Remote-crashing a bunch of trucks at once would grind the U.S. economy to a halt.
'Maximum Overdrive" is a campy Stephen King horror film about murderous machines come to life — including big rigs that run people down at a truck stop.
Could terrorists create a real-life scenario where killer trucks run amok, now that semis are federally mandated to use electronic logging devices (ELDs) instead of paper logs?
The idea concerns Jim March Simpson, a Fort Payne, Ala.-based trucker who describes himself as a "semi-professional security researcher."
"Remote-crashing a bunch of trucks at once would grind the U.S. economy to a halt," Simpson said.
ELDs plug into a truck's on-board diagnostic (OBD) port that's connected to the truck's internal communications network, which can control such things as a truck's speed, instrument panel and braking.
Simpson fears that "budget ELDs" that sell for about $150 at truck stops and connect wirelessly to a truck driver's smartphone or computer tablet could be compromised.
Simpson also worries that an enemy nation could hack into a large truck fleet's sophisticated LEDs.
Playstation controller revs 18-wheeler
Simpson's concerns aren't completely off base, according to Sam Lauzon, a senior engineer in research at the University of Michigan Transportation Research Institute's Cybersecurity Department.
"Your assessment on ELDs is, unfortunately, moderately accurate," Lauzon wrote an email exchange with Simpson and the Times Free Press.
Not just tractor trucks, but all U.S. heavy vehicles, including concrete mixers, school buses and garbage trucks, have the same internal communications network, called the J1939 "vehicle bus," which was standardized so different manufacturers could sell their integrated systems and parts.
It's not resistant to attack, Lauzon wrote, since it was designed for real-time, safety-critical data such as triggering the brakes when the brake pedal gets pushed.
Transportation and cybersecurity researchers at the University of Michigan have used laptop computers plugged into a semi truck's OBD port to control all the gauges on a truck's instrument panel, disable the engine brake, and change a truck's speed — while overriding the driver's actions.
"It is imperative that the trucking industry begins to take software security more seriously," said a 2016 University of Michigan research paper about those truck-hacking experiments.
Lauzon has personally controlled a truck's speed with a wireless Sony Playstation video game controller.
Trucks 'hard to hack, odds low'
But Lauzon discouraged Simpson from worrying too much about ELD hacking.
"The odds of you being harmed on the road by a drunk driver, someone not driving for the road conditions, someone using a cellphone, or even mechanical failure are about a million times more likely than ELD manipulation," Lauzon wrote.
He said a cybercriminal would need the skills to hack into a mobile network, know which brand of ELD was in the truck, and overwrite its "firmware," the software programmed into its read-only memory.
"Even then — that's one ELD they compromised," Lauzon wrote. "Who's to say they'll have success with any other ELD, other than the one in their physical possession?"
"Please understand ELD manufacturers do not want to sell poorly secured devices, and they are acting accordingly," he added. "If someone does make attempts at compromising an ELD, there is such a high barrier to success, they will be noticed making such attempts on a mobile network."
Simpson thinks terrorists from the Middle East or North Korea could have the funding and motivation to hack into U.S. trucks.
"In short, some things don't belong on the internet," Simpson said. "Truck onboard electronics are close to the top of the list."
Contact staff writer Tim Omarzu at firstname.lastname@example.org or www.facebook.com/MeetsFor Business or on Twitter @meetfor business or 423-757-6651.