Huge Risk – Fraud in the Smart Mobility Space


VP Innovation

Much has been said about the threat cyber attacks pose to connected cars, however, there are other significant risks for companies using such vehicles. Many businesses in the automotive industry rely on the new technologies introduced by connected cars and the smart mobility world as their main way to operate. Such businesses include car rental agencies, car leasing companies, and the expanding realm of car sharing companies. Mobile apps enable these companies to operate as they do today, providing modern services, and together with data gathered by connected cars they can track and monitor their vehicle fleets. While these innovations are very beneficial to businesses, they also entail the risks of fraud and misuse which can have a grave impact.

The first danger lurking in car sharing mobile apps is identity theft by hackers who penetrate the real users’ mobile devices. Mobile malware is constantly evolving and infect an ever-increasing number of users. These nefarious threats can completely compromise a mobile device and steal all credentials stored on it, or target a specific app, including car apps, as a Kaspersky research demonstrated all too well. From the moment an attacker obtained your credentials to a car-sharing app or breached it, he can use your account as if it was his own and inflict serious fraud damages upon the car sharing company.

Attackers can also use fake identities to register for Car on Demand services just like they do with any other credit card fraud. With identity leakage incidents like the Equifax breach and a record increase of data breaches in the US in general, hackers can pick whichever stolen identity which suits them from the millions sold on the black market for pennies, and use it to make unauthorized car rides on the victim’s behalf. With card-not-present frauds on the rise, there’s no reason to suspect they will not affect the automotive industry as well.

The new technologies of the smart mobility world also provide an opportunity for car rental agencies to fight misuse better than ever before. An example of a common misuse is rental cars used for taxi services such as Uber and Lyft, which strictly violate the car rental terms of service, or drivers driving recklessly and disregarding the rented vehicle’s integrity. While in the past rental agencies had no way of monitoring and enforcing their fleet’s policies, the data gathered by connected cars can be used to their advantage, if analyzed properly.

We at Upstream, can not only protect your fleet against cyber-threats but also provide you with advanced machine learning and big data analytics which will help you prevent such cases of fraud and misuse. Our solution is cloud-based, non-intrusive and uses data your fleet is already collecting. By constantly monitoring vehicle and driver behaviors, we can detect anomalies in the patterns and alert the fleet manager about any fraud attempt or misuse by one of the drivers. In the world of connected cars, fleet and IT managers should take care of their fleets’ security and prevent frauds, just like they tend to the vehicles physical conditions.

Newsletter Icon

to our newsletter

Sign up to receive updates delivered to your inbox

Upstream’s 1000th Automotive Cybersecurity Incident: Use NFC Card to Gain Control in 130 Seconds

As a part of Upstream’s ongoing effort to monitor, analyze and assess the impact of automotive-related cybersecurity incidents and vulnerabilities, we recently marked an important…

Read more

Charging Station’s Cybersecurity Risks Endanger EV Adoption

Automakers and consumers are experiencing a breakthrough in electronic vehicle (EV) adoptability. Wide-spread easily accessible charging station networks are quelling range anxiety and replacing it…

Read more

Protecting Vehicles Requires a Fresh Outlook on Product Cybersecurity

Cybersecurity is an ever-transforming realm. As vehicles become significantly more connected, the threat landscape increases exponentially. In the race between threat actors and security teams,…

Read more

Cybersecurity for Connected Vehicles: From Cost Centre to Value Centre (Part 2)

This blog is part of a series on the monetization of connected vehicles through cloud-based agentless cybersecurity tools, written by Ric Vicari, Upstream’s UK-based VP…

Read more