Welcome to a potentially new world of cybercrime: trucks targeted for theft or sabotage by hacking into engine control modules and planting malicious code.
In theory, cybercriminals could piggyback on the proliferation of “Internet of Things” connections, such as vehicle infotainment systems, in-cab wireless Bluetooth links to smartphones and onboard computers and open and unrestricted USB ports.
Another potential avenue for access could be government-mandated electronic logging devices, which collect ECM data and then transmit it through WiFi or cellular connections or, in some cases, USB memory sticks.
The potential for a truck’s vehicle bus, technically known as the J1939 bus, to be compromised by a nefarious actor and used as an access point into an ECM, has been known for some time, said Bill Brown, chairman of the Technology & Maintenance Council’s Future Truck Committee and the retired director of telematics for Southeastern Freight Lines.
Indeed, while passenger vehicles are just now becoming “connected” through systems such as OnStar, Sync, uConnect and others, heavy trucks have been more pervasively “connected” through satellite and cellular communications for quite some time, said Urban Jonson, chief technology officer and program manager for the Heavy Vehicle Cyber Security Program with the National Motor Freight Traffic Association.
“Consequently, heavy vehicles currently have more avenues for remote access than light vehicles,” Urban said.
At last year’s ATA Management Conference & Exhibition, Brown compared the J1939 bus to an old-style party-line telephone with multiple subscribers, such as the engine, dash control cluster, body controller, transmission controller, antilock braking system controller and emissions systems. As Brown explained it, these participants are all “listening” for information. They share the line, respect each other’s needs, yield the line at the appropriate time and for proper duration, and speak the same language.
Now add ELDs to the mix. Unlike some earlier electronic logging systems, ELDs are not passively “listening.” They are actively accessing ECM data, which may then be uploaded from the ELD using a common USB thumb-drive data storage device, one of four approved methods for transferring ELD records.
An attacker could conceivably “hide” a piece of malware or other corruption code in a USB drive. In one scenario, the hacker, using the J1939 bus as the connection path, could potentially plant malicious code in the ECM. Unbeknownst to the driver, when a thumb drive is inserted to download the ELD data for the inspecting officer, the malicious code could upload to the ECM. As the thumb drive goes from truck to truck collecting ELD data, the malicious code, if undetected, infects more and more ECMs.
If the malware was such that it was timer-activated, it could shut down countless vehicles at the same time.
Where do fleets go from here?
Lloyd Palum, chief technology officer for onboard technology supplier Vnomics Corp., said he believes the potential risk is rising with the increasing sophistication of hackers and the widespread adoption of ELDs.
In some instances, small fleets that have recently deployed ELDs “may be bringing a networked device into their operations for the first time with little or no means to administer it,” he said. “Small fleets that are using public cellular networks and public WiFi networks are the most vulnerable. They will be wholly dependent on their vendor.”
Future Truck Committee Chairman Brown believes the problems can be solved, but more work needs to be done around specific software and hardware solutions to improve security, as well as mitigating the vulnerability of the J1939 bus.
“If you can attach a device to a vehicle’s data bus, you can hack into it,” he said.
Lastly, he reiterated a common theme: double down on employee education and training, including specific education for today’s truck maintenance technicians to teach them the vulnerabilities and what to look for from cyber threats.