Is your car's tracking system vulnerable to cybercriminals?
Tracking systems like anything else in life are not immune from cybercriminal attacks but choosing your device carefully can definitely make a distinct difference.
Do you still have a Nokia 3310 as your telemetry device? Chances are not. With technology changing at such a rapid pace what used to be cutting edge three years ago is now already considered old technology. Processing capacity is more than doubling every 18 months. So if you wouldn’t use an old cell phone why would you have an outdated telematics tracking device in your car? Tracking devices today have evolved to much more than just location alerts in times of trouble.
Wahl Bartmann, CEO of Fidelity Services Group, says it is encouraging to see just how far telematics communications technology has changed – evolving from a low-density radio frequency in the 1930s to GSM in the late 1990s to IoT networks in the late 2010s, and more recently as an integrated lifestyle service that compliments your needs and offers features previously seen in separate applications, services and devices.
Security is a key aspect in today’s modern tracking systems and is one of the key reasons that Fidelity initially partnered with Amber Connect, a world-class technology leader in telematics to offer the Fidelity SecureDrive vehicle tracking system. Due to their user-centric design, Amber was the perfect partner for Fidelity and the two companies worked tirelessly to create a modern and state of the art vehicle telematics solution, designed and tailored, to the unique South African market.
When it comes to cyberattacks there are at least three points of attack. The first is the end-user device, the second is the collection point for the device’s data and thirdly the portal/mobile app that displays the data. South Africans often consider themselves invulnerable to cyberattacks, but because of this mindset, criminals are increasingly targeting South Africa in these attacks. Bartmann says to protect against such attacks the devices and communication networks send secure data to the servers through their own encrypted protocols. “The most likely point of attack is the web portal/mobile application”. Attackers leverage common application attack tools and techniques, including social engineering, password brute-forcing and other ways of doing so, to access information. He explains that SecureDrive’s systems are designed with end-to-end encryptions and are provisioned with many security layers to prevent just such an attack and to future proof these devices through continued improvement of the back-end technologies.
“At SecureDrive, we have chosen highly secure end-point devices, a secure collection service and have implemented several safeguards to protect the customer portal and mobile application. The system also has a user management feature that allows only an authenticated user to access their own information,” he says.
Commenting on the type of information cybercriminals look for, he says this is personal identifiable information supplied by the user, typically driver and location information. If accessed by cybercriminals, this can provide criminals with a wealth of information, particularly if it is coupled with a positive identity of the person or persons in the vehicle as well as vehicle location and driver habits. “Not only can it be used for blackmail, but also real-time avoidance of law enforcement, kidnapping and home invasion,” he says.
Bartmann says it is very important to select a device from a service provider who is not only aware of the security posture of each ‘link’ in the solution chain but has taken proactive steps to ensure that these links are secure from unauthorised use and tampering. He says the service provider should have active monitoring in place to identify any attempts at unauthorised access, suspicious behaviour and technical security controls. “It is worth asking to see the cybersecurity solution overview for whichever service provider you choose,” he concludes.
Other security features to check for:
· Anti-theft technology – for example SecureDrive has an optional feature called Amber Shield that prevents a car from being started based on parameters set by the user. So, for instance, the application could be configured to either sound an alarm on start or to automatically prevent the car from being started between certain hours, within certain locations. Additional features include the ability to configure alarms if the car door is opened.
· Driver behaviour analytics – To alert the driver, for example, when they are exceeding the speed limit, turning too dangerously, driving aggressively or braking too harshly, as well as creating geofenced areas that warn users when they enter these areas. These features assist with creating driver awareness as well as helps prevent issues when children borrow their parent’s vehicles or as a safety measure to warn drivers if they enter an unsafe area.
· Driver alerts, for example, when doors are opened or closed when the vehicle is parked that helps protect against remote jamming and theft from vehicle incidents that are prominent at shopping malls and other public spaces