Big trucks are more vulnerable to hacking than cars. In preparation for the Usenix Workshop on Offensive Technologies (WOOT ’16) security event in Austin, Texas, next week, researchers from the University of Michigan’s Transportation Research Institute hacked multiple systems in a big rig truck to demonstrate its vulnerability, according to Wired.
In 2015, another team demonstrated taking over a Jeep Cherokee remotely via the vehicle’s Uconnect cell-based system. That remote hijack sent a loud wake-up call to the consumer car world. Hijacking trucks and buses may be even easier. Individual automakers and car models from the same manufacturer use different codes, but most commercial trucks — from tractor trailers and school buses to garbage trucks and cement mixers — use the same communication standard. Once you know how to hijack one big truck, you can use the same codes with most others.
“These trucks carry hazard chemicals and large loads. And they’re the backbone of our economy,” researcher Bill Hass said. “If you can cause them to have unintended acceleration … I don’t think it’s too hard to figure out how many bad things could happen with this.”
The team created several videos showing how they took control of various systems in a truck and a school bus. The researchers interfered with braking systems, took control of engine RPMs, and sent faulty readings to dashboard indicators.
The common link between the vehicles was the J1939 open standard used by the on-board diagnostic systems (OBDS). The Michigan team used a laptop while sitting in the vehicles to access the vehicles’ system via the diagnostic port for this demonstration project, not via a wireless connection, but the point was made.
Heavy trucks, just like consumer vehicles, increasingly connect to the outside world via cell-phone and other systems. Breaking through to the OBDS via remote wireless remains a further step, but according to Wired, another study found trucks vulnerable to remote attack via an insecure location-tracking dongle.
WOOT ’16, which takes place during the Usenix Security Symposium, August 10-12, is a two-day workshop of presentations on cryptographic attacks, mobile threats, evading malware detection, creative denial of service, vehicle hacking, and other security threats and issues, to bring them to the attention of affected industries and security firms that serve them.
