WHEN CYBERSECURITY RESEARCHERS showed in recent years that they could hack a Chevy Impala or a Jeep Cherokee to disable the vehicles’ brakes or hijack their steering, the results were a disturbing wakeup call to the consumer automotive industry. But industrial automakers are still due for a reminder that they, too, are selling vulnerable computer networks on wheels—ones with direct control of 33,000 pounds of high velocity metal and glass.
At the Usenix Workshop on Offensive Technologies conference next week, a group of University of Michigan researchers plan to present the findings of a disturbing set of tests on those industrial vehicles. By sending digital signals within the internal network of a big rig truck, the researchers were able to do everything from change the readout of the truck’s instrument panel, trigger unintended acceleration, or to even disable one form of semi-trailer’s brakes. And the researchers found that developing those attacks was actually easier than with consumer cars, thanks to a common communication standard in the internal networks of most industrial vehicles, from cement mixers to tractor trailers to school buses.
“These trucks carry hazard chemicals and large loads. And they’re the backbone of our economy,” says Bill Hass, one of the researchers from the University of Michigan’s Transportation Research Institute. “If you can cause them to have unintended acceleration…I don’t think it’s too hard to figure out how many bad things could happen with this.”
Here’s a video of the researchers’ demonstration of causing unintended acceleration with just a tap of a laptop keyboard:
The researchers targeted most of their attacks on a 2006 semi-trailer, but they also tried some hacks on a 2001 school bus. (They argue that revealing the vehicles’ manufacturers would be an unnecessary embarrassment for those companies, since the bus and truck likely aren’t any more vulnerable than similar vehicles that use the same communications standard.) Connecting a laptop to the vehicles via their on-board diagnostic ports, they found that they could simply look up most commands using the J1939 open standard common to those heavy vehicles. That allowed them to replicate those signals on the vehicles’ networks without the time-consuming reverse engineering other car hackers have had to do to replay commands inside consumer vehicles, which lack the standardization of industrial trucks. “If you wanted to hijack someone’s car you’d have to know the make and model and tailor the attack,” says Leif Millar, another one of the Michigan researchers. “With trucks, it’s all open, so you can just craft one attack.” For that reason, their entire truck-hacking project, which began as a University of Michigan class assignment, took only two months. That’s perhaps the most troubling part: how simple these hacks were to figure out and pull off.
For the big rig truck, that J1939 standard allowed them to send commands that precisely changed the readouts of practically any part of the instrument panel. They could, for instance, spoof a full tank of gas when the truck was running out of fuel, or prevent an alert that the truck was about to run out of compressed air in its air brakes, leading to the vehicle instead applying its emergency brake without warning. At 30 miles per hour or less, they could fully disable the truck’s engine brake—one of two forms of brakes in the truck—forcing the driver to rely on another form of brakes known as foundation brakes that can overheat and fail.
Most disturbingly, the researchers managed to speed up the truck against the driver’s will, by sending signals spoofing the vehicle’s powertrain commands to limit the truck’s acceleration or max out its RPMs in any gear. They note that they stopped short of trying to destroy the truck’s engine, though they speculate it would likely be possible. And they found that, at least when the bus was in neutral with the parking brake on, their engine-revving hack worked on the school bus, too.
These demonstrations come with two significant caveats: First, the researchers performed their tests by plugging a laptop directly into an OBD port on the dashboard of the target trucks, rather than search for a wireless entrypoint into the vehicle that an actual malicious hacker would likely need to access its network. But like other automotive cybersecurity researchers, they argue that motivated attackers will find vulnerabilities offering over-the-Internet access to vehicles’ vulnerable digital innards, and that researchers have already repeatedly demonstrated attacks that exploit cellular connections to vehicles’ infotainment systems. In fact, industrial vehicles that often include telematics systems for fleet management may be easier to hack remotely than consumer vehicles. Early this year, one security researcher found thousands of trucks left open to over-the-Internet attacks via an insecure telematics dongle that tracks gas mileage and location. “It’s pretty safe to hypothesize we’re not far off from coming up with remote attacks as well,” says Michigan researcher Yelizaveta Burakova.
Skeptics might also point out that the truck they tested was a decade old. The researchers admit they’re not sure if their attacks would work on a newer vehicle. But even if they didn’t, that still leaves the majority of semi-trailers vulnerable: On American roads, the average truck of the size they tested is 12 years old, according to the automotive, defense and security analysis firm IHS Markit.
When WIRED reached out to trucking industry body the National Motor Freight Traffic Association about the Michigan research, the NMFTA’s chief technology officer Urban Jonson said the group is taking the researchers’ work seriously, and even funding future research from the same team. And Jonson acknowledged that the possibility of the nightmare scenario they present, of a remote attack on heavy vehicles, is real. “A lot of these systems were designed to be isolated,” says Jonson. “As automobile manufacturers are increasingly connecting vehicles with telematics systems, some of these issues need to be addressed.”
Beyond individual truck and bus manufacturers, it’s the Society of Automotive Engineers, the standards body that controls the J1939 standard, that’s at least partly responsible for the vulnerability of the trucks and buses that use that standard, says Michigan researcher Bill Hass. SAE didn’t immediately respond to WIRED’s request for comment.
The researchers write that their attacks show the entire industry of heavy-duty automakers needs to focus on not just the safety of their vehicles from collisions and driver errors, but also defending against the possibility of an active, digital attack on the vehicle’s systems. They suggest truck makers better segregate components of their vehicles’ networks, or build authentication measures into the network so that one compromised component can’t sending messages impersonating another one. Other defensive measures could include everything from the “bug bounties” that car makers like Chrysler and Tesla have launched to pay researchers for vulnerability information, to the intrusion detection systems that have been prototyped by multiple automotive security researchers.
“It is imperative that the trucking industry begins to take software security more seriously,” the Michigan researchers conclude in their paper describing their work. “It is reasonable to assume that with more time an adversary could create an even more sophisticated attack, one that could be implemented remotely…Our hope is the heavy vehicle industry begins to include the possibility of an active adversary in the design of their safety features.”