By now you’ve probably heard about the Wired Magazine story in which two computer hackers remotely took control of a Jeep that was going 70 MPH down the highway—turning on the music and AC, displaying a picture of the hackers on the navigation screen and eventually killing the engine. Since then, Fiat Chrysler Automobiles recalled 1.4 million vehicles. Here at Fleet Equipment, we had one big question: Could you remotely hack a truck?
“Clearly that depends on what type of equipment is installed in the truck,” began Omnitracs Senior Director of Product Management, Jeff Champa, who explained that the issue is one of security and sub-system access. “The sub systems on a vehicle may take action based on inputs from another subsystem on the vehicle. For example, a collision avoidance system may have the need to engage the braking system. Once the braking system is designed to take electronic input from another subsystem on the vehicle that exposes an attack point. Now consider the complexities of a vehicle network and telematics devices that essentially connect the vehicle to the Internet and you start to see the potential safety and security threats to a vehicle.”
Data streams off today’s trucks as readily as the diesel that flows through the engine. That data is insulated by several layers of security, and all of the technology companies we spoke to—Omnitracs, PeopleNet and Zonar—were extremely tight-lipped about what goes into that security.
“We don’t discuss these methods as a matter of security,” said Mike McQuade, Zonar’s chief strategy officer. “The take away from this event is that security is a process, and systems that can alter the vehicle behavior must be engineered to prevent unauthorized access.”
Tom Dorazio, PeopleNet’s director of product management, was able to shed some light on what protects your trucks. There are at least two levels of security: an encryption on the data that is sent over the cellular network, and another encryption on the box that physically connects to the truck’s controller area network (CAN) bus. In PeopleNet’s case, Dorazio explained that there are more than four trillion different combinations protecting over-the-air data and a propriety line of defense on the on-board device.
“There are multiple layers of network, telematics and vehicle security in place,” Champa added. “It is also worth pointing out that most telematics systems allow for remote programming of the telematics system, so any security breaches can be remedied over the air quickly preventing further exploits of the same attack.”
While a truck’s cellular connectivity presents arguably the largest security risk to the truck, it also presents one of the greatest advantages for fleets: Over-the-air (OTA) updates. Dorazio explained that truck technology is quickly moving toward being able to allowing fleets to make targeted changes to the truck, remotely.
Imagine that you have telematics data that shows you could save a substantial amount of money by changing your trucks’ speed limiter to 60 MPH from 65 MPH. Today, you’d have to wait until the trucks come in to update that setting or pull a truck off the road—and both cost money. Tomorrow’s technology could allow you to remotely update that engine setting with a press of a computer button while that truck is running across the country.
In fact, Navistar just announced that it will offer OTA updates, available on model year 2017 International trucks powered by proprietary N9, N10 and N13 engines. OTA reprogramming of the truck’s engine control module (ECM) will enable the driver or fleet manager to utilize a mobile interface to initiate reprogramming. Currently, the technology still requires a local, secure Wi-Fi connection at the facility to make any engine changes, meaning that you’ll still have to have your trucks in-house to access the ECM. Updating trucks over a cellular network is the next logical step in this technology’s evolution, but a focus on security is paramount.
“Commercial truck customers are just as concerned as automotive customers about the security of their vehicles,” said Mike Cerilli, Navistar vice president and general manager of Connected Vehicle Business. “And we’re stepping through the phases of connection beginning with Wi-Fi, with migration over time to cellular—and along the way will be following a phased security approach—working with industry experts, being cautious where we need to be cautious.”
Navistar continues to partner with data and technology companies to ensure the system offers the highest level of security. As technology drives us ever forward toward increased connectivity, the responsibility of data security will fall to OEMs, technology providers and fleets alike.