Jason McDaniel | Commercial Vehicle Staff
Ben Gardiner, NMFTA senior cybersecurity research engineer, demonstrates how hackers can attack a tanker’s ABS controller using RF-induced signals.

NMFTA demonstrates how hackers can disable trucks and trailers

Nov. 3, 2023
Engineer raises cybersecurity concerns for fleet equipment using just $300 to disable a trailer's brake controller. 'This is a dangerous form of hacker exploitation because there’s no way to patch this,' he warned.

HOUSTON, Texas—A criminal with just $300 can hack into a trailer’s anti-lock braking system using radio frequency-induced signals to reset the control module and disable the vehicle. Ben Gardiner, a senior cybersecurity research engineer with the National Motor Freight Traffic Association, showed off this worrisome potential during NMFTA’s Digital Solutions Conference on Cybersecurity here.

“The attack we’re demonstrating is really an abuse case,” Gardiner explained. “We’re sending reset commands, and the resets have audible feedback. You’re listening to the ECU doing its reset thing, so it’s hearing the commands and reacting.”

If too much air is released each time the electronic control unit resets, the brakes could become inoperable. Hackers could exploit the vulnerability by applying brake pressure in a traffic choke point or signal an ABS fault, causing a driver to pull over. “Certainly, disabling entire fleets of trucks could have large impacts on cities, critical infrastructure, and the safety of the nation,” Gardiner added.

How a hacker could stop a tractor-trailer

The attack uses an antenna and amplifier to wirelessly broadcast J2497 (PLC4TRUCKS) commands received by the trailer’s power line. Tankers are particularly receptive because of the length of their power lines, which also are more exposed than in dry vans, and the metal shell, which produces a “resonance effect,” Gardiner said. “I think what’s happening in this case is we’re inducing the signal on the shell of the tanker, which is ground-bonded to the receiver,” he said. “And the receiver is picking up the inverse of the signal, but it knows how to compensate for that, because it doesn’t care about the polarity.”

In NMFTA’s demonstration, Gardiner used an antenna, or wire, attached to traffic cones to attack a stationary semi-trailer with help from a 50-watt amp for a total cost of $300. But hackers also could use mobile equipment to assault moving vehicles from farther away—up to 20 ft. with a 200-watt amp that costs $10,000. Truck brake controllers are also vulnerable because ECU reset commands are standardized and published, Gardiner added. “It has to respond to it because the product is designed to do this,” he said.

“This is a dangerous form of hacker exploitation because there’s no way to patch this. These are un-patchable problems because they’re feature abuse.”

How fleets can protect equipment from hacks 

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) published an industrial control systems (ICS) advisory based on NMFTA’s research in March 2022, citing “missing authentication for critical function” and “improper protection against electromagnetic fault injection” as the critical vulnerabilities, and warning “successful exploitation of these vulnerabilities could allow a nearby attacker to execute diagnostic functions in the trailer or light the trailer ABS fault telltale in a tractor.”

To mitigate risk with newer equipment, the agency recommends “dropping all J2497 features except for backward compatibility with ‘lamp on’ detection only. For trailer equipment, this means migrating all diagnostics to whatever newer trailer buses are established as the norm. For tractor equipment, this means removing support for reception of any J2497 message besides ‘lamp’ messages and protecting the backward-compatible trailers from attack.”

Fortunately, NMFTA also developed nine protection techniques anyone can implement. Gardiner recommends “keyhole mitigation,” a jamming signal that prevents the reception of unwanted commands while allowing required functions to pass through precise “keyholes.” “We designed the keyhole to stop all J2497 commands except the lamp-on and lamp-off messages that are required in the (FMVSS 121) regulations,” Gardiner said.

The solution requires only a tiny jamming device OEMs could mount on their tractors, he said.

Newer equipment—like United Petroleum Transports’ 2022 Polar tanker featuring WABCO’s RSSplus trailer ABS with roll stability support used in the demonstration—offers improved protection, Gardiner added, but still is not immune to persistent abuses by skilled hackers or glitches in the software controlled by the ECU.

“It’s only not a risk if you trust that software in that controller is 100% perfect,” he concluded.

Read more coverage from FleetOwner affiliate Bulk Transporter editor Jason McDaniel.

About the Author

Jason McDaniel

Jason McDaniel, based in the Houston TX area, has nearly 20 years of experience as a journalist. He spent 15 writing and editing for daily newspapers, including the Houston Chronicle, and began covering the commercial vehicle industry in 2018. He was named editor of Bulk Transporter and Refrigerated Transporter magazines in July 2020.

Voice your opinion!

To join the conversation, and become an exclusive member of FleetOwner, create an account today!

Sponsored Recommendations

Guide To Boosting Technician Efficiency

Learn about the bottom line and team building benefits of increasing the efficiency of your technicians in your repair shop.

The Ultimate Trailer Tracking Technology Checklist for Enterprise Fleets

We understand the challenges you face in consolidating inventory, reducing theft, and tracking revenue. That’s why we’ve created the ultimate checklist to help you evaluate your...

Discover 4 Easy Ways to Level-Up Efficiency with Trailer Telematics

In today's competitive landscape, gaining an edge is vital. That's why top fleets are utilizing trailer telematics to boost efficiency and we've captured their secrets. Introducing...

The Future of Mirrors is Closer Than it Appears

Why Mirror Camera Systems are the next step for fleet safety and exoneration While many commercial trucking cameras are similarly marketed, they are not all created equally. The...