Security researcher Jose Carlos Norte says trucks, buses, and vans using Telematics Gateway Unit are exposed on security-search engine Shodan allowing hackers to alter routes and probe speed and location.

The Barcelona-based eyeOS chief technology officer says thousands of vehicles are exposed over Shodan and can be accessed without any authentication.

Attackers can download a manual to learn how to navigate the devices and access various functions.

The devices are used to manage fleets, and send drivers new shipping routes from base. Geo-fencing can also be established to prevent trucks from wandering off course or being stolen.

"It is possible to monitor and control trucks, public bus or delivery vans from the internet, obtaining their speed, position, and a lot other parameters," Norte says.

"You can even control some parameters of the vehicle or hack into the CAN bus of the vehicle remotely.

"Telematic Gateway Units exposed to the internet with public addresses and no authentication can be used to remotely track industrial vehicles, geofence them, [and] change the mission route."

The advanced menu interface.

Affected vehicles use the Telematics Gateway Unit and a modem using various mobile data protocols such as 3G and 4G to connect to the internet.

Attackers can access the device administrative interfaces using a web panel or telnet session.

Norte offers various commands that can yield interesting data.

He does not claim vehicles can be hijacked or otherwise have speed and braking systems remotely-accessed, however, the interface with the CAN bus opens the possibility.

Acceleration and braking can be accessed in some vehicles using the CAN bus but it is complicated and specialist work that often requires physical access.

Norte cites a manual (PDF) showing the devices can be connected to a vehicle's CAN bus, ignition, battery, and immobilsers among other critical features.

"... the theoretical things that could cause are very scary," he says.

He urges hackers to avoid probing active vehicles. ®