If you have read any of the headline stories about the trio of researchers from the University of Michigan who successfully hacked into the J1939 databus of a 2006-model-year truck, you might now believe that it's discouragingly easy. While the researchers did manage to seize control of the truck's throttle and engine brake controls, they used a laptop computer connected directly to the truck's dataport (OBD port) to pull off their experiment.
A YouTube video accompanied several of the online reports about the hacking attempt showing the vehicle lurching along a test track, the would-be hacker in the back seat of the club-cab truck with his laptop, while the driver and a passenger (presumably the trio or researchers) comment on the performance of the truck.
It's one thing to hack into the J1939 databus from onboard the vehicle. But the question the U of M researchers were keen to delve into is the likelihood of carrying out the same type of hack, or perhaps a more serious disruption of the vehicle controls, remotely via the telematics links now emerging as a popular maintenance management option.
The research paper is titled "Truck Hacking: An Experimental Analysis of the SAE J1939 Standard," published by Yelizaveta Burakova, Bill Hass, Leif Millar, and Andre Weimerskirch of the The University of Michigan. The paper was presented Monday in Austin, Texas at 10th Usenix Workshop on Offensive Technologies. It's available to download here.
It focuses on what an adversary could accomplish while physically connected to the truck's internal network, and analyzes the impact of insecure electronic control units in heavy vehicles by exploiting the inherent openness of the J1939 architecture -- which is something common to all heavy trucks in North America and a great deal more diesel-powered equipment as well.
According to the report, the motivation for J1939 stems primarily from a desire to electronically control drivetrain components of a vehicle. Because so many different organizations are involved in the building of heavy vehicles, a standard was needed to minimize engineering effort and the complications of integrating systems. While standardizing these communications has proven crucial in allowing various suppliers and manufacturers to work together and cut costs, it also means that all heavy vehicles currently on the road from tractor-trailers to garbage trucks and cement mixers to buses, utilize the same communication protocol on their internal networks.
By contrast, the authors say communications networks on consumer vehicles tend to be proprietary to the OEM that designed that particular vehicle and kept secret. For that reason, the authors note, "deciphering consumer vehicle network traffic involves the tedious process of reverse engineering any messages observed on the bus to determine their function."
Not so with J1939, and that's part of the vulnerability at least partially exposed by the report.
The SAE J1939 standard used across all U.S. heavy vehicle industries gives easy access for safety-critical attacks and these attacks aren't limited to one specific make, model, or industry," the authors point out.
The report also provides example of the sort of attack they were able to accomplish:
INSTRUMENT CLUSTER: By spoofing the status messages that originate in various ECUs of the truck, researchers were able to control all gauges on the instrument cluster, including oil temperature, oil pressure, coolant temperature, engine RPM, speed, fuel level, battery voltage, and air pressure.
Researchers indicated that it would be "possible" to spoof the air pressure indicator to read a normal operating pressure when in fact the pressure could be physically reduced initiating a spring parking-brake application while traveling at highway speed.
POWERTRAIN: Researchers were able to override the driver's input to the accelerator pedal and simultaneously cause either direct acceleration or remove the ability to provide torque to the wheels while the truck was in motion.
ENGINE BRAKE: Certain message could be configured to disable the truck's ability to use engine braking at speeds below 30 mph. Researchers acknowledged that the driver retained control of the service brakes, but noted that if they had been able to control the engine brake above 30 mph, it would could have implications for trucks operating on long downhill grades.
The story appeared on several technology publication websites whose authors are more familiar with pure technology that the current state of the trucking industry. They envisioned the potential for autonomously controlled trucks running pell-mell across the country leaving trails of destruction in their wake.
Insiders, on the other hand, would recognize the "attacks" described by the authors of the study as potentially risky, but generally not life threatening in every circumstance. But we should not be lulled into a false sense of security because this particular exercise didn't come up with a crash 'n burn scenario.
Foremost on the authors' minds was the potential for remote access to the vehicle's internal electronic controls via some telematic interface wi-fi, cellular or satellite connectivity.
The paper makes for some interesting reading, as do a couple of other stories that appeared online following its release -- if you can forgive the doomsday scenarios.