Telematics hacking: three things to know
Jamming and Identity Theft May Be Your Biggest Threats
If you haven't heard the terms "jamming" and "spoofing" in connection with trucking telematics before, you are not alone, as both are very rare forms of telematics hacking in the United States.
Still, Guy Buesnel, product manager for the positioning and navigation business unit at Spirent Communications, warns that such activity has occurred in overseas freight markets and could potentially make it here in the United States. United.
“GPS jamming is very common these days, and jamming equipment is readily available and very inexpensive,” he told the Fleet Owner. “We know that criminals are starting to use jammers to commit crimes. For example, in Italy, gangs target scrap shipments. They hijack a truck, force the driver to stop, hold him captive, then use a GPS jammer so the cargo can't be tracked as they leave with it. "
One of the more "insidious" effects of GPS jamming in Buesnel's estimate is that as a jammer approaches a receiver, the receiver can start transmitting dangerously misleading information such as incorrect information. on position and time.
“Without understanding how your receiver behaves in the face of jamming and impersonation attacks, you are taking a very big risk by trusting the data it generates,” he explained.
Identity theft, however, is "a bit trickier" to carry out, Buesnel said, because identity theft is actually "faking" a GPS signal.
“So far, there is no example where someone has spoofed by simulating a satellite signal,” he explained. "However, we know that identity theft will be a real threat as criminals are already digging into application software and tampering with GPS coordinates."
For fleets, Buesnel believes identity theft will become a real threat to navigation, positioning and timing systems.
“To deal with this, you need to know how robust your equipment is today and be prepared,” he said. “And you can only do that if you assess your risks, then test your equipment against current and future trends.”
It also includes close monitoring of the construction of a trucking company's information technology (IT) network.
"With fleet networks, the focus is often on the aspects of trucking and delivery, and too often the IT components (servers, routers, firewalls, etc.) are not necessarily taken seriously", Buesnel noted.
“But people can access networks and start manipulating data, which can impact delivery times, for example,” he explained. "You can easily fix this problem by looking at what you are building and determining how to properly secure it."
Cyber security is also becoming a bigger concern in the U.S. business community, according to the 2015 Business Risk Survey conducted by insurance broker The Graham Company.
The company surveyed 300 senior U.S. professionals and found that cybersecurity retained the highest proportion of "business risk," with 21% of respondents rating it as the number one threat they were most concerned about.
The survey also found that almost half of respondents felt a 'significant level' of cyber risk in the following scenarios:
A hacking incident leading to the theft of customer information
Inability to use the organization's network
Theft of employee private information
Intellectual property theft
Inability to access the organization's website
“In the modern business environment where everything is interconnected, the potential threats a business faces are immense,” noted Ken Ewell, President and COO of The Graham Company. "This complexity of risk has caused many business leaders to feel overwhelmed and unknowingly expose their businesses to risks that threaten their bottom line."
This is one of the reasons Spirent's Buesnel believes that IT security on the “back-end” of a road haulier's network “is vital, because someone just needs to do the wrong thing once” and the malware is installed in the carrier's computer system.
“At this point, a hacker now has full access to your network, including delivery schedules, credit card payments, customer lists, etc.,” Buesnel warned. "All of this data can be recovered very easily if the backbone IT network supporting the fleet is not secure."
It's also a good idea not to trust too much out-of-the-box “firewalls” designed to protect computer networks from hacking, he said.
“Businesses often buy a firewall, but they don't always take the time to think, 'What does it really mean that I bought a firewall? », Buesnel pointed out.
“Is it configured correctly? Have I purchased the correct license for this? Will it really provide the protection I'm looking for? This also applies to antivirus, ”he added. “In testing Spirent, we saw well-known products that are only 44% effective in blocking attacks. Just because you buy a firewall doesn't mean you're automatically secure. "
