Connected Car-Fleets are in Immediate Risk of Cyber Attacks. Here’s What You Can Do About it


VP Innovation

July 10, 2018

Connectivity has become a competitive edge in the automotive industry. Like in so many other industries such as finance, healthcare, or insurance, stakeholders in the automotive sector realize the enormous potential that lies in connecting cars to the internet; using the data coming from the connected vehicle makes everyone happy: on the one hand drivers gain easier servicing and maintenance, and on the other, car manufacturers can use it to improve services, upgrade software, boost marketing, while car-fleets can use it for diagnostics such as maintenance alerts, health status reports, improve logistics, and even to monitor drivers’ behavior.

Car-fleets using aftermarket telematics face great risks

Connectivity is not only available as an embedded infrastructure within the car; thanks to the massive revenue and business value that lie in connected cars for all stakeholders, connectivity also became available through aftermarket devices installed in cars already on the road. These aftermarket telematics devices enable car-fleets interested in leveraging the functionalities of the connected car, to enjoy them without buying new connected vehicles.

A seemingly perfect solution for car-fleets looking to gain better operative performance using the car-generated data, it also bears risks: once the fleet is connected, it is immediately exposed to the most dangerous cyber threat today – a fleet-wide attack. The aftermarket telematics device serves as an entry point for hackers to penetrate either the vehicle itself, the telematics backend servers, or even the company’s IT network. Judging from experience, it’s clear today that telematics servers are an attractive target for hackers.

And car-fleet organizations are beginning to be aware of those risks: only recently, organizations such as the American Trucking Associations (ATA) and the National Motor Freight Traffic Association (NMFTA) emphasized the need for fleets and service providers to enforce security in their companies’ systems and equipment, due to the growing risks of integrating Automated Driving Systems (ADS) in commercial vehicles.

But what does “enforce security” really mean when talking about cars already on the road?

While an IDC research already estimated a 3-year security lag before systems catch-up with ever-evolving cyber threats, OEMs are ‘chasing their tales’ trying to secure every potential vulnerability and release safer connected cars to the market. But what about the cars already on the road today with telematics devices exposing them daily to cyber hacks? Companies running connected car-fleets need a security solution to protect their data, staff, and vehicles today, not in 3 years!

According to Gartner, there are over 100 million connected cars on the road today, and in some countries, the majority of the cars are already connected. Among these, car-fleets, many of the cars are connected via aftermarket telematics devices, and are in immediate risk of cyber attacks and data breaches. For these fleets, waiting for vulnerability patches from the Telematics Service Providers (TSP) or adding security components (either hardware or software) to the telematics device is not an option. The only viable solution for these car-fleets is a non-intrusive security mechanism that does not require any hardware installations or software updates, and can be deployed immediately on the cars already on the road today.

Protecting connected fleets already on the road today

Upstream Security protects car-fleets from fleet-wide attacks, vehicle hacks and data breaches by securing the technologies and applications of connected vehicles fleet and the data flow to and from the aftermarket telematics devices completely un-intrusively, and without requiring any hardware changes or OTA software updates. With comprehensive monitoring of the entire connected car ecosystem, Upstream uses proprietary AI (specifically machine learning) algorithms to track patterns, identify behaviors, and detect anomalies along the data flow between the vehicle, any service apps, and the backend telematics servers. This wholesome approach to securing both the vehicle and the network offers intelligent visibility to detect real-time incidents, giving the fleet’s stakeholders greater control and peace of mind.

For more information on securing connected fleets on the road today >

Newsletter Icon

Upstream’s 2024 Global Automotive Cybersecurity Report

Newsletter Icon

to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

Mike Lexa Joins Upstream Security Advisory Board to Accelerate Cybersecurity Resilience in the Automotive & Mobility IoT Sector

The mobility ecosystem is experiencing a profound digital transformation. The increasing reliance on mobility services and Internet of Things (IoT) devices is not just reshaping…

Read more

7 Key Financial Implications of Automotive Cybersecurity Risks

In June 2023, a leading Taiwan-based semiconductor manufacturer disclosed a cybersecurity incident involving a ransomware group and one of its IT hardware suppliers, which led…

Read more

Newly Discovered IoT Vulnerabilities in ELDs Raise Risk for Fleet-Wide Attacks

In late March 2024, The Register published a unique coverage, describing multiple new vulnerabilities and elaborating on the cyber risks in ELDs (electronic logging devices)…

Read more

Navigating the Evolving Automotive Cybersecurity Regulatory Landscape

The automotive industry’s digital transformation has ushered in an era of unprecedented connectivity and technological advancement. Yet, it is also exposing mobility assets to a…

Read more