Fleets are not immune to cyberattacks
By: Phil Sneed
No company is immune to online attacks.
In recent years, high-profile episodes that have seen major banks and retailers fall victim to hackers have become even more common. When a company is successfully targeted, customer information and other important internal information is stolen, which can cause many more issues for those who find themselves affected.
This includes the trucking industry. Moving forward, fleets, carriers and shippers cannot underestimate the threats stemming from online attackers.
The trucking industry finds itself in an interesting spot as more advanced technology enters the workspace, both behind the scenes and in the cabins of trucks. Daily tasks become easier, but if security and safeguards aren't in place, companies may find themselves vulnerable to outside attacks.
"Fleets, carriers and shippers cannot underestimate the threats stemming from online attackers."
Trucking and online security
In the beginning of August, the 10th annual USENIX Workshop on Offensive Technologies was held in Austin, Texas. USENIX has been around since 1975, and its goals are to bring together scientists, engineers and more who work in the world of computing.
During the August conference, two researchers from the University of Michigan detailed how they could hack into a semitrailer to mess with acceleration controls, brake setting and gauges.
They were able to make these changes with one piece of equipment: a laptop. They were even able to make the truck accelerate by simply pressing the spacebar.
According to Trucks.com, one of the researchers, Yelizaveta Burakova told conference attendees that trucking companies can't neglect computer security, which should be on the same safety requirements as ensuring airbags properly work.
"It all needs to go into the same level of priority," said Burakova.
The need for computer security comes at a time when newer trucks are being built to incorporate features meant to make driving easier. But newer models are also more vulnerable to hacks. Old semitrailers can be targeted, and may be at a larger disadvantage because they aren't equipped with features that would deter attacks.
For instance, during their presentation, the two researchers hacked into semitrailers built in 2006 and 2001. They plugged the laptop into the electronic diagnostics port and then accessed the J1399 communications system.
Two types of attacks
Two different attack methods were highlighted.
The first is known as a powertrain attack. This is when an outside party controls the truck and causes the vehicle to brake or speed up. The second type is an instrument cluster attack, which isn't always noticeable by drivers. Essentially, attackers could feign diagnostic readings that would make drivers believe everything is operating fine, when in reality, the readings are actually incorrect.
What needs to be done to prevent attacks
Trucks today are more connected than they've ever been. And in the not-so-distant future, self-driving trucks will likely populate the roads.
But companies and employees should know that while threats exist, it's not all doom and gloom. The FBI and National Highway Transportation Safety Administration issued a public service announcement to manufacturers about the vulnerability of modern vehicles.
Additionally, attackers would physically need to be in the cabin of a truck to gain access. There are currently no methods in which someone can remotely gain control of a vehicle.
"Truck manufacturers can work with cybersecurity professionals to uncover weak spots."
Truck manufacturers have also stated that they take safety seriously and ensure their vehicles are safeguarded against threats. However, Leif Millar, the other research member from the University of Michigan, said that some manufacturers may already be behind the sophistication levels of potential attackers.
To make up this difference and further protect vehicles, Millar recommended truck manufacturers increasingly work with cybersecurity professionals to uncover weak spots in a semitrailer and solicit any and all advice to keep attackers at bay.
"They shouldn't see security researchers finding vulnerabilities as an attack on them personally, but just a way to get the conversation started and to get them talking about potential mitigation techniques," said Millar.