When cybersecurity researchers showed in recent years that they could hack a Chevy Impala or a Jeep Cherokee to disable the vehicles’ brakes or hijack their steering, the results were a disturbing wakeup call to the consumer automotive industry. But industrial automakers are still due for a reminder that they, too, are selling vulnerable computer networks on wheels—ones with direct control of 33,000 pounds of high velocity metal and glass.
At the Usenix Workshop on Offensive Technologies conference next week, a group of University of Michigan researchers plan to present the findings of a disturbing set of tests on those industrial vehicles. By sending digital signals within the internal network of a big rig truck, the researchers were able to do everything from change the readout of the truck’s instrument panel, trigger unintended acceleration, or to even disable one form of semi-trailer’s brakes. And the researchers found that developing those attacks was actually easier than with consumer cars, thanks to a common communication standard in the internal networks of most industrial vehicles, from cement mixers to tractor trailers to school buses.
“These trucks carry hazard chemicals and large loads. And they’re the backbone of our economy,” says Bill Hass, one of the researchers from the University of Michigan’s Transportation Research Institute. “If you can cause them to have unintended acceleration…I don’t think it’s too hard to figure out how many bad things could happen with this.”
Here’s a video of the researchers’ demonstration of causing unintended acceleration with just a tap of a laptop keyboard:
The researchers targeted most of their attacks on a 2006 semi-trailer, but they also tried some hacks on a 2001 school bus. (They argue that revealing the vehicles’ manufacturers would be an unnecessary embarrassment for those companies, since the bus …