Investigations
SAE J1939 Data Bus Vulnerability
NHTSA Defect Petition DP21005 — closed, opened 2021-12-23.
NHTSA investigation DP21005 is a Defect Petition opened on 2021-12-23 and currently closed. The subject is tracked inside the Office of Defects Investigation queue. Latest activity on this investigation was logged on 2022-02-07 — NHTSA updates that field whenever an Information Request goes out, a supplement is filed, or a status change is recorded in the public docket.
A Defect Petition like DP21005 starts when a person or group formally asks NHTSA to investigate a specific alleged defect. Petitioners submit evidence, NHTSA reviews it within 120 days, and either grants the petition (opening a PE) or denies it with a written explanation in the Federal Register.
Investigators summarized the matter as follows: "In a letter dated September 27, 2021, Mr. James Lamb, Executive Director of the Small Business in Transportation Coalition (SBTC), petitioned the National Highway Traffic Safety Administration (NHTSA), requesting the ini..." Investigations are the early-warning layer of the federal auto-safety system, sitting upstream of formal recalls and defect orders. Whether this one closes without action or escalates into an Engineering Analysis, the full history stays in the ODI archive so researchers, litigators, and buyers can pull the paper trail at any time.
Investigation Summary
In a letter dated September 27, 2021, Mr. James Lamb, Executive Director of the Small Business in Transportation Coalition (SBTC), petitioned the National Highway Traffic Safety Administration (NHTSA), requesting the initiation of a defect investigation into the potential hacking susceptibility of the Society of Automotive Engineers (SAE) J1939 Data Bus standard. SAE J1939 is the vehicle bus recommended practice used for communication and diagnostics among vehicle components. In support of the petition, the petitioner cited a study from University of Michigan (Michigan) researchers alleging a SAE J1939 Data Bus vulnerability in a Model Year (MY) 2001 school bus and a MY 2006 Class-8 semi-tractor. The study alleges that, due to the vulnerability, vehicle critical safety functions such as the accelerator control or braking systems are susceptible to unauthorized access and control and increases risk to motor vehicle safety. On December 23, 2021, the Office of Defects Investigation (ODI) opened DP21-005 to evaluate the petitioner's request. The petitioner did not specify the make and model of the vehicles with the alleged safety defect. The only categories of relevant vehicles specified were found in the study: MY 2001 school buses and MY 2006 Class-8 semi-tractors. ODI has not received any complaints of any type related to this alleged vulnerability (The single complaint identified above is the petition.). This evaluation included searches of complaints from vehicle owners, operators, and fleet supervisors. Further, based on the available information, ODI has not found any similar events/complaints/allegations suggesting a real-life vulnerability. The vehicle compromises reported in the Michigan study required physical access to the J1939 connector in order to affect vehicle critical safety functions such as the accelerator control or braking systems. Whether there is a potential for remote compromise is a factor that NHTSA has considered in evaluating the likelihood
About This Investigation Type
A Defect Petition (DP) is initiated when an individual or organization formally petitions NHTSA to investigate a potential safety defect. NHTSA reviews the petition and decides whether to open an investigation.
Data from NHTSA Office of Defects Investigation. Cross-references: NHTSA recall campaign API and NHTSA FARS where fatality records overlap. PlainCars does not rate or recommend vehicles. Learn more.
Read our methodology — how this data is sourced, computed, and verified.