{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,21]],"date-time":"2026-01-21T02:23:05Z","timestamp":1768962185881,"version":"3.49.0"},"reference-count":35,"publisher":"Association for Computing Machinery (ACM)","issue":"1","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Cyber-Phys. Syst."],"published-print":{"date-parts":[[2026,1,31]]},"abstract":"<jats:p>Commercial vehicles are a vital component of modern logistics and transportation, forming part of the critical infrastructure and representing safety-critical cyber-physical systems. Contemporary automotive operations are dominated by embedded computing systems that engage through standardized protocols, which constitute the infrastructure of vehicular communication networks. Within the commercial vehicle sector, these systems utilize high-level protocols that operate over the Controller Area Network (CAN) protocol for internal exchanges in medium and heavy-duty vehicles. The Unified Diagnostic Services (UDS) protocol, as described in International Standards Organization (ISO) 14229 (UDS) and ISO 15765 (Diagnostic Communication over CAN), plays a pivotal role by providing vital diagnostic capabilities. This research introduces four specific scenarios that expose deficiencies in the diagnostic protocol standards and how these can be manipulated to initiate attacks on in-vehicle computers within commercial vehicles, circumventing existing security frameworks. In the first three scenarios, we demonstrate three flaws within the ISO 14229 protocol standards. Following this, the fourth and final scenario elucidates a flaw unique to the ISO 15765 protocol standards.<\/jats:p>\n                  <jats:p>For the purpose of demonstration, test setups incorporating actual Electronic Control Units (ECUs) linked to a CAN bus were employed. Further experiments were performed using a fully equipped cab assembly from a 2018 Freightliner Cascadia truck, set up as a testing environment. The experimental outcomes demonstrate how attacks targeting these specific protocols can undermine the integrity of individual ECUs, leading to denial of service. Additionally, within the Freightliner Cascadia configuration, a network architecture typical of contemporary vehicles was observed, featuring a gateway unit that isolates internal ECUs from diagnostic interfaces. Although this gateway is engineered to prevent conventional message injection and spoofing attacks, it permits all diagnostic communications. This selective permeability inadvertently introduces a susceptibility to diagnostic protocol flaws, highlighting an essential area for security improvements within commercial vehicle networks. These insights are vital for engineers and developers tasked with integrating the diagnostic protocols into their network subsystems, underscoring the urgency for improved security provisions.<\/jats:p>","DOI":"10.1145\/3760787","type":"journal-article","created":{"date-parts":[[2025,8,14]],"date-time":"2025-08-14T18:40:01Z","timestamp":1755196801000},"page":"1-25","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Denial of Service Vulnerabilities in Commercial Vehicles: Exploiting Diagnostic Protocol Flaws"],"prefix":"10.1145","volume":"10","author":[{"ORCID":"https:\/\/orcid.org\/0009-0006-5907-8648","authenticated-orcid":false,"given":"Carson","family":"Green","sequence":"first","affiliation":[{"name":"Systems Engineering, Colorado State University, Fort Collins, Colorado, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-0278-6738","authenticated-orcid":false,"given":"Rik","family":"Chatterjee","sequence":"additional","affiliation":[{"name":"Systems Engineering, Colorado State University, Fort Collins, Colorado, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-7781-7923","authenticated-orcid":false,"given":"Jeremy","family":"Daily","sequence":"additional","affiliation":[{"name":"Systems Engineering, Colorado State University, Fort Collins, Colorado, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2026,1,20]]},"reference":[{"key":"e_1_3_1_2_2","unstructured":"ISO. 2021. Road Vehicles\u2014Unified Diagnostic Services (UDS)\u2014Part 2: Session Layer Services. Retrieved from https:\/\/www.iso.org\/standard\/77322.html"},{"key":"e_1_3_1_3_2","volume-title":"Proceedings of the 3rd Symposium on Vehicle Security and Privacy (VehicleSec)","author":"Biggs Tyler","year":"2025","unstructured":"Tyler Biggs, Rik Chatterjee, and Jeremy Daily. 2025. Demo: Forging clean truck check test reports with a DLL hijacking attack. In Proceedings of the 3rd Symposium on Vehicle Security and Privacy (VehicleSec). USENIX Association. Presented at VehicleSec 2025, co-located with USENIX Security Symposium. Retrieved from https:\/\/www.usenix.org\/system\/files\/vehiclesec25_demo21-biggs.pdf"},{"key":"e_1_3_1_4_2","first-page":"211","volume-title":"Proceedings of the 10th USENIX Conference on Offensive Technologies","author":"Burakova Yelizaveta","year":"2016","unstructured":"Yelizaveta Burakova, Bill Hass, Leif Millar, and Andre Weimerskirch. 2016. Truck hacking: An experimental analysis of the SAE J1939 standard. In Proceedings of the 10th USENIX Conference on Offensive Technologies. USENIX Association, 211\u2013220."},{"key":"e_1_3_1_5_2","doi-asserted-by":"publisher","DOI":"10.4271\/02-14-03-0026"},{"key":"e_1_3_1_6_2","volume-title":"Security Shortcomings of Embedded Network Protocols in Commercial Vehicles","author":"Chatterjee Rik","year":"2024","unstructured":"Rik Chatterjee. 2024. Security Shortcomings of Embedded Network Protocols in Commercial Vehicles. Master\u2019s thesis. Colorado State University, Fort Collins, CO. Mountain Scholar Digital Repository. Retrieved from https:\/\/www. proquest.com\/openview\/03ddd23b3a8e0878d27ba9a2093b623a\/1?pq-origsite=gscholar&cbl=18750&diss=y"},{"key":"e_1_3_1_7_2","doi-asserted-by":"publisher","DOI":"10.14722\/vehiclesec.2024.23046"},{"key":"e_1_3_1_8_2","volume-title":"Scholar Articles","author":"Chatterjee Rik","year":"2024","unstructured":"Rik Chatterjee, Ben Karel, Ricardo Baratto, Michael Gordon, and Jeremy Daily. 2024. Assured micropatching of race conditions in legacy real-time embedded systems. Scholar Articles (2024)."},{"key":"e_1_3_1_9_2","doi-asserted-by":"publisher","DOI":"10.14722\/vehiclesec.2023.23053"},{"key":"e_1_3_1_10_2","volume-title":"Scholar Articles","author":"Chatterjee Rik","year":"2022","unstructured":"Rik Chatterjee, Subhojeet Mukherjee, and Jeremy Daily. 2022. Transport layer vulnerabilities in the SAE J1939 protocol-request overload. Scholar Articles (2022). Retrieved from https:\/\/www.engr.colostate.edu\/~jdaily\/presentations\/2022%20Req_Overload_Poster_V5.pdf"},{"key":"e_1_3_1_11_2","first-page":"447","volume-title":"Proceedings of the USENIX Security Symposium","author":"Checkoway Stephen","year":"2011","unstructured":"Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage, Karl Koscher, Alexei Czeskis, Franziska Roesner, and Tadayoshi Kohno. 2011. Comprehensive experimental analyses of automotive attack surfaces. In Proceedings of the USENIX Security Symposium, Vol. 4. USENIX Association, 447\u2013462."},{"key":"e_1_3_1_12_2","doi-asserted-by":"publisher","DOI":"10.5555\/3241094.3241165"},{"key":"e_1_3_1_13_2","unstructured":"Chandrima Ghatak. 2024. Toward Robust Embedded Networks in Heavy Vehicles-Machine Learning Strategies for Fault Tolerance. Master\u2019s thesis. Colorado State University Fort Collins CO. Mountain Scholar Digital Repository. Retrieved from https:\/\/www.proquest.com\/openview\/04cf4b3e04d83c217acb9afdda42a833\/1?pq-origsite=gscholar&cbl=18750&diss=y"},{"key":"e_1_3_1_14_2","doi-asserted-by":"publisher","DOI":"10.1109\/ISSE63315.2024.10741089"},{"key":"e_1_3_1_15_2","volume-title":"Proceedings of the 9th Annual Industrial Control System Security (ICSS) Workshop. Annual Computer Security Applications Conference (ACSAC)","author":"Ghatak Chandrima","year":"2023","unstructured":"Chandrima Ghatak, Saira Jabeen, Hossein Shirazi, and Indrakshi Ray. 2023. Improving the resiliency of embedded networks in heavy vehicles-towards fault tolerance. In Proceedings of the 9th Annual Industrial Control System Security (ICSS) Workshop. Annual Computer Security Applications Conference (ACSAC). ACSAC."},{"key":"e_1_3_1_16_2","volume-title":"Proceedings of the 3rd Symposium on Vehicle Security and Privacy (VehicleSec)","author":"Green Carson","year":"2025","unstructured":"Carson Green, Rik Chatterjee, and Jeremy Daily. 2025. Persistent firmware-level compromise in a Maritime autopilot system. In Proceedings of the 3rd Symposium on Vehicle Security and Privacy (VehicleSec). USENIX Association. Presented at VehicleSec 2025, co-located with USENIX Security Symposium. Retrieved from https:\/\/www.usenix.org\/system\/files\/vehiclesec25_demo20-green.pdf"},{"key":"e_1_3_1_17_2","unstructured":"International Organization for Standardization. 1994. Information Technology\u2014Open Systems Interconnection\u2014Basic Reference Model: The Basic Model. Standard ISO\/IEC 7498-1:1994. Retrieved from https:\/\/www.iso.org\/cms\/render\/live\/en\/sites\/isoorg\/contents\/data\/standard\/02\/02\/20269.html"},{"key":"e_1_3_1_18_2","unstructured":"International Organization for Standardization. 2016. Road Vehicles\u2014Diagnostics Communication over Controller Area Networks (DoCAN)\u2014Part 2: Transport and Network Layer Services. Standard ISO 15765-2. Retrieved from https:\/\/www.iso.org\/standard\/66574.html"},{"key":"e_1_3_1_19_2","unstructured":"International Organization for Standardization. 2020. Road Vehicles\u2014Unified Diagnostic Services (UDS)\u2014Part 1: Application Layer. Standard ISO 14229-1. Retrieved from https:\/\/www.iso.org\/standard\/72439.html"},{"key":"e_1_3_1_20_2","doi-asserted-by":"publisher","DOI":"10.14722\/vehiclesec.2024.23047"},{"key":"e_1_3_1_21_2","doi-asserted-by":"publisher","DOI":"10.14722\/vehiclesec.2024.25019"},{"key":"e_1_3_1_22_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.34"},{"key":"e_1_3_1_23_2","doi-asserted-by":"publisher","DOI":"10.5555\/AAI28770662"},{"key":"e_1_3_1_24_2","doi-asserted-by":"publisher","DOI":"10.4271\/2023-01-0040"},{"key":"e_1_3_1_25_2","volume-title":"Presented at the 2017 Heavy Vehicle Cyber Security Workshop Sponsored by the National Motor Freight Traffic Association, Inc","author":"Maag John","year":"2017","unstructured":"John Maag, Christopher Reding, and Kelly Howell. 2017. Seed-key security exchange. Presented at the 2017 Heavy Vehicle Cyber Security Workshop Sponsored by the National Motor Freight Traffic Association, Inc."},{"key":"e_1_3_1_26_2","first-page":"94","volume-title":"Proceedings of the Black Hat USA","author":"Miller Charlie","year":"2014","unstructured":"Charlie Miller and Chris Valasek. 2014. A survey of remote automotive attack surfaces. In Proceedings of the Black Hat USA. Blackhat Press, 94."},{"key":"e_1_3_1_27_2","volume-title":"Proceedings of the Blackhat USA","author":"Miller Charlie","year":"2015","unstructured":"Charlie Miller and Chris Valasek. 2015. Remote exploitation of an unaltered passenger vehicle. In Proceedings of the Blackhat USA. Blackhat Press."},{"key":"e_1_3_1_28_2","doi-asserted-by":"publisher","DOI":"10.1109\/OJITS.2025.3545474"},{"key":"e_1_3_1_29_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-49806-5_2"},{"key":"e_1_3_1_30_2","doi-asserted-by":"publisher","DOI":"10.1109\/TVT.2018.2795384"},{"key":"e_1_3_1_31_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-93354-7_5"},{"key":"e_1_3_1_32_2","doi-asserted-by":"publisher","DOI":"10.1145\/3338499.3357360"},{"key":"e_1_3_1_33_2","unstructured":"Robert Bosch GmbH. 1991. CAN Specification. Standard 2.0. Robert Bosch GmbH."},{"key":"e_1_3_1_34_2","unstructured":"Society of Automotive Engineers. 2021. SAE J1939 Standards Collection. Retrieved September 11 2021 from https:\/\/www.sae.org\/standardsdev\/groundvehicle\/j1939a.htm"},{"key":"e_1_3_1_35_2","unstructured":"SystemsCyber. 2023. Network Segmentation Analysis. Retrieved September 14 2024 from https:\/\/github.com\/SystemsCyber\/NetworkSegmentationAnalysis"},{"key":"e_1_3_1_36_2","first-page":"1","volume-title":"Proceedings of the Workshop on Embedded Security in Cars","author":"Wolf Marko","year":"2004","unstructured":"Marko Wolf, Andr\u00e9 Weimerskirch, and Christof Paar. 2004. Security in automotive bus systems. In Proceedings of the Workshop on Embedded Security in Cars. Springer-Verlag, 1\u201313."}],"container-title":["ACM Transactions on Cyber-Physical Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3760787","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,20]],"date-time":"2026-01-20T13:47:06Z","timestamp":1768916826000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3760787"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,1,20]]},"references-count":35,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2026,1,31]]}},"alternative-id":["10.1145\/3760787"],"URL":"https:\/\/doi.org\/10.1145\/3760787","relation":{},"ISSN":["2378-962X","2378-9638"],"issn-type":[{"value":"2378-962X","type":"print"},{"value":"2378-9638","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,1,20]]},"assertion":[{"value":"2024-09-15","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-08-04","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2026-01-20","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}