With the advance of technology, vehicles have become more advanced and connected. From GPS and Wi-Fi to telematics and other numerous sensors, vehicles have transformed from mechanical devices to computers on wheels. With dozens of ECUs (Electronic Control Units) and over 100M lines of code, vehicles are a complex network of computers on the move, generating vast amounts of data exponentially and providing many attack surfaces. This increased connectivity has brought a new range of threats that can put both drivers and fleet managers at risk. Protecting fleets is even a greater challenge… With many vehicle types, models, and brands, multiple third-party applications and devices, and multiple connectivity channels, fleets face increased challenges of vulnerability, operational complexity, and regulatory compliance. Fleet vehicles often drive more miles than other vehicles, interact with more service providers, fuel up at more fueling stations, are serviced at more garages, and park in more overnight parking lots. Each of these aspects, inherent to most fleet business operations, introduces a potential point of entry for bad actors.
Emerging Threats in Vehicles
As vehicles become more connected, they also become more vulnerable to cyber attacks. Hackers can take advantage of weaknesses in the vehicle’s network to gain access to sensitive data or even take control of the vehicle remotely! These attacks can have severe consequences, from stealing personal information to causing accidents and fatalities.
In an article published in January 2023, the Daily Swig online magazine reported that “The web applications and APIs of major car manufacturers, telematics (vehicle tracking and logging technology) vendors, and fleet operators were riddled with security holes, security researchers warn”, this was led by security researcher Sam Curry, who “laid out vulnerabilities that run the gamut from information theft to account takeover, remote code execution (RCE), and even hijacking physical commands such as starting and stopping the engines of cars.”
In January 2022, a 19-years old cyber expert named David Colombo made the buzz by revealing his findings: he was able to hack more than 25 Tesla cars around the world, after discovering a vulnerability in an app installed in some Tesla vehicles. As he reported in his blog, he “was able to run remote commands such as “disable Sentry Mode”, “unlock the doors”, “open the windows” and even “start Keyless Driving” – and he added that “Someone with malicious intent could even steal the car.” This story had a happy ending and Tesla fixed the issue rapidly, but we can imagine what could have happened if someone with bad intentions had discovered this vulnerability.
3 years before, in 2019, researchers were able to hack into a Tesla Model S and manipulate the car’s brakes while it was driving at high speed!
These incidents demonstrate the importance of cybersecurity in the automotive industry. Vehicle manufacturers must work to address these vulnerabilities and fleet managers have a crucial role to play ensuring the safety and security of their vehicles.
The Role of Fleet Managers in Cybersecurity
Fleet managers have a responsibility to ensure that their vehicles are secure and protected from cyber attacks. This responsibility becomes crucial as fleet managers equip their fleets with add-on devices, such as telematics and other sensors, to address their needs for supervision, planning, reporting, and connectivity.
Fleet managers must take proactive measures to protect their vehicles, their drivers and their cargo from emerging threats. This includes implementing robust security measures, such as a system that is able to detect network anomalies and intrusions, vehicle tampering or unauthorized device addition to the vehicle.
Furthermore, fleet managers should educate their drivers on the importance of cybersecurity and provide training on how to identify and report any suspicious activity. Drivers must be aware of the risks of using unsecured Wi-Fi networks or plugging in unauthorized devices, as these actions can compromise the security of the vehicle.
As vehicles become more connected, the need for cybersecurity in the automotive industry becomes increasingly critical. Fleet managers must take proactive measures to protect their vehicles and drivers from emerging threats. It is not only the responsibility of the vehicle manufacturer (who is obligated to follow regulations) to provide a solution, but it is also the responsibility of fleet managers to ensure that their vehicles are secure and protected from cyber attacks once they equip them with connected devices.
By implementing robust security measures and adequate detection tools, regularly updating vehicle software and firmware, and educating drivers on the importance of cybersecurity, fleet managers can help protect their fleet from cyber threats and ensure the safety and security of their drivers and cargo.
Knowing that the automotive industry is the 3rd most targeted industry by hackers emphasizes the need to invest in cybersecurity at the forefront, to prevent severe damage later.
The future of safe transportation requires fleet managers to keep their most valuable assets truly secure. These careful managers who want to maintain an always operational fleet should take this smart move now.