Securing the Weakest Link in Connected Cars: Telematics Data Servers


VP Innovation

November 27, 2017

The automotive industry has transformed itself in recent years and is on the verge of an even greater leap into the future. In the new world of connected cars, information is key, and cars generate terabytes of it. Every day. In this post, we will discuss how information is sent, to whom, and what are the risks entailed in moving to the new age of connected cars and what you should do to protect your connected fleet from them.

Connected Car Telematics Data Servers

Connected vehicles collect information about every possible detail in the vehicle’s life, from the steering wheel’s position to fuel consumption and exact pressure applied on the breaks. This data has the potential of transforming the way we use cars today, driver safety and improve drastically elements like fleet management and maintenance. The gathered information is constantly communicated back to telematics and application backend servers.

Connected cars transmit data to backend servers, belonging to different entities. The first are servers belonging to the OEM of the vehicle itself, which collect performance data and can remotely distribute OTA (Over the Air) software updates if needed. Other servers belong to aftermarket companies such as insurance companies, which use the data to determine the driver’s driving score to provide an adapted insurance policy, or other types of fleets such as mobility service providers, commercial fleets, car rental and leasing companies and more, aiming to generate meaningful insights from the collected information to manage the fleet better. These servers rely on different telematics units installed in the vehicle, usually through the OBD port, but provide the same data access and capabilities. Enterprises with large connected fleets might also install an independent telematics unit (TCU) for their own maintenance and policy enforcement.

Telematics Data’s Impact on Automotive Cybersecurity

Contrary to common belief, telematics and applications servers don’t only collect telematics data about the vehicle’s activity, but can also send them certain commands, which can have a frightening effect in the wrong hands. These commands include remotely igniting the engine or turning it off, locking and unlocking doors and many others. As one can assume, car thieves would be thrilled by the idea of effortlessly opening car doors and igniting their engines. This is not a lone example of the grave consequences telematic and application servers might have on the fleet’s security. When looking closely, there seem to be endless possibilities to exploit them for a wide range of purposes. And some have already begun to look.

As Elon Musk said himself, the most frightening cyber-attack today is a fleet-wide hack of connected vehicles. Musk astutely identified fleet-wide hacks as not only dangerous but as entirely possible. While he is doing his best to ensure Tesla cars are protected, his insight should concern any connected fleet operator.

“One of the biggest risks for autonomous vehicles is somebody achieving a fleet-wide hack”  Elon Musk.

Not just theory. Connected cars are being hacked today

As several security researchers have already demonstrated, connected cars can be hacked and controlled, threatening the life of their drivers and passengers. If a fleet-wide hack is achieved, this effect will be tenfold, to say the least. Unfortunately, fleet hacks did not remain in the research labs. In August 2016, two car thieves were able to reprogram over 30 Jeeps to accept a generic key, which allowed them to steal them without even breaking a window.

Recent hacks of car manufacturers, including Renault, Nissan, and Honda prove just how feasible it is to use them as the entry point to your vehicle. While in this case, the perpetrators only infected the companies with the WannaCry ransomware, which in itself was bad enough and forced Honda to shut down its operation, the full potential of such a hack is much worse. One just needs to imagine what would happen if all cars manufactured by a certain OEM were simultaneously pawned, with catastrophic consequences.

What is missing in automotive cybersecurity?

As Elon Musk mentioned, connected cars are basically “laptops on wheels”, which means they should be treated as such for security purposes as well. Just like any corporate network has both an Anti-Virus solution, responsible for protecting the single computer from infections, and a firewall guarding the whole network on the gateway, so should cars. Today, most of the focus in the automotive industry is on in-vehicle security solutions, which are crucial, but cannot stand on their own, and must be accompanied by a comprehensive fleet level protection for the telematics and application backend servers.

While data centers already have many security protections, none are equipped to deal with the unique challenge posed by the automotive world. Similar to critical infrastructure systems, telematics protocols are proprietary protocols and do not share a common standard. Since some fleets, and especially the large ones use more than one telematics service, the same network can incorporate multiple telematics protocols, making the challenge for protectors even bigger. Common security solutions are not capable of analyzing these distinct protocols and determine whether a malicious activity is taking place. To rephrase Musk’s description: “connected cars are critical infrastructure on wheels”.

Taking automotive cybersecurity to the fleet level

We at Upstream focus on protecting connected cars against fleet-wide attacks, by proving a novel cloud-based security solution which uses advanced big data analytics and machine learning technologies. Using these tools, we developed expertise in the various telematics protocols and the behavior of such servers. This intimate knowledge allows us to inspect and secure the communications between the fleet and the data center, as well as the data center itself, by analyzing the activities in the correct context. This is the only way in which you can profit from the new and exciting advancements in the automotive cybersecurity industry while keeping your fleet safe and sound.

Newsletter Icon

Upstream’s 2024 Global Automotive Cybersecurity Report

Newsletter Icon

to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

Newly Discovered IoT Vulnerabilities in ELDs Raise Risk for Fleet-Wide Attacks

In late March 2024, The Register published a unique coverage, describing multiple new vulnerabilities and elaborating on the cyber risks in ELDs (electronic logging devices)…

Read more

Navigating the Evolving Automotive Cybersecurity Regulatory Landscape

The automotive industry’s digital transformation has ushered in an era of unprecedented connectivity and technological advancement. Yet, it is also exposing mobility assets to a…

Read more

With Its Second Milestone Coming Soon, the Impact of UNECE R155 Continues to Expand

The UNECE WP.29 R155 regulation is rapidly evolving, reflecting the automotive industry’s commitment to addressing cybersecurity risks across an increasingly connected and technologically advanced mobility…

Read more

The GenAI Arms Race is Here

The Automotive and Smart Mobility Ecosystem is entering a new era of GenAI, democratizing attacks but also cyber defenses. On the one hand, GenAI is…

Read more