June 9, 2020
Why should you protect your business from burglary? Browse the news, and you’ll find many reports that crime rates have dropped around the world amid the coronavirus pandemic. And, indeed,...
Car dealership security is a niche that was recently thrust into the spotlight due to cars being hacked. In 2014, the latest year fully available, the FBI recorded 689,527 motor vehicle thefts – about 216 per 100,000 inhabitants in a city and totaling $4.5 billion in stolen vehicles. But before we get too technical in car security, let’s look at a few ways that will lock down your car dealership.
The first tip is simple: do not block line of sight. Ensure landscaping at your dealership allows for good line of sight throughout the lot, especially from the showroom floor. Maintain and trim shrubbery and trees lest thieves use them to hide. Both outside lots and the showroom should be constantly well-lit with bright lights.
Towing can be a serious problem for cars at the edge of lots, and near roads. Simple ways to prevent towing are turning the steering wheel to an extreme side and engaging the parking brake. Doing both makes towing much harder, as the car will likely be damaged in an attempted tow, making it near-worthless to the thief. Or, install a fence – possibly even electric – to prevent both towing and after-hours lurkers. An electric fence can also tie in to the alarm system, alerting you if the fence is activated or when cut.
During the day, spike strips or bollards can be retracted, allowing access in and out of the dealership. After-hours, however, they can be raised to prevent cars from being taken off the lot without severe damage. This is best used in conjunction with fences or walls, forming a secured entry point.
A flesh-and-blood guard is limited by how fast the person can walk. Virtual guards are limited only by what the installed cameras can see. A perimeter sweep can be completed in seconds rather than tens of minutes, allowing a remote guard monitoring the cameras to call a problem in much faster. These guard stations are usually manned 24/7, allowing for far more coverage than physical guards can provide. Plus, using two-way audio, the guard can issue a verbal warning to any intruders even while they are at a remote command center. A physical guard can’t be everywhere at once, but a virtual security officer can.
A chain, the saying goes, is only as good as its weakest link. Screen employees thoroughly before hiring. There’s not much to stop an inside job if an employee is working with a thief, but a full background check can certainly help. Train employees to watch out for common tactics, such as leaving a door deliberately unlocked. Maintaining constant vigilance and reporting any suspicious activity can also prevent wrongdoing.
On top of this, the best practice for a test drive is to train employees to copy a customer’s driver’s license information and require a dealership employee present, in the car, for the test drive. Gone are the days where a potential customer could be trusted to not simply drive away, or to not drive to a locksmith, during their test drive.
Finally, train employees to do regular inventory checks, especially on larger lots. Otherwise, it may be some time before you realize that a car is gone from the lot.
Do not have an open pegboard of keys, ready for test drives. Keep the keys locked away when not actively used. There are systems that allow for tracking which employee took which key, giving you a clear picture of who has which key is at any given time.
As technology evolves, so do thieves. Last summer, security expert and Car Hacker’s Handbook author Craig Smith detailed a theoretical scenario he called the “auto brothel,” where an infected car is brought to the dealership under the guise of needing maintenance. The car infects diagnostic tools with malware, spreading to other cars. From there, any car within wifi range, plugged into an infected diagnostic tool, could be hacked. In 2009, hackers proved at a convention that a Chevy Impala’s brakes could be triggered remotely.
Last year, security researchers Charlie Miller and Chris Valasek hacked a Jeep Cherokee, turning the steering wheel, applying brakes, and turning the engine on and off, all remotely, without the need for an infected diagnostic tool. Using the Uconnect software, part of Jeep, Dodge, and Chrysler vehicles, the cars could be hacked anywhere, even sitting on the lot. In 2010, using a telematic device like OnStar, hackers were able to unlock the car or even turn the engine on remotely.
Worse, however, is ransomware. Imagine an entire dealership hit with all the showroom cars’ brakes remotely triggered, and the hacker demanding a large sum of money to deactivate the brakes. Thankfully, Smith demonstrated that with a piece of hardware built from $20 of parts, and using software he released free online, cars could be tested for vulnerabilities.
Last August, Tesla quickly patched the software of the Model S after hackers released a how-to on hacking the high-end cars. If remotely triggering brakes was bad, remotely changing the autopilot while the car is moving could be catastrophic.
Thankfully, hacking even different models from the same manufacturer can prove difficult, with no one universal hack packaged. It is, however, important to make sure the vehicles on the lot are up to date with software provided from the manufacturer.
Yes, you should probably offer unencrypted wifi for clients. But, for diagnostic tools connected to wifi – see the last tip – connect them to an encrypted network. Nothing sensitive should be connected to the unencrypted wifi, such as client information or financial information. Routers often allow for dual signals, one for guests, one encrypted. Utilizing this will put another roadblock to hackers accessing sensitive information – or the cars’ computers.
With the digital age fully embraced by the world, both physical and digital security must be considered when securing a car dealership. Cars can be susceptible even from a distance without being properly tested.