OBD-II: the secure choice for vehicle telematics

Darryll Finch, Product Owner, O2 Smart Vehicle, powered by Geotab

The benefits of vehicle telematics for fleet and leasing companies are potentially transformational. In fact, today’s advanced telematics solutions offer everything a business needs to create a safer, more productive, efficient and affordable fleet. A prime example is our own telematics solution O2 Smart Vehicle, which has the most comprehensive database of reverse-engineered vehicle diagnostic codes, covering 99% of motor manufacturers.

Busting the security myths

However, you may have come across the view that On-board Diagnostics OBD-II devices are vulnerable to security threats. To my mind, these arguments have little basis in reality – and some of the more extreme examples I’ve seen have come from manufacturers of other types of vehicle telematics systems! But if you follow safe and sensible processes, and choose solutions from reputable brands, you’ll have every reason to feel confident that your OBD-II telematics platform is safe from threats. And your telematics solution will become the engine of efficiency and competitive advantage you expected.

Ask the right questions

If you’re concerned about OBD-II device security, these recommendations will help you choose a safe solution. Use them as a security check list in your vehicle telematics RFP; or ask your existing provider if their solution aligns to these procedures.

  1. Make sure your connections are secure. Check your chosen device uses authentication to make sure data received and transmitted between your OBD-II devices and your management platform is what they think it is. This will prevent your OBD-II devices receiving malicious instructions from unauthorised parties.
  2. Make sure updates are digitally signed. Often, the most serious attacks on embedded systems, like those in OBD-II devices, require the injection of a malicious application or firmware image. Signing application updates allows devices to verify that any update comes from a trusted source.
  3. Individualise security-critical data. Don’t create unnecessary risk by using the same encryption keys and tokens for multiple OBD-II devices. Check that yours are unique for each individual device.
  4. Monitor metadata. Your OBD-II devices transmit debug information that can act as an early warning system that something’s not right – and that your vehicle telematics devices are under attack. Actively looking for errors or trends in this data helps you prevent an attack.
  5. Foster a security culture. Make sure your people – most importantly your telematics platform operators, developers and technical support staff – are routinely trained and tested in secure ways of working, for example always using strong passwords.

Make your provider earn your trust

It’s a good idea to make sure you know the provenance of your OBD-II devices, for example by working with an established brand like O2. Our telematics solution O2 Smart Vehicle is powered by Geotab, who already have over 700,000 telematics devices installed worldwide.

And from a broader security point of view, our CAS(T) and ISO 27001 certification both provide evidence that we apply the very highest standard of security protection to our customers’ data.

Learn more about O2 Smart Vehicle >>