beginning to be aware of those risks: only recently, organizations such as the American Trucking Associations (ATA) and the National Motor Freight Traffic Association (NMFTA) emphasized the need for fleets and service providers to enforce security in their companies’ systems and equipment, due to the growing risks of integrating Automated Driving Systems (ADS) in commercial vehicles.

But what does “enforce security” really mean when talking about cars already on the road?

While an IDC research already estimated a 3-year security lag before systems catch-up with ever-evolving cyber threats, OEMs are ‘chasing their tales’ trying to secure every potential vulnerability and release safer connected cars to the market. But what about the cars already on the road today with telematics devices exposing them daily to cyber hacks? Companies running connected car-fleets need a security solution to protect their data, staff, and vehicles today, not in 3 years!

According to Gartner, there are over 100 million connected cars on the road today, and in some countries, the majority of the cars are already connected. Among these, car-fleets, many of the cars are connected via aftermarket telematics devices, and are in immediate risk of cyber attacks and data breaches. For these fleets, waiting for vulnerability patches from the Telematics Service Providers (TSP) or adding security components (either hardware or software) to the telematics device is not an option. The only viable solution for these car-fleets is a non-intrusive security mechanism that does not require any hardware installations or software updates, and can be deployed immediately on the cars already on the road today.

Protecting connected fleets already on the road today

Upstream Security protects car-fleets from fleet-wide attacks, vehicle hacks and data breaches by securing the technologies and applications of connected vehicles fleet and the data flow to and from the aftermarket telematics devices completely un-intrusively, and without requiring any hardware changes or OTA software updates. With comprehensive monitoring of the entire connected car ecosystem, Upstream uses proprietary AI (specifically machine learning) algorithms to track patterns, identify behaviors, and detect anomalies along the data flow between the vehicle, any service apps, and the backend telematics servers. This wholesome approach to securing both the vehicle and the network offers intelligent visibility to detect real-time incidents, giving the fleet’s stakeholders greater control and peace of mind.

For more information on securing connected fleets on the road today >

Newsletter Icon

Upstream’s 2023 Global Automotive Cybersecurity Report

Newsletter Icon

to our newsletter

Sign up to receive updates delivered to your inbox

The Power Grid Must Be Protected, But Are EV Charging Stations Secure?

The widespread adoption of electric vehicles (EVs) depends on a robust and reliable network of charging stations. However, as the number of EVs on the…

Read more

Navigating the Risks of Automotive Subscription Revenue Streams: Cyber Hacking Enables Bypassing, Tampering and Fraud

“A significant increase in hacking attempts by vehicle owners is expected, aimed at bypassing premium costs by manipulating systems fraudulently.” – Upstream Security 2023 Global…

Read more

API Security Needs to be Integral in Automotive Threat Analysis and Risk Assesment

APIs enable the opportunity to innovate and improve services in the connected vehicle and smart mobility ecosystem. APIs are widely used in advanced features, services…

Read more

NHTSA Updates US Cybersecurity Guidelines for Vehicles

Connected and software-defined vehicles technologies are on the rise, offering customers a better user experience, and introducing new monetization strategies for OEMs. Given the rising…

Read more