Researchers Hacked Into Commercial Trucks & Buses To Unlock Remotely

Cybersecurity experts have recently demonstrated how heavy-duty vehicles such as commercial trucks and buses can be remotely compromised, potentially giving attackers control over critical vehicle functions.

These findings highlight significant vulnerabilities in the increasingly software-driven and interconnected nature of modern transportation infrastructure.

The research revealed that unlike passenger vehicles, heavy-duty commercial vehicles are particularly susceptible to cyber attacks due to their standardized communication protocols, more complex software systems, and valuable cargo.

Attackers could potentially gain unauthorized access to unlock vehicles, manipulate engine performance, or even disable critical safety systems.

Security analysts or researchers, Marko Wolf and Robert Lambert identified that heavy-duty vehicles face heightened cybersecurity risks compared to passenger cars.

“Heavy-duty vehicles will be even more susceptible to cybersecurity threats since these vehicles will use more complex and software-driven functionality, will create, process, store and exchange more data internally and also externally via powerful, long-distance wireless communication channels,” the researchers explained.

The vulnerability primarily stems from the standardized SAE J1939 protocol used in virtually all modern trucks and buses.

This protocol, which facilitates communication between various electronic control units (ECUs), was not designed with robust security measures, making it relatively straightforward for attackers to inject malicious commands once they gain access to the vehicle’s communication network.

Researchers from the University of Michigan demonstrated these vulnerabilities in practice on a class-8 semi-tractor and a 2001 school bus.

While their demonstration required physical access, experts warn that remote attacks are entirely possible through cellular connections, Wi-Fi, or Bluetooth interfaces that are increasingly common in modern fleet management systems.

Cybersecurity Protection Measures

To address these vulnerabilities, Wolf and Lambert propose a multi-layered security approach.

The effective protection requires multiple lines of defense starting from secure hardware modules at the ECU level up to network security for backend systems.

This includes secure boot protection, authenticated communication protocols, firewalled sub-networks, and intrusion detection systems.

The researchers emphasize that heavy-duty vehicle security requires not only technical solutions but also organizational commitment throughout the entire vehicle lifecycle—from initial design through end-of-life, potentially spanning up to 20 years for commercial vehicles.

Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.