Carriers fear hacks through wireless tech

December 2019/January 2020

John Bendel


Carriers are increasingly worried about trucks connected to the internet. Since almost all wireless communication systems and ELDs use the internet, that includes virtually all trucks that haul for major carriers. Drivers should be concerned too.

Anyone who can hack into an individual truck, carriers worry, may find a digital path to the carrier itself, maybe to load-planning, where they can see which high-value goods are moving on which trucks, where they’re going, and what routes they’re being advised to take. They might mess with billing and accounts receivables to their own benefit.

Or they might simply lock up a carrier’s files in a ransomware attack. Once in a victim’s computer network, ransomware encrypts files rendering them inaccessible to anyone without an encryption key. The attacker has the key, of course, and demands a ransom to get it. Ransomware has become a major concern.

High-profile ransomware attacks like that in 2017 on A.P. Moller-Maersk, the world’s largest seagoing carrier (see sidebar), or one earlier this year on the city of Baltimore make the evening news. Smaller attacks on smaller targets don’t make the news at all.

A CNN Business headline in October read, “In the last 10 months, 140 local governments, police stations and hospitals have been held hostage by ransomware attacks.” Trucking companies are targets too. Crooks can buy a package of ransom software with instructions – sometimes including support – on the dark web. Ransomware has become a small-business category.

Hackers recently attacked a state-level trucking organization and locked its files with ransomware, one of its executives said on the condition he remain anonymous.

He said ransomware attacks are hardly rare, and a number of carriers in his area had been victims. Most had simply paid the ransom and not bothered to report the incident. Indeed, his organization paid a relatively small ransom of less than $1,000 in bitcoin, untraceable digital currency, and did not report it to authorities.

With this in mind, carriers are struggling to plug security holes that might allow hackers in. Most often they involve employees who open emails that lead them to click on infected links or attachments. Malware also can enter a system through the USB port of any connected PC. Israeli and American agents once hacked into Iranian networks by dropping infected thumb drives in Iranian nuclear facility parking lots.

But now, carriers worry about the risk to their networks of wireless truck connections. It’s difficult to control what could be inserted into the electronics of any individual truck. The job will be even harder with the coming networks intended to connect vehicles with each other and traffic control devices.

Drivers are exposed here, too. Hackers who gain access to carrier networks could conceivably grab personnel data that includes Social Security numbers and other personal information on individuals. And if carrier networks can be threatened by malware from trucks, the opposite is also true. Individual truck safety could be compromised by bad actors using carrier networks from inside the company.

Even without company links through onboard computers and ELDs, a truck can be hacked wirelessly. In a 2015 demonstration, software experts hacked into a Jeep Cherokee that was miles away as it was in fast-moving traffic on a St. Louis interstate.

After turning on the wipers, air conditioning and the radio, the hackers put the transmission in neutral, seriously slowing the Jeep on an upgrade with a big truck behind it.

The hackers were not aware of the Jeep’s situation at that moment. They could have caused an accident. As a result of the subsequent publicity, Chrysler recalled 1.4 million vehicles.

Never mind freewheeling in neutral, many collision mitigation systems on trucks allow the safety software to directly apply the brakes. The next step in driver-assist, safety progress will open steering to software control. “Active steering,” as it is sometimes called, is already available in high-end BMW and Mercedes cars. It’s coming to trucks, and – if it’s like virtually all electronic functions – it will be hackable.

Let’s take that a step further. Some driverless truck development programs provide for wireless control by a driver at computer monitors in a remote location, much like a drone operator. Evolving safety software might offer hackers the chance to slow, disable or even crash a truck. Such remote-control systems could put a hacker in complete control. They could essentially hijack a truck or possibly steer it on a terror mission.

Hacks of this nature would not be easy.

Most of the time they will be impossible. We may never see control of a truck stolen from a driver by a remote hacker. At least we hope not. But even the possibility is alarming.

Not that all threats in this stage of trucking technology are high tech. Driverless truck developers have a low-tech challenge to consider. Since all self-driving vehicles are programmed to stop for people or objects, future hijackers might only need to pull in front of a driverless truck and make it stop by stopping themselves. They may or may not be able to take over and manually drive the truck away, but they will be able to pop open the trailer doors and make off with some freight.

During the 1990s, West Coast thieves in pickups targeted trucks at traffic lights. They quickly opened freight doors, grabbed whatever was close at hand, and made off before the light changed. They probably didn’t make much money, but future hit-and-run thieves with intelligence could target high-value shipments on driverless trucks. That would be another matter altogether.

But drivers won’t have to worry about that – only the people who operate driverless trucks. LL

John Bendel

John Bendel is Land Line’s contributing editor-at-large. A former trucker, former editor at National Lampoon and two trucking magazines, John is an author, photographer, and freelancer. His work has appeared in the New York Times, The Washington Post, and many U.S. newspapers.