The connected car technology has greatly improved the safety and efficiency of public, private, and commercial car transportation today, while also driving business and revenues for all stakeholders involved in the connected car industry (from OEMs and car-fleets to smart mobility services, telematics service providers, et cetera).
However, cyber threats and data privacy concerns haven’t skipped the TSPs (Telematics Service Providers) along with all other stakeholders in the connected car ecosystem. The telematics backend servers that enable these companies to run, analyze, and use the car-generated data for their clients are becoming a favorite target for hackers, making TSPs more vulnerable than ever to cyber attacks and data theft by malicious parties. This means major business implications for TSPs that do little or not enough to secure their telematics servers, like in the case of these two companies –
TSPs notorious breaches
In May of 2018, security researchers discovered one of CalAmp’s servers to be misconfigured, which allowed them to hack into the server and take over several of the associated vehicles. Once breached, the vehicles could be started and stopped without the driver’s initiation, the reports from the IoT database could be accessed, and sensitive user data could be leaked.
In other words, the hackers obtained full access to the fleet’s telematics data managed by the TSP, which could have easily been exploited. CalAmp was lucky enough to have been made aware of this vulnerability before any malicious breach was executed.
However, Ituran, Israel’s largest provider of fleet management services, was not as fortunate. A weak password-keeping mechanism allowed attackers to access the company’s customer information and monitor their exact location. Personal drivers information such as full name, home address, phone number, email address, and even family status could easily be accessed and utilized maliciously.
The hard lesson for TSPs: data security breaches will cost you your customers
Fearing major business and reputational repercussions, both companies immediately issued poignant statements to minimize damage by assuring their customer-base their total commitment to providing best-in-class security for the data they store, run, and manage:
“CalAmp takes the security of our telematics devices very seriously. Our security commitment extends to providing customers with best-in-class security feature enhancements, and world-class applications support to combat any system level security vulnerabilities…”
“Ituran does everything to protect the privacy of its customers…We are working to reduce the exposure immediately, via new password mechanisms.”
The problem of cybersecurity vulnerabilities is by no means unique to TSPs alone; ramifications of telematics data breaches can cause great reputational damage to all other stakeholders in the connected car ecosystem, such as OEMs and car-fleets. However, for TSPs, this kind of breaches could be business crippling, as none of their customers can afford to take the risk of being a victim to a TSP breach, especially with recent GDPR and other data security regulations obliging them to ensure proper data protection measurements are in place.
Offering to secure the connected car’s generated dataflow is a business imperative and a competitive advantage
When the telematics data TSPs run for their clients is infiltrated, their customers will no longer trust their services and will turn towards the competitors, whose security reputation remains upstanding. That’s why it is imperative for TSPs to catch up with recent security risks that come with managing the connected car and the fleet, to constantly work towards reducing them in order to protect their business.
TSPs need to ensure data security now, before their business suffers irreparable harm.
The “mere” gathering, storing and managing customers’ telematics is no longer a top selling point; securing it is. And this could be seen as an opportunity for TSPs to jump on the data security ‘bandwagon’ and offer best-in-class security for the data they run for their clients.
Connected car security for TSPs
At the end of the day, it is up to the telematics service providers to ensure their telematics data, communication, and backend servers belonging to their connected car customers is secure. Upstream Security supports TSPs in securing their data flow by using Artificial Intelligence and Machine Learning technologies to analyze the data traffic across the entire connected-car ecosystem.
By creating a thorough analysis of the data flow coming in and out of the connected car, Upstream can identify if and where exactly any suspicious activity or leakage of information had taken place in the communication flow, allowing an immediate proactive action to minimize the consequences in real-time.
Upstream’s 2023 Global Automotive Cybersecurity Report
API Security Needs to be Integral in Automotive Threat Analysis and Risk Assesment
APIs enable the opportunity to innovate and improve services in the connected vehicle and smart mobility ecosystem. APIs are widely used in advanced features, services…Read more
NHTSA Updates US Cybersecurity Guidelines for Vehicles
Connected and software-defined vehicles technologies are on the rise, offering customers a better user experience, and introducing new monetization strategies for OEMs. Given the rising…Read more
Upstream Partners with Salesforce, Putting Connected Vehicle Data in Motion
The automotive industry is undergoing a massive transformation, building new revenue streams and business opportunities. Connected vehicle and smart mobility data are at the core…Read more
Securing Smart Mobility Requires a Fresh Approach to API Security
Connected vehicles and smart mobility services use numerous APIs. Everything from OEM-driven companion apps, infotainment systems, OTA servers, telematics servers, and EV charging management or…Read more