Smart Buses flaws expose vehicles to tracking, control, and spying

Researchers showed how hackers can exploit flaws in a bus’ onboard and remote systems for tracking, control and spying.

Researchers Chiao-Lin ‘Steven Meow’ Yu of Trend Micro Taiwan and Kai-Ching ‘Keniver’ Wang of CHT Security, found that vulnerabilities in smart bus systems could let hackers remotely track, control, or spy on vehicles, exposing risks from insecure onboard and remote components.

The duo presented their research during the DEF CON hacker conference last week, SecurityWeek reported.

Researchers probed smart bus security after spotting free passenger Wi-Fi. They found the same M2M router ran both Wi-Fi and vital in-vehicle systems for Advanced Public Transportation Services (APTS) and Advanced Driver Assistance Systems (ADAS). APTS includes GPS tracking, passenger/operator interfaces, route scheduling, and bus stop panels, all centrally managed, making shared network use a major cyber risk. ADAS uses sensors, cameras, radar, and LiDAR for collision warnings, lane alerts, speed and sign recognition, plus driver/passenger monitoring.

Researchers examined smart bus cybersecurity after spotting free passenger Wi-Fi. They found the same M2M router powered both the Wi-Fi and critical in-vehicle systems like APTS and ADAS. This posed risks, as ADAS aids driver safety with sensors, cameras, and monitoring, while APTS manages GPS, routes, schedules, and passenger information, all linked to a central system.

Researchers demonstrated how to bypass the router’s authentication and access APTS and ADAS due to the lack of any network segmentation. Researchers found hackers could remotely target vulnerable buses, track locations, access cameras with weak passwords, alter displays, steal data, and breach company servers. An attacker can steal and alter GPS, RPM, and speed data, triggering false alerts and impacting operations.

A detailed analysis of the environment revealed multiple vulnerabilities including an MQTT backdoor that allows remote attackers to access the bus systems. 

Researchers contacted router maker BEC Technologies and Taiwan’s Maxwin, but received no response, and the flaws remain unpatched.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Buses)