In a two-month-long class assignment, researchers from the University of Michigan found vulnerabilities in J1939, the standard for networking in big rigs and other large industrial vehicles, that allowed them to control the acceleration, braking, and instrument panels of their target vehicles.
The attack, which will be presented next week at Austin's Usenix Workshop on Offensive Technologies, currently requires physical access to accomplish, but the researchers are (justifiably) confident that many of the target vehicles will have vulnerable internet-based entrypoints to their networks that will enable remote attacks as well.
Because J1939 is common to so many vehicles, attacks developed to attack a single vehicle will be usable against a wide range of very different trucks, buses and industrial machinery (for example, the researchers were able to repurpose their truck attack and use it against a school bus).
Most disturbingly, the researchers managed to speed up the truck against the driver's will, by sending signals spoofing the vehicle's powertrain commands to limit the truck's acceleration or max out its RPMs in any gear. They note that they stopped short of trying to destroy the truck's engine, though they speculate it would likely be possible. And they found that, at least when the bus was in neutral with the parking brake on, their engine-revving hack worked on the school bus, too.
These demonstrations come with two significant caveats: First, the researchers performed their tests by plugging a laptop directly into an OBD port on the dashboard of the target trucks, rather than search for a wireless entrypoint into the vehicle that an actual malicious hacker would likely need to access its network. But like other automotive cybersecurity researchers, they argue that motivated attackers will find vulnerabilities offering over-the-Internet access to vehicles' vulnerable digital innards, and that researchers have already repeatedly demonstrated attacks that exploit cellular connections to vehicles' infotainment systems. In fact, industrial vehicles that often include telematics systems for fleet management may be easier to hack remotely than consumer vehicles. Early this year, one security researcher found thousands of trucks left open to over-the-Internet attacks via an insecure telematics dongle that tracks gas mileage and location. "It's pretty safe to hypothesize we're not far off from coming up with remote attacks as well," says Michigan researcher Yelizaveta Burakova.
Truck Hacking: An Experimental Analysis of the SAE J1939 Standard
[Yelizaveta Burakova, Bill Hass, Leif Millar, and André Weimerskirch/University of Michigan]
Hackers Figure Out How to Hijack a Big Rig's Accelerator and Brakes [Andy Greenberg/Wired]