TopNews

Can Big Trucks be Hacked?

August 8, 2016

By Jim Park

SHARING TOOLS        | Print Subscribe
Photo by Jim Park
Photo by Jim Park

If you have read any of the headline stories about the trio of researchers from the University of Michigan who successfully hacked into the J1939 databus of a 2006-model-year truck, you might now believe that it's discouragingly easy. While the researchers did manage to seize control of the truck's throttle and engine brake controls, they used a laptop computer connected directly to the truck's dataport (OBD port) to pull off their experiment.

A YouTube video accompanied several of the online reports about the hacking attempt showing the vehicle lurching along a test track, the would-be hacker in the back seat of the club-cab truck with his laptop, while the driver and a passenger (presumably the trio or researchers) comment on the performance of the truck.

It's one thing to hack into the J1939 databus from onboard the vehicle. But the question the U of M researchers were keen to delve into is the likelihood of carrying out the same type of hack, or perhaps a more serious disruption of the vehicle controls, remotely via the telematics links now emerging as a popular maintenance management option.

The research paper is titled "Truck Hacking: An Experimental Analysis of the SAE J1939 Standard," published by Yelizaveta Burakova, Bill Hass, Leif Millar, and Andre Weimerskirch of the The University of Michigan. The paper was presented Monday in Austin, Texas at 10th Usenix Workshop on Offensive Technologies. It's available to download here.

It focuses on what an adversary could accomplish while physically connected to the truck's internal network, and analyzes the impact of insecure electronic control units in heavy vehicles by exploiting the inherent openness of the J1939 architecture -- which is something common to all heavy trucks in North America and a great deal more diesel-powered equipment as well.           

According to the report, the motivation for J1939 stems primarily from a desire to electronically control drivetrain components of a vehicle. Because so many different organizations are involved in the building of heavy vehicles, a standard was needed to minimize engineering effort and the complications of integrating systems. While standardizing these communications has proven crucial in allowing various suppliers and manufacturers to work together and cut costs, it also means that all heavy vehicles currently on the road from tractor-trailers to garbage trucks and cement mixers to buses, utilize the same communication protocol on their internal networks.

By contrast, the authors say communications networks on consumer vehicles tend to be proprietary to the OEM that designed that particular vehicle and kept secret. For that reason, the authors note, "deciphering consumer vehicle network traffic involves the tedious process of reverse engineering any messages observed on the bus to determine their function."

Researchers demonstrated that a truck in motion could be partially controlled through a laptop plugged into the OBD port. Photo by Jim Park
Researchers demonstrated that a truck in motion could be partially controlled through a laptop plugged into the OBD port. Photo by Jim Park

Not so with J1939, and that's part of the vulnerability at least partially exposed by the report.

The SAE J1939 standard used across all U.S. heavy vehicle industries gives easy access for safety-critical attacks and these attacks aren't limited to one specific make, model, or industry," the authors point out.

The report also provides example of the sort of attack they were able to accomplish:

INSTRUMENT CLUSTER: By spoofing the status messages that originate in various ECUs of the truck, researchers were able to control all gauges on the instrument cluster, including oil temperature, oil pressure, coolant temperature, engine RPM, speed, fuel level, battery voltage, and air pressure.

Researchers indicated that it would be "possible" to spoof the air pressure indicator to read a normal operating pressure when in fact the pressure could be physically reduced initiating a spring parking-brake application while traveling at highway speed.

POWERTRAIN: Researchers were able to override the driver's input to the accelerator pedal and simultaneously cause either direct acceleration or remove the ability to provide torque to the wheels while the truck was in motion.

ENGINE BRAKE: Certain message could be configured to disable the truck's ability to use engine braking at speeds below 30 mph. Researchers acknowledged that the driver retained control of the service brakes, but noted that if they had been able to control the engine brake above 30 mph, it would could have implications for trucks operating on long downhill grades.

The story appeared on several technology publication websites whose authors are more familiar with pure technology that the current state of the trucking industry. They envisioned the potential for autonomously controlled trucks running pell-mell across the country leaving trails of destruction in their wake.

Insiders, on the other hand, would recognize the "attacks" described by the authors of the study as potentially risky, but generally not life threatening in every circumstance. But we should not be lulled into a false sense of security because this particular exercise didn't come up with a crash 'n burn scenario.

Foremost on the authors' minds was the potential for remote access to the vehicle's internal electronic controls via some telematic interface wi-fi, cellular or satellite connectivity.

The paper makes for some interesting reading, as do a couple of other stories that appeared online following its release -- if you can forgive the doomsday scenarios.

Forbes.com: There's A Windows PC Helping Control Fleet Trucks -- Any Idiot Can Start Hacking It In 30 Seconds

Wired.com: Hackers Hijack a Big Rig Truck’s Accelerator and Brakes

Salon.com: As era of autonomous trucking arrives, Michigan researchers prove how easy it is to hack trucks

Comments

  1. 1. BarbRRB [ August 09, 2016 @ 04:35AM ]

    I love technology, makes life easy. To easy and makes us lazy and vulnerable. Hear hackers, hacking all the time and why would anyone make it a "must" to have everything electronic and subject to hackers is beyond my understanding. Is it all about safety or having access to private information.

  2. 2. Bob Niemczyk [ August 09, 2016 @ 06:42AM ]

    My comment is much longer than 2000 characters. Please see what I have to say in the comment section of the 'Wired' article mentioned above.

  3. 3. Jorje Gonzales [ August 09, 2016 @ 06:45AM ]

    Yes this is possible and probable. Why use the OBD port??? Trucks can be, are, and will be manipulated via qualcomm. QCs are connected via the J1939 port. Oh the possibilities for false flags and such, THINK about it.

  4. 4. Bob Niemczyk [ August 12, 2016 @ 05:50AM ]

    Even though it may be common practice for truck owners to connect telematics devices to the diagnostic port, this is NOT what that connector was designed for and it negatively messes with the communication quality. Soon, the Diag Conn will only contain diag info, so it is time for truck owners & telematics mfg's to rethink connection instructions

 

Comment On This Story

Name:  
Email:  
Comment: (Maximum 2000 characters)  
Leave this field empty:
* Please note that every comment is moderated.

Newsletter

We offer e-newsletters that deliver targeted news and information for the entire fleet industry.

GotQuestions?

sponsored by

ELDs and Telematics

Scott Sutarik from Geotab will answer your questions and challenges

View All

GotQuestions?

Sleeper Cab Power

Steve Carlson from Xantrex will answer your questions and challenges

View All