was underway, someone asked me if we’d xoxoxoxo ever see the world’s vehicle fleets brought to a standstill by cybercriminals. Personally, I don’t believe so. The sheer effort and skill FURTHER INFORMATION required to control a vehicle remotely, and xxx lack of any material reward for doing so, the means this is still the stuff of science fiction. But I thought this would be a good opportunity to make some recommendations to help every business enjoy the transformational benefits of vehicle telematics safely, securely and to maintain public trust in the industry.
Inside OBD-II telematics Today’s most advanced telematics devices attach to the vehicle’s OBD-II port, from where they capture rich and detailed real-time vehicle information. These devices are also designed to receive data like firmware updates (the internal software that makes the device work). And whereas a solution like O2 Smart Vehicle applies robust security measures to make sure only legitimate firmware is installed, not every product is so well protected. It’s technically possible for malicious firmware to transmit telematics data to an unauthorised third party. And in theory, malicious code on an OBD-II device could give the cyber criminals access to a vehicle’s engine management systems. Simple steps to keep safe It’s a fact that ‘ethical hackers’ have found security weaknesses on a small handful of OBD-II devices. But when I read about these incidents, it’s hard not to feel frustrated that the manufacturers and developers have left basic security loopholes open. Loopholes that could potentially tarnish not just the brand in question, but cloud the perception of all OBD-II telematics devices in the minds of our customers and users. So here are my tips for making sure your OBD-II devices really do add value to your business and your fleet – and don’t carry hidden security risks.
manufactures your devices It should be transparent who your telematics partner uses to manufacture their devices. Without this information, they themselves may be unable to guarantee the security of the devices they sell you. Or it could take them longer to react to threats and risks if they don’t have direct control over their brand’s hardware and software security.
2. Make sure data is encrypted as it’s sent across the network Give yourself the added protection of ensuring that data transmitted by your telematics devices is encrypted. Your network carrier will provide protection for the data they carry, but encryption will add an extra layer of security to protect your data if the network’s traffic gets intercepted. 3. Check firmware is signed to prevent unauthorised code changes This one’s really important! Firmware is the brain of your OBD-II telematics device – dictating everything from what data is captured to where it’s sent. Making sure every firmware update is signed with a digital signature will prove that updates come from a trusted source. 4. Make sure you have security documentation for hardware, software, servers and connectivity – as well as for your employees Your telematics provider should be happy to demonstrate their commitment to keeping your data secure. Ask them to provide details on the security measures they take to protect your data. Expect to see robust plans for the mitigation and recovery measures they’d take in the event of a security incident.
Firmware is the brain of your OBD-II telematics device – dictating everything from what data is captured to where it’s sent
Darryll Finch
Written by Advertisement Feature
Udae nonsend facepro et et, sed device led to Customers andicidisquid providersquam wouldelisimincim both lose out if a telematics quodi blaborum ut molorem aut ationse nos eumque laboribusbetween a major security breach. Here’s a timely look at the relationship et quoditiat dolo qui de volecab orerisqui nitibusdae nullacianti telematics and security, plus some advice on how to stay safe rest, sitiatis ut idem quodi consequat facimagnime pernatemquae nimus earibus, tem ipsaest moluptatium essure netyou et know who As the recent worldwide ransomware attack 1. Make
Industry Comment ADVERTORIAL
Is telematics 800 WORD EDIT device security HEADLINE HERE fundamental to every AS TIGHT survival? provider’s AS POSS
Darryll Finch, Smart Vehicle Product Owner, O2 As solution specialist for O2 Smart Vehicle, which is powered by Geotab, Darryll is passionate about the ever-evolving possibilities of vehicle telematics. Darryll has worked with fleet telematics for over 20 years. 5. Establish a mitigation strategy so you’re covered if the worst occurs Make sure your telematics system itself contains as little personal information as possible in the unlikely event a cybercriminal infiltrated your telematics platform. For example, don’t store passwords in the system itself. Choosing to working with the most trusted and reputable brands will give you added reassurance. O2’s vehicle telematics partner Geotab, for example, is the world’s leading telematics provider, with over 700,000 devices active worldwide today. If you’d like to chat through any concerns you may have about your existing telematics provider, me and my team will be happy to help. ! FURTHER INFORMATION Contact us at O2smartvehicle@o2.com
Volume 104 | GREENFLEET MAGAZINE
25