Secure fleet vehicle management is increasingly critical

Author: Mark Stone

Fleet vehicles, a collection of land-based assets such as cars and trucks, are a growing presence on the road—which means the need for solutions to manage them is growing, too. Secure fleet vehicle management solutions help operators leverage technology to monitor vehicle performance and usage, improve safety and reduce costs.

According to a Consumer Watchdog report, an estimated two-thirds of the cars on American roads will have safety-critical systems connected to the internet by 2022. Because fleet vehicles are also connected to one another, a threat to one could be a threat to all.

What can go wrong?

Much like factory-floor sensors and other Internet of Things (IoT) devices, vehicles connected to a corporate network are vulnerable to an attack.

Several attack scenarios are possible within a connected fleet. With remote access to one vehicle system, attackers can use ransomware to disable an entire fleet. In more extreme circumstances, threat actors could misdirect vehicles' GPS navigation systems to remote locations, where they could later be stolen.

A more likely attack may leverage a connected vehicle as an entry point into a fleet owner's corporate network, creating opportunities to steal financial or personal data.

What repercussions have we seen?

Remotely hijacking fleet vehicles may sound like science fiction, but it's a reality.

In 2015, hackers exposed the vulnerabilities in a Jeep Cherokee, recruiting journalist Andy Greenberg to serve as a volunteer victim as they hijacked the car's entertainment system, air conditioning, windshield wipers, steering, brakes and more—all from a laptop 10 miles away.

Although the attack affected only one vehicle, the men discovered the same security flaw in almost 2,700 cars connected to the same mobile network segment. Their automated attack could have easily compromised the entire fleet.

Later, in 2019, a hacker broke into thousands of accounts belonging to GPS tracking apps, allowing him to track the location of over 20,000 vehicles and even shut off engines while the cars were in motion. In both situations, the hackers were more interested in exposing these security flaws than they were in exploiting them. However, manufacturers, drivers and fleet managers may not always be so fortunate.

Ensuring fleet vehicle security

The gateway to fleet vehicles’ internal network isn't just the infotainment system or GPS device. Wi-Fi connectivity, Bluetooth and telematics can all act as open doors. Safety is the most important concern, but the impact on both business and consumers can also be drastic.

As vehicles become more reliant on technology and fleets on connectivity, the industry must agree that car companies are also in the software business. But fleet operations don't always get the attention required from enterprise cyber security teams. According to a recent Synopsys report, 30% of auto manufacturers lack a product cyber security team or program.

Secure fleet vehicle management relies on a grasp of the expected data flow patterns between a manufacturer's fleet or vehicle models and a back-end computer system.

Fleet vehicle management employees are typically not expected to also be cyber security experts, so finding the right security partner is crucial to protect against remote threats. It may be the company's cyber security team (if it has one), its third-party wireless or internet provider, or a specialized automotive cyber security consultant.

Finally, in the event of an attack, an adequate and tested incident response plan can be the difference between a minor infraction and a disaster.

Learn more about how to track vehicles in the field and improve fleet operations and security with Verizon Connect advanced fleet management software solutions.



Find out how we can help improve your business operations, no matter the size of your fleet.