TRACKER’S SECURITY

From Teltonika Telematics Wiki
Main Page > General Information > Usage scenarios > TRACKER’S SECURITY


Introduction

GPS trackers provide valuable data for business efficiency and secure vehicles against thefts. At the same time, the tracking devices can be stolen with a purpose to sell them, sabotaged by reconfiguring with fault parameters, or hacked to steal sensitive data. To prevent unauthorized access to the trackers, it is necessary to have additional security measures for logging in through all possible devices. When a login fails, the user is denied access and trackers remain safe.

Solution description

This solution details the settings and features to keep your device safe.

CONFIGURATOR KEYWORD

Configuration security keyword can be set to configurator. Keyword can be saved in configuration file (.cfg), so there is no need to connect the device to the configurator to configure the keyword. Minimum keyword length is 4 symbols and maximum length is 10 symbols. Only uppercase and lowercase letters and numbers are supported. Keyword can be configured to .cfg configuration file when the device is not connected.

SMS SECURITY

11 Essential fields in SMS/Call settings are Login and Password. The login and password are used with every SMS sent to FMB125. If login and password are not set, in every SMS sent to FMB125 device two spaces before command have to be used (<space><space><command>). Command structure with set login and password: <login><space><password><space><command>, for example: "asd 123 getgps" Phone numbers have to be written in international standard, using "+" is optional but not necessary (in both cases number will be recognized, but when number is without "+" symbol, IDD Prefix will not be generated, which depends on location of the phone). If no numbers are entered, configuration and sending commands over SMS are allowed from all GSM numbers.

FMBT APP

By using Teltonika FMBT application on smartphones and filling up a pin for pairing with a tracker or adding your device to configurator authorized devices MAC list you can get: • Device name, IMEI and firmware version • Current status • GNSS Status, coordinates and satellite info • GSM Status, Record, Data packet and SMS counts, AVL server socket status • I/O element status

FOTA WEB

To upgrade firmware or make configuration changes, you need to fill up a login and password in your browser that uses HTTPS protocol. The user creates a password on his own. Make sure to follow the mentioned comments to save the password successfully. Password must contain: • at least one uppercase letter • at least one lowercase letter • at least 8 characters

BLE STANDARD AES-128

Since this version 03.27.07 there has been an implementation of BLE transferred data encryption with AES128 cipher. In Bluetooth 4.0 tab under Settings there is a field for a AES128 key. Which if left empty, the BLE outgoing data will not be ciphered and incoming data will not be decoded. AES128 key field settings showed below.

If a key is present the outgoing data will be ciphered by the configured key and incoming data will be deciphered. The AES128 key must be in HEX format with a length of 16 bytes. As an example 11223344556677889900AABBCCDDEEFF is used.

SECURE CONNECTION TO SERVER (TLS)

Going further, as of 03.27.07 base firmware version, Transport Layer Security TLS functionality has been updated and implemented for Teltonika GPS device series FMB0YX, FMB9X0, FMB1YX, FMU1YX, FMM1YX, FMC1YX, FMB2YX, and the model FMT100. TLS is a cryptographic protocol that provides end-to-end security of data sent between server and tracker. There are three main components to what the TLS protocol accomplishes: Encryption, Authentication, and Integrity. Encryption: hides the data being transferred from third parties. Authentication: ensures that the parties exchanging information are who they claim to be. Integrity: verifies that the data has not been forged or tampered with. From 03.27.xx firmware version, TLD/DTLS functionality was implemented for FMB0YX, FMB9X0, FMB96X, FMB1YX, FMU1YX, FMM1YX, FMC1YX, FM30XY, FMB2YX, FMT100 device. Note! Currently only TLS encryption functionality is fully implemented, if needed DTLS encryption is possible to implement. Supported versions: 1.1/1.2