Wireless Hacking Demo Shows Tractor-Trailer Vulnerabilities

Event Took Place During NMFTA Conference on Cybersecurity
United Petroleum Transports tanker
This United Petroleum Transports tanker used in the wireless hacking demonstration at the National Motor Freight Traffic Association's Digital Solutions Conference on Oct. 24 in Houston. (Connor D. Wolf/Transport Topics)

[Stay on top of transportation news: Get TTNews in your inbox.]

HOUSTON — The National Motor Freight Traffic Association hosted a wireless hacking demonstration to show how someone could exploit tractor-trailer vulnerabilities.

NMFTA hosted the demonstration Oct. 24 as part of its Digital Solutions Conference on cybersecurity. A United Petroleum Transports tanker truck used for the event was parked several blocks from the main conference location and was hacked using a relatively cheap setup. The hacking attempt went after the trailer brakes, allowing for audio feedback that it was successful.

“In this demonstration we used a very simple antenna by attaching wire to traffic cones to attack a stationary tractor-trailer with help from a 50-watt power amplifier operating at an estimated 15W, for a total cost of $300,” said Ben Gardiner, senior cybersecurity research engineer contractor at NMFTA. “The demonstration used the [electronic control unit] reset commands because these have audible feedback, so the reception of the commands is clearly demonstrated.”



The trailer brakes started making a regular sharp puffing sound soon after the hack was started as it dumped its pneumatic air supply. The hack took advantage of the trailer line power network, which functions as a wireless interface even though it wasn’t designed to be one. This means a hacker could attack a truck wirelessly without using obvious approaches such as Wi-Fi or Bluetooth. Gardiner described the approach he was using as feature abuse and unpatchable.

The demonstration used the [electronic control unit] reset commands because these have audible feedback.

Ben Gardiner, senior cybersecurity research engineer contractor at NMFTA

Image
Ben Gardiner of NMFTA

“The estimated impact of this particular feature abuse in tanker trailers is low,” Gardiner said. “What is most important is that the demonstration shows that the attackers can send arbitrary data to all devices on the powerline network: trailer, tractor and telematics.”

Gardiner hopes the takeaway from the demonstration is for fleets to prioritize firewalls and other mechanisms to secure their truck systems. He noted that hackers also could use mobile equipment to assault moving vehicles from farther away. For example, they could use a 200-watt amp to attack moving vehicles from up to 20 feet at a cost of $10,000.

“This is only a nonissue if one believes the software there is 100% perfect,” Gardiner said. “The NMFTA wants to prevent feature abuse as demonstrated, but also the risk of other undocumented command or exploits, and has published mitigating technologies into the public domain.”

NMFTA noted that the trailer brake controllers were developed by sticking converter chips in front of them. The code for them is based on decades-old technologies that originally didn’t require authentication or authorization. But this technology has been present on tractor-trailers across the country since 2001. This is because it helps fleets satisfy the trailer (antilock brake system) fault regulations. It also is set to remain for the next tractor-trailer interface standard.

Want more news? Listen to today's daily briefing below or go here for more info: