How the car-sharing service works
Currently, car sharing services are rapidly gaining momentum and even seize regions. Someone refused a personal car in favor of the car-sharing one, and someone still avoids these cars. Let's try to figure out what this foreign word is, which everyone already knows how a car-sharing service works and how it functions?
As an example, take a carsharing service "N" and consider the interaction of all components of this complex mechanism.
')
All cars are displayed on the map in real time, both at the client and at the call-center operator. In order for the information to be constantly updated and updated, the server “polls” the machines with a certain timeout. The operator sees the entire fleet in CRM and can drive absolutely any car, regardless of whether this car is in the current lease or in the “free” status. In the screenshot below - an example of CRM:
Just click on the machine and instantly opens a dialog box with management capabilities:
The following options are available for CRM users (the set of options depends on the configuration and modification of the telematic equipment installed in it):
- remote door lock / unlock;
- remote lock / unlock the engine;
- opening the vents of the car;
- remote autostart of the car;
- control the sound signal of the car.
A service geofence is an area marked on a map, within which a specific carshoring provider operates. That is, within the limits of this zone, the operator guarantees that the client application and telematic equipment will work correctly. How does the tracking of the fact that the machine left the geofence?
Everything is very simple! Geofence - a polygon of points. A certain specified area (in the screenshot below is the city of Perm). Left the car geofence or vice versa returned - determined by the occurrence of the coordinates of Latitude & Longitude in a specific area It looks something like this:
Many car sharing operators have established a rule - travel outside the geofence must be coordinated with the operator of the call center. To complete a lease outside the zone is prohibited, or even limited at the program level.
In order for the car to be controlled remotely, special telematic equipment is connected via CAN bus, as shown below:
The device looks like a conventional satellite alarm system, which is set by car owners on their personal cars. The built-in CAN transceiver is used to interact with the vehicle network, allowing you to request data on the remaining fuel, the state of the nodes, to obtain data about the doors, hood, trunk, engine and other information. Data, in turn, is transmitted through the usual 3G / 4G networks. Each device has an average of two SIM cards that make the signal for transmitting telematic data more stable. Normal this equipment is installed behind the dashboard and hidden from the user. In fact, this is the “brain” of a car-sharing car.
The machine interacts with the server at the software level. Data packets are transmitted from telematics equipment to the server and vice versa.
During each of the “polls” of the machine, the following information comes from the telematic equipment:
From this example of the answer from the car, we see that absolutely all information on the current state of the car is transmitted: sensors, location, door status, etc. Where does this information come from and what kind of device does it transmit?
A regular user for using a car-sharing service uses a special mobile application released by a specific operator to access the fleet. However, often in the news, in various Telegram channels we hear about fake accounts. In the screenshot below - an example of one of the Telegram channels, where anyone can buy an account:
The principle of registration of fake accounts is simple! The data required for registration (passport, driver's license), attackers take from various sources. Sometimes the "victims" themselves transmit their data. After receiving the data, the attackers register the account, the security service of the car sharing operator approves this account and then it is put up for sale. Riding under such an account is a criminal offense. Security services are actively monitoring virtually every current trip.
The second way that attackers use to register an account is to exploit software vulnerabilities. Thus, a database of users of the car sharing operator “TimCar” was stolen relatively recently. And just the other day - to get access to the account of one of the metropolitan operators did not even need to enter the confirmation code, which comes by SMS. The operator’s server itself sent it to the client in response to the request:
Having entered the code from the “veryfy_code” field, we could easily log in to the victim's account, knowing only the phone number.
I think that this article will help ordinary users to understand the basic principles of short-term car rental services. And also to answer many questions that were incomprehensible before.
As an example, take a carsharing service "N" and consider the interaction of all components of this complex mechanism.
')
Remote fleet management, as it happens through the CRM operator
All cars are displayed on the map in real time, both at the client and at the call-center operator. In order for the information to be constantly updated and updated, the server “polls” the machines with a certain timeout. The operator sees the entire fleet in CRM and can drive absolutely any car, regardless of whether this car is in the current lease or in the “free” status. In the screenshot below - an example of CRM:
Just click on the machine and instantly opens a dialog box with management capabilities:
The following options are available for CRM users (the set of options depends on the configuration and modification of the telematic equipment installed in it):
- remote door lock / unlock;
- remote lock / unlock the engine;
- opening the vents of the car;
- remote autostart of the car;
- control the sound signal of the car.
Geozones service
A service geofence is an area marked on a map, within which a specific carshoring provider operates. That is, within the limits of this zone, the operator guarantees that the client application and telematic equipment will work correctly. How does the tracking of the fact that the machine left the geofence?
Everything is very simple! Geofence - a polygon of points. A certain specified area (in the screenshot below is the city of Perm). Left the car geofence or vice versa returned - determined by the occurrence of the coordinates of Latitude & Longitude in a specific area It looks something like this:
Many car sharing operators have established a rule - travel outside the geofence must be coordinated with the operator of the call center. To complete a lease outside the zone is prohibited, or even limited at the program level.
Secret equipment
In order for the car to be controlled remotely, special telematic equipment is connected via CAN bus, as shown below:
The device looks like a conventional satellite alarm system, which is set by car owners on their personal cars. The built-in CAN transceiver is used to interact with the vehicle network, allowing you to request data on the remaining fuel, the state of the nodes, to obtain data about the doors, hood, trunk, engine and other information. Data, in turn, is transmitted through the usual 3G / 4G networks. Each device has an average of two SIM cards that make the signal for transmitting telematic data more stable. Normal this equipment is installed behind the dashboard and hidden from the user. In fact, this is the “brain” of a car-sharing car.
Machine to server interaction
The machine interacts with the server at the software level. Data packets are transmitted from telematics equipment to the server and vice versa.
During each of the “polls” of the machine, the following information comes from the telematic equipment:
{ "success": true, "total": "1", "car": [ { "date": "2019-03-01 12:00:19.306955", "id": "124", "id_category": "2", "id_emi": "295", "id_status": "9", "vendor": "Kia Rio", "marka": "", "year": "", "id_modification": "", "vin": "WF0DXXGTB60052135", "numberplate": "111799", "color": "", "descr": "", "emi": "580855023425759", "data_fuel": "50", "data_voltage": "12.6400000000000000", "fuel_by_can": "1", "onoffdirect": "1", "insurance_card": null, "id_typefuel": "1", "name_typefuel": "-95", "id_typetransmission": "1", "name_typetransmission": "", "is_agg_car": null, "odometer": "22471", "clat": "55.61313000", "clng": "37.61698000", "plat": "55.61321100", "plng": "37.61700000", "doors": [ "0" ], "sensor": [ "0", "0", "0", "0", "0", "0" ] } ] } From this example of the answer from the car, we see that absolutely all information on the current state of the car is transmitted: sensors, location, door status, etc. Where does this information come from and what kind of device does it transmit?
Client-server interaction
A regular user for using a car-sharing service uses a special mobile application released by a specific operator to access the fleet. However, often in the news, in various Telegram channels we hear about fake accounts. In the screenshot below - an example of one of the Telegram channels, where anyone can buy an account:
The principle of registration of fake accounts is simple! The data required for registration (passport, driver's license), attackers take from various sources. Sometimes the "victims" themselves transmit their data. After receiving the data, the attackers register the account, the security service of the car sharing operator approves this account and then it is put up for sale. Riding under such an account is a criminal offense. Security services are actively monitoring virtually every current trip.
The second way that attackers use to register an account is to exploit software vulnerabilities. Thus, a database of users of the car sharing operator “TimCar” was stolen relatively recently. And just the other day - to get access to the account of one of the metropolitan operators did not even need to enter the confirmation code, which comes by SMS. The operator’s server itself sent it to the client in response to the request:
{ "success": 1, "return": { "veryfy_code": 3634, "sms_id": "201907-1000009" } } Having entered the code from the “veryfy_code” field, we could easily log in to the victim's account, knowing only the phone number.
I think that this article will help ordinary users to understand the basic principles of short-term car rental services. And also to answer many questions that were incomprehensible before.
Source: https://habr.com/ru/post/453926/
All Articles