TELEMATICS systems in modern vehicles (like most IoT devices) are not immune from cybercriminal attacks, but choosing your tracking device carefully can make a difference when it comes to your vulnerability.

With technology changing at such a rapid pace what used to be cutting edge three years ago is now already considered old technology. Processing capacity is more than doubling every 18 months. So, if you wouldn’t use an old cell phone why would you have an outdated telematics tracking device in your car? Tracking devices today have evolved to much more than just location alerts in times of trouble.

Wahl Bartmann, chief executive of Fidelity Services Group, says it is encouraging to see how far telematics communications technology has changed – evolving from a low-density radio frequency in the 1930s to GSM in the late 1990s to IoT (Internet-ofThings) networks in the late 2010s, and recently as an integrated lifestyle service that complements your needs and offers features previously seen in separate applications, services and devices.

Cyber security is a key aspect in today’s modern tracking systems and is one of the key reasons that Fidelity has partnered with Amber Connect, a technology leader in telematics to offer the Fidelity SecureDrive vehicle tracking system.

When it comes to cyberattacks there are at least three points of attack. The first is the end-user device, the second is the collection point for the device’s data and thirdly the portal/ mobile app that displays the data.

South Africans often consider themselves invulnerable to cyberattacks however it’s because of this mindset that criminals are increasingly targeting South Africa in these attacks according to Bartmann.

He says to protect against such attacks, telematics devices and modern communication networks send secure data to the servers through their own encrypted protocols. “The most likely point of attack is the web portal/mobile application,” he explains. “Attackers leverage common application attack tools and techniques, including social engineering, password brute-forcing and other ways of doing so, to access information.” He adds that SecureDrive’s systems are designed with end-to-end encryptions and are provisioned with many security layers to prevent just such an attack and to future proof these devices through continued improvement of the backend technologies.

“We use highly secure end-point devices, a secure collection service and have implemented several safeguards to protect the customer portal and mobile application. The system also has a user management feature that allows only an authenticated user to access their own information,” he says.

Commenting on the type of information cybercriminals look for, he says this is personal identifiable information supplied by the user, typically driver and location information.

If accessed by cybercriminals, this can provide criminals with a wealth of information, particularly if it is coupled with a positive identity of the person or persons in the vehicle as well as vehicle location and driver habits. “Not only can it be used for blackmail, but also real-time avoidance of law enforcement, kidnapping and home invasion,” Bartmann says.

He says it is very important to select a device from a service provider who is not only aware of the security posture of each “link” in the solution chain but has taken proactive steps to ensure that these links are secure from unauthorised use and tampering.

“Your service provider should have active monitoring in place to identify any attempts at unauthorised access, suspicious behaviour and technical security controls. It is worth asking to see the cybersecurity solution overview for the service provider you choose.”