Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Open trucker comms lets Shodan snoops alter routes, tap CANs buses.

New delivery address: my place

Security researcher Jose Carlos Norte says trucks, buses, and vans using Telematics Gateway Unit are exposed on security-search engine Shodan allowing hackers to alter routes and probe speed and location.

The Barcelona-based eyeOS chief technology officer says thousands of vehicles are exposed over Shodan and can be accessed without any authentication.

Attackers can download a manual to learn how to navigate the devices and access various functions.

The devices are used to manage fleets, and send drivers new shipping routes from base. Geo-fencing can also be established to prevent trucks from wandering off course or being stolen.

"It is possible to monitor and control trucks, public bus or delivery vans from the internet, obtaining their speed, position, and a lot other parameters," Norte says.

"You can even control some parameters of the vehicle or hack into the CAN bus of the vehicle remotely.

"Telematic Gateway Units exposed to the internet with public addresses and no authentication can be used to remotely track industrial vehicles, geofence them, [and] change the mission route."

The advanced menu interface.

Affected vehicles use the Telematics Gateway Unit and a modem using various mobile data protocols such as 3G and 4G to connect to the internet.

Attackers can access the device administrative interfaces using a web panel or telnet session.

Norte offers various commands that can yield interesting data.

He does not claim vehicles can be hijacked or otherwise have speed and braking systems remotely-accessed, however, the interface with the CAN bus opens the possibility.

Acceleration and braking can be accessed in some vehicles using the CAN bus but it is complicated and specialist work that often requires physical access.

Norte cites a manual (PDF) showing the devices can be connected to a vehicle's CAN bus, ignition, battery, and immobilsers among other critical features.

"... the theoretical things that could cause are very scary," he says.

He urges hackers to avoid probing active vehicles. ®

Similar topics

TIP US OFF

Send us news


Other stories you might like