igor - Fotolia
My company uses devices to provide telematics information to manage a fleet of vehicles. I found out these devices may not authenticate SMS messages. What is the best way to build a layer of defense around telematics information?
It's likely your company has been using CalAmp LMU-3030 series products to provide vehicle tracking devices. They include an SMS interface on both code division multiple access (CDMA) and Global System for Mobile communication (GSM) versions.
Managers of fleets of vehicles rely on SMS messages for telematics information on road transportation, road safety, sensor outputs and vehicle maintenance history. For example, vehicles carrying temperature-sensitive drugs and food have their temperatures tracked. The company must meet regulatory compliance on quality assurance and delivery requirements.
Unfortunately, SMS messages, by default, are not password-protected; in fact, the National Institute of Standards and Technology last year recommended that SMS authentication as a second factor be deprecated.
In this case, an attacker could dial in without entering a password. Getting the phone number of the CalAmp is easy with an international mobile subscriber identity (IMSI) catcher. This is a telephony eavesdropping device used to identify users in network traffic. For GSM (and LTE networks), the phone number is provisioned in the SIM card. CDMA2000 is an analogue to a SIM card for GSM.
This password vulnerability can enable the attacker to send administrative commands to the CalAmp device. The attacker could remotely update the firmware with malicious code that could affect the controller area network bus of the vehicle. Fake IP addresses could be configured, firewall rules could be changed and passwords could be created to block the victims.
A malicious SMS message, for example, would show wrong routes, incorrect speeding data, tainted fuel consumption data and confusing maintenance history. The victim would get an alert that a driver who always wears a safety belt was not wearing it while driving. Mechanics would get engine codes to fix the wrong problem.
To build a layer of defense around telematics information, the company should:
- have password protection or disable the SMS interface;
- upgrade to the latest firmware from CalAmp; and
- work with a service provider or systems integrator in complex supply chains to make these changes.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Find out how secure cellular data transmission actually is
Discover whether or not SMS two-factor authentication is really good enough for enterprises
Learn how the internet of things and telematics pose new opportunities for insurers
Dig Deeper on Two-factor and multifactor authentication strategies
Related Q&A from Judith Myerson
The Constrained Application Protocol underpins IoT networks. But the protocol could allow a threat actor to launch an attack. Continue Reading
Dutch researchers discovered flaws in ATA security and TCG Opal affecting self-encrypting drives. What steps can you take to guard data stored on ... Continue Reading
The Signal Desktop application was found to be making decryption keys available in plaintext. Learn how the SQLite database and plaintext passwords ... Continue Reading