4,652
edits
Changes
mLine 1:
Line 1: + + + + + + + Line 32:
Line 39: − + + + + Line 50:
Line 60: + + Line 57:
Line 69: + + + Line 82:
Line 97: − + − + + Line 94:
Line 110: − +
Text replacement - "Bluetooth(?!®)" to "Bluetooth®"
==Disclaimer==
[[File:Alert.png|left|link=]] <br> If you are not using Bluetooth®, '''please consider turning it off''' or '''change Bluetooth® PIN''' to remove potential risks.
If you are using Bluetooth® we strongly recommend '''using AES encryption''' for enhanced security.
==Solution description==
==Solution description==
GPS trackers provide valuable data for business efficiency and secure vehicles against thefts. At the same time, the tracking devices can be stolen with a purpose to sell them, sabotaged by reconfiguring with fault parameters, or hacked to steal sensitive data. To prevent unauthorized access to the trackers, it is necessary to have additional security measures for logging in through all possible devices. When a login fails, the user is denied access and trackers remain safe.
GPS trackers provide valuable data for business efficiency and secure vehicles against thefts. At the same time, the tracking devices can be stolen with a purpose to sell them, sabotaged by reconfiguring with fault parameters, or hacked to steal sensitive data. To prevent unauthorized access to the trackers, it is necessary to have additional security measures for logging in through all possible devices. When a login fails, the user is denied access and trackers remain safe.
====2.1. Set up Keyword:====
====2.1. Set up Keyword:====
[[File:Sey up keyword.gif|alt=|frame|Set up keyword]]
[[File:Sey up keyword.gif|alt=|thumb|365x365px|Set up keyword]]
Configuration security keyword can be set to configurator. Keyword can be saved in configuration file (.cfg), so there is no need to connect the device to the configurator to configure the keyword. Minimum keyword length is 4 symbols and maximum length is 10 symbols. Only uppercase and lowercase letters and numbers are supported. Keyword can be configured to .cfg configuration file when the device is not connected.
Configuration security keyword can be set to configurator. Keyword can be saved in configuration file (.cfg), so there is no need to connect the device to the configurator to configure the keyword. Minimum keyword length is 4 symbols and maximum length is 10 symbols. Only uppercase and lowercase letters and numbers are supported. Keyword can be configured to .cfg configuration file when the device is not connected.
It can be changed via USB and also via SMS.
It can be changed via USB and also via SMS.
This command will emove existing keyword. If device is locked, keyword cannot be changed.
This command will emove existing keyword. If device is locked, keyword cannot be changed.
====2.2. SMS security:====
====2.2. SMS security:====
[[File:Set up SMS security.gif|alt=|thumb|365x365px|Set up sms secutiry]]
[[File:Set up SMS security.gif|alt=|thumb|365x365px|Set up sms secutiry]]
Phone numbers have to be written in international standard, using "+" is optional but not necessary (in both cases number will be recognized, but when number is without "+" symbol, IDD Prefix will not be generated, which depends on location of the phone). If no numbers are entered, configuration and sending commands over SMS are allowed from all GSM numbers.
Phone numbers have to be written in international standard, using "+" is optional but not necessary (in both cases number will be recognized, but when number is without "+" symbol, IDD Prefix will not be generated, which depends on location of the phone). If no numbers are entered, configuration and sending commands over SMS are allowed from all GSM numbers.
* at least 8 characters
* at least 8 characters
====2.5 BLE STANDARD AES-128====
====2.5 BLE STANDARD AES-128====
[[File:BLE_STANDARD_AES-128.gif|alt=|thumb|365x365px]]
[[File:BLE Standart AES-128.gif|alt=|thumb|365x365px|BLE standart AES-128]]
Since this version '''03.27.07''' there has been an implementation of BLE transferred data encryption with '''AES128 cipher'''. In '''Bluetooth 4.0 tab''' under '''Settings''' there is a field for a '''AES128 key'''. Which if left empty, the BLE outgoing data will not be ciphered and incoming data will not be decoded. AES128 key field settings showed below.
Since this version '''03.27.07''' there has been an implementation of BLE transferred data encryption with '''AES128 cipher'''. In '''Bluetooth® 4.0 tab''' under '''Settings''' there is a field for a '''AES128 key'''. Which if left empty, the BLE outgoing data will not be ciphered and incoming data will not be decoded. AES128 key field settings showed below.
If a key is present the outgoing data will be ciphered by the configured key and incoming data will be deciphered. The '''AES128 key''' must be in '''HEX format with a length of 16 bytes'''. As an example 11223344556677889900AABBCCDDEEFF is used.
If a key is present the outgoing data will be ciphered by the configured key and incoming data will be deciphered. The '''AES128 key''' must be in '''HEX format with a length of 16 bytes'''. As an example 11223344556677889900AABBCCDDEEFF is used.
==SECURE CONNECTION TO SERVER (TLS)==
==SECURE CONNECTION TO SERVER (TLS)==
[[File:Tls option.gif|alt=|thumb|365x365px|Secure connection to server]]
[[File:Tls option.gif|alt=|thumb|365x365px|TLS]]
In 03.27.07 base firmware version, Transport Layer Security TLS functionality has been updated and implemented for Teltonika GPS device series FMB0YX, FMB9X0, FMB1YX, FMU1YX, FMM1YX, FMC1YX, FMB2YX, and the model FMT100.
In 03.27.07 base firmware version, Transport Layer Security TLS functionality has been updated and implemented for Teltonika GPS device series FMB0YX, FMB9X0, FMB1YX, FMU1YX, FMM1YX, FMC1YX, FMB2YX, and the model FMT100.
TLS is a cryptographic protocol that provides end-to-end security of data sent between server and tracker.
TLS is a cryptographic protocol that provides end-to-end security of data sent between server and tracker.