IT Security for Vehicles
Trucks are More Vulnerable to Hacker Attacks
Every day, enormous values of goods are transported by truck. So if these vehicles fall victim to a cyber attack, the damage is great. Cymotive expert Cristian Ion explains what makes trucks particularly vulnerable to hacker attacks and why a hacked truck can paralyse an entire country.
A 7.5-tonne truck, fully loaded with iPhones, is worth more than 20 million euros. For hackers, that is a worthwhile target. IT security should therefore be a high priority. However, this is more difficult to implement in commercial vehicles than in cars. This is because trucks are modular and must be able to be combined with many different systems. This increases the number of points of attack enormously.
But it is not only about expensive freight: Commercial vehicles (and this also includes agricultural or construction machinery) have long running times, cover long distances and often transport important goods for CRITIS companies and military goods.
So the dangers come not only from white-collar criminals, but also from terrorists and state actors. If the transport of urgently needed equipment is stopped by a cyber attack, this can have a significant impact on an entire country.
Special challenges
The threat situation for commercial vehicles differs significantly from that for passenger cars, because commercial vehicles and especially agricultural vehicles are designed for modular use. Components such as a chopper or potato harvester can be connected and combined; trailers are attached to different tractors and communicate with different vehicles over time.
Viral effects are possible here: if a trailer can infect a tractor, it can transfer the malware to another trailer the next day. Especially through modern online functions such as predictive diagnostics and fleet management functions, these components are increasingly exposed.
Many communication protocols are old and vulnerable
The central electronic control units (ECU) in commercial vehicles are not as highly specialised as in passenger cars. For cost and modularity reasons, most OEMs use the uniform SAE-J1939 protocol for in-vehicle communication.
The SAE J1939 protocol is similar to the CAN bus protocol in its basic structure, but it is more dynamic, more complex and has higher functionality. However, it also offers more points of attack for cyber attacks.
The preferred method of attack is a remote attack - not least because commercial vehicles come in for inspection more frequently and physical changes are noticed more quickly. However, the high degree of standardisation of vehicles (also to ensure high interoperability) increases the risk that many different vehicles can be successfully taken over with a single attack method.
Unfortunately, there is no authentication in SAR-J1939. This is not provided for in the specification and would have to be implemented by an add-on (but this limits interoperability). A man-in-the-middle attack is therefore not a major obstacle for an experienced hacker. In addition, there are frequent technical adaptations and changes to commercial vehicles in the course of their useful life. This also creates new attack surfaces.
Another significant difference between passenger cars and commercial vehicles is the subsequent modification after the purchase of the vehicle. Many fleet operators install an electronic tachograph and other telematics modules after purchase. These add-ons are not part of the manufacturer's cybersecurity concept, are not subject to supplier restrictions and may introduce new vulnerabilities.
In addition, suppliers' components for commercial vehicles more often offer cybersecurity attack points and are less trimmed for security than those for passenger cars because they have not dealt with the topic of IT security as intensively in the past.
Remedy for commercial vehicle manufacturers
Remedy is only possible if manufacturers, especially of supplied components, intensively deal with the regulations of UN R155, ISO/SAE 21434 and Autosar and focus on processes as well as security-by-design approaches for the entire vehicle life cycle.
The extension of SAE J1939, which is currently still in the coordination phase, should prove helpful. As J1939-91, it implements the necessary network security functions such as Secure Boot and Secure Flash as well as authentication and authorisation.
- Part A regulates basic security functions that are connected via a J1939-13 connector.
- Part B defines the rules for secure radio communication with the outside world (OTA). This includes the new rules of UN 156 and ISO 24089.
- Part C deals with the secure communication of components within the vehicle.
Commercial vehicle manufacturers would be well advised to already intensively deal with the upcoming extensions and to exchange information with IT security experts for vehicle technology such as Cymotive Technologies.
Conclusion
Although they are less in the public spotlight, commercial vehicles are significantly more vulnerable to hacking - and significantly more rewarding for criminals and terrorists. The high degree of modularity in commercial vehicles makes securing them particularly challenging.
Vehicle manufacturers should therefore acquire the necessary IT security know-how or purchase it through specialised partners. Since this area is currently developing dynamically and will become even more important with autonomous vehicles, OEMs must not lose any time.
The Author
Cristian Ion
is an IT expert for automotive and application security at Cymotive Technologies, where he leads an accomplished team of security experts, risk managers and security architecture and penetration testers.
His areas of expertise include the security of driver assistance systems and autonomous driving functions, but also topics such as e-mobility and the security architecture in the vehicle and backend.
