Smart Bus Systems Vulnerable to Remote Hacking: Researchers Warn
Security researchers have uncovered serious vulnerabilities in smart bus systems that could allow hackers to remotely access and control vehicles. The issues stem from poorly secured network components, including an MQTT backdoor in M2M routers used by multiple manufacturers.
The M2M routers in question, produced by WM Systems and BEC Technologies, are designed for critical infrastructure but have been found to have significant security flaws. Lack of network segmentation allows hackers to bypass router authentication, granting them access to Advanced Passenger Transportation Systems (APTS) and Advanced Driver Assistance Systems (ADAS).
Exploitation of these flaws could enable attackers to remotely track, control, or spy on buses. They could steal and alter GPS, RPM, and speed data, triggering false alerts and disrupting operations. Notably, the same M2M router powers both passenger Wi-Fi and vital in-vehicle systems, posing substantial cyber risks. Hackers could remotely target vulnerable buses, access cameras, alter displays, steal data, and even breach company servers.
The vulnerabilities, which include an MQTT backdoor, have not been addressed by the router manufacturers, BEC Technologies and Taiwan's Maxwin, despite researchers' attempts to notify them. This leaves smart bus systems exposed to potential cyber threats, highlighting the urgent need for improved security measures in critical infrastructure.
