Full disclosure: This blog post is pure speculation about what could happen in a freight-trucking mashup in which a hacker takes over a self-driving vehicle. There is no evidence (yet) that a disaster like the one described here is currently in the making.
But there are three aspects of this mashup that could make one wonder if this fictional freight-trucking scenario isn’t already inevitable.
- Today, self-driven freight trucking deliveries are being made in parts of the country
- Hackers have caused mayhem in many industries, including transportation
- There has already been a Hollywood blockbuster on a related subject
We’ll take a look at each of these three aspects individually, beginning with that Hollywood blockbuster.
In the 1994 movie Speed, Keanu Reeves and Sandra Bullock saved a Los Angeles public bus full of passengers from the threat of a madman who had placed a bomb on the bus. The bomb was set to arm once the bus exceeded 50 mph and to detonate once it fell back below 50. The bomber wanted a ransom of $3.7 million and threatened to detonate the bomb if any attempt was made to off-load the passengers.
It was all pretty high tech for 1994—before most people even had an internet connection—including a hidden video camera the bomber hid on the bus so he could watch the passengers and make sure they were still on the bus.
The action was gripping, critics loved it, the starring characters fell in love, and the movie grossed $350.4 million on a $30 million budget.
The plot of Speed was pretty far out there at the time, but with hackers breaking into all kinds of computer systems today, it’s easier to envision a story like the one played out in Speed becoming a reality.
So, would today’s hackers place a bomb on a freight truck? Probably not. They wouldn’t have to.
Cyberterrorism Targeting Transportation Systems
Ever since a 14-year-old hacker in Poland got into a tram system and derailed several trains—injuring at least a dozen people—transportation systems have been on the lookout for cyberterrorists. But their vigilance has not always paid off.
- A February ransomware attack forced the Colorado Department of Transportation to shut down 2,000 computers. Eight days later, the ransomware malware morphed into a slightly different version of itself and attacked again. Fortunately, these attacks did not affect traffic signals, electronic message boards or cameras.
- A 2016 ransomware attack disrupted San Francisco’s computer system and e-mail. Hackers demanded $73,000 in Bitcoin to unlock the agency’s computers. The agency refused to pay and shut down ticket machines and fare gates as a precautionary measure, allowing passengers to ride free.
- Last November a ransomware attack hit Sacramento Regional Transit System, erasing parts of computer programs. The hackers fooled SacRT into launching the ransomware attack themselves, by hacking their homepage and leaving instructions on how to fix it. The “fix” was a trap that started the ransomware.
Ransomware is typically triggered when someone in an organization clicks a malware link in a phishing email (an email that looks legit but contains links to malware). Behaving this way, the infamous WannaCry ransomware attack infected 400,000 computers in 1,474 cities in just four days.
And ransomware is just one type of cyberattack. More sophisticated hacks dig their way into host servers where they set up connections to seemingly-innocent web addresses to which they send data from the host server. This is a common technique used in identity theft.
Fortunately, so far, the cyber attacks on transportation systems in the United States have not attempted to cause physical harm. But that doesn’t mean they couldn’t.
“A cyber attack or threat could affect everything from municipal transportation to high-speed transit rail that operates between cities,” said Srini Subramanian, a state cybersecurity principal at the consulting firm Deloitte & Touche. “It could create crashes or chaos on the highways or even on city streets.”
Which leads us to one of the hottest topics in freight trucking today: self-driving, or autonomous, vehicles.
Uber Freight is currently using autonomous vehicles for freight trucking deliveries in Arizona. The freight is picked up by a human-driven freight truck and taken to an area hub. There, the trailer is connected to a self-driving vehicle which makes the long haul with a qualified driver serving as a backup in case the autonomous system fails. At the hub on the delivery end, the trailer is put back onto a human-driven truck and sent out for delivery.
So far, there have been no cybersecurity problems. But the industry is well aware of the threat of vehicle hackers.
In 2015, security researchers Charlie Miller and Chris Valasek demonstrated that by using a Jeep Cherokee’s internet connection, they could make the vehicle accelerate, slow down and turn. They even turned the wheel by convincing the car that it was parking while it was going 80 mph.
As stated in a 2017 interview with Wired, “Autonomous vehicles are at the apex of all the terrible things that can go wrong,” says Miller, who spent years on the NSA’s Tailored Access Operations team of elite hackers before stints at Twitter and Uber. “Cars are already insecure, and you’re adding a bunch of sensors and computers that are controlling them…If a bad guy gets control of that, it’s going to be even worse.”
And as every cybersecurity professional knows, for every fix they develop to stop hackers, cybercriminals come up with two more ways to beat the system.
But security researcher and car hacker Craig Smith takes another view. “One interesting thing about fully self-driving cars is they’re unintentionally more secure, which is really not what you would expect at all.”
Of course, he’s not saying that a self-driving vehicle can’t be hacked, just that it’s not as easy as you might think.
Even Uber spokesperson Sarah Abboud is cautious in her assessment of how a type of hack known as adversarial machine learning could affect the future of autonomous vehicles. “Our team of security experts are constantly exploring new defenses for the future of autonomous vehicles, including data integrity and abuse detection. However, as autonomous technology evolves, so does the threat model, which means some of today’s security issues will likely differ from those addressed in a truly autonomous environment.”
Mashing up all these elements leads us to our disaster scenario.
As the development and testing of fully-autonomous freight trucks continues, it may be just a matter of time before a remote freight trucking operator sees this message on her monitor.
“Your 53-foot fully-loaded freight truck on its way to Phoenix will begin accelerating and will continue to accelerate without regard to life or property unless you deposit 20 Bitcoin in this account within the next 15 minutes.” In this scenario, the truck doesn’t need a bomb; it is the bomb.
Hopefully, if that scenario ever does happen, it will be on a movie screen.
Have freight to ship? Compare rate quotes from multiple carriers using our free, instant rate comparison tool.