Telematics Hacking: Three Things You Need to Know
If you haven't heard the terms "jamming" and "spoofing" in relation to trucking telematics before, you're not alone, as both are very rare forms of telematics hacking in the United States.
Still, Guy Buesnel, product manager for the positioning and navigation business unit at Spirent Communications, warns that such activity has happened in overseas freight markets and could eventually make its way here to the United States. United.
“GPS jamming is very common right now, and jamming equipment is easy to get hold of and very inexpensive,” he told the Fleet Owner. “We know that criminals are starting to use jammers to commit crimes. For example, in Italy gangs are targeting scrap metal shipments. They hijack a truck, force the driver to stop, hold him captive, then use a GPS jammer so the cargo can't be tracked while they drive off. "
One of the more "insidious" effects of GPS jamming in Buesnel's estimation is that as a jammer gets closer to a receiver, the receiver may begin to emit dangerously misleading information such as incorrect information. on position and time.
"Without understanding how your receiver behaves in the face of jamming and spoofing attacks, you are taking a very big risk by trusting the data it produces," he explained.
Spoofing, however, is "a little trickier" to conduct, Buesnel said, because spoofing is actually "simulating" a GPS signal.
“So far, there is no instance where someone has spoofed by simulating a satellite signal,” he explained. “However, we know identity theft will be a real threat as criminals are already dabbling in application software and falsifying GPS coordinates.”
For fleets, Buesnel believes that identity theft will become a real threat to navigation, positioning and timing systems.
“To deal with it, you need to know how tough your gear is today and be prepared,” he stressed. “And you can only do that if you assess your risks and then test your equipment against current and future trends.”
This also includes closely monitoring the construction of a trucking company's information technology (IT) network.
“With fleet networks, the focus is often on the trucking and delivery aspects, and too often the IT components (servers, routers, firewalls, etc.) aren't necessarily taken seriously,” noted Buesnel.
“But people can access networks and start manipulating data, which can impact delivery schedules, for example,” he explained. "You can easily solve this problem by looking at what you're building and determining how to properly secure it."
Cybersecurity is also becoming a bigger concern in the US business community, according to the 2015 Business Risk Survey conducted by insurance broker The Graham Company.
The company surveyed 300 senior US professionals and found that cybersecurity retained the highest proportion of “business risk,” with 21% of respondents naming it the top threat they were most concerned about.
The survey also revealed that nearly half of respondents felt a “significant level” of cyber risk in the following scenarios:
A hacking incident leading to the theft of customer information Inability to use the organization's network Theft of employees' private information Theft of intellectual property Inability to access the organization's website
“In the modern business environment where everything is interconnected, the potential threats facing a business are immense,” noted Ken Ewell, President and Chief Operating Officer of The Graham Company. “This risk complexity has caused many business leaders to feel overwhelmed and unknowingly expose their businesses to risks that threaten their bottom line.”
This is one of the reasons why Spirent's Buesnel believes that IT security on the "back-end" of a motor carrier's network "is vital because it only takes someone doing the wrong thing once" and malware is installed in the carrier's computer system.
“At this point, a hacker now has full access to your network, including delivery schedules, credit card payments, customer lists, etc.,” Buesnel warned. “All of this data can be recovered very easily if the backbone computer network supporting the fleet is not secure.”
It's also a good idea not to put too much faith in off-the-shelf "firewalls" designed to protect computer networks from hacking, he pointed out.
“Companies often buy a firewall, but they don't always take the time to think, 'What does it really mean that I bought a firewall? “, Underlined Buesnel.
“Is it configured correctly? Did I buy the right license for this? Will it actually provide the protection I'm looking for? This goes for antivirus too,” he added. “When testing Spirent, we saw well-known products that are only 44% effective in blocking attacks. Just because you buy a firewall doesn't mean you're automatically secure. »