Home Truck News Wireless hacking threat lurks around trucks - Truck News

Wireless hacking threat lurks around trucks – Truck News

Criminals could take control of your tractor-trailer by exploiting just one vulnerability — whether they are looking to immobilize a vehicle to steal freight or block vital supply chain routes.

And one truck that was wirelessly hacked on Oct. 24 showed that such threats are not limited to the movies.

A hacker attacked a tanker trailer’s roll stability system by constantly sending commands and resetting the electric control unit (ECU), forcing air to vent out of the air brake system. If enough air was forced out of the system, the vehicle wouldn’t be able to move.

Fortunately, it was a good guy doing the hacking during a demonstration at the National Motor Freight Traffic Association’s (NMFTA) Digital Solutions Conference in Houston, Texas.

Man with bullhorn standing in front of a tanker
Ben Gardiner conducts a wireless truck hacking demonstration during NMFTA’s Digital Solutions Conference in Houston, Texas. (Photo: Leo Barros)

Ben Gardiner, NMFTA’s senior cybersecurity research engineer, used technology worth US$300 and leveraged ham radio knowledge for the hack. “The risk of software exploitation on these trailers and tractor brake controller units is something we just can’t push to the side,” he told TruckNews.com.

Picture of Ben Gardiner
Ben Gardiner (Photo: Leo Barros)

“If software is 100% perfect, then there is no risk to receive messages. The risk of malicious data of reaching a piece of software that wasn’t prepared for it is big in 2023. The purpose of this demonstration is to show you we can talk to these things,” the Arnprior, Ont.-based engineer said.

He added that in dry vans, especially equipment dating back to around 2001, trailers responded to almost any command. Their systems have no authentication, authorization or replay protection.

Such dry vans have larger and older valves, and the commands could also bleed the air faster than the compressor can generate it.

Road trains are particularly susceptible to such attacks because tractors have to work hard to maintain air supply through the braking system, he said.

How the hack was accomplished

Gardiner laid an antenna beside the tanker trailer, emitting signals identical to those on the power line communications network — a link over the vehicle’s power supply line. The tanker’s skin actually helped conduct the signal. And this could be done from 20 feet away, using a fixed location or driving a specially wired trailer past the target vehicle.

He then sent commands for an ECU reset and the system obeyed, blinking the anti-lock braking system (ABS) light on the trailer, clicking the solenoids as it reset.

While it didn’t bleed enough air to cause a problem, the blinking ABS light could lead a driver to pull over and inspect the trailer brakes.

Internet attacks can be traced through IP addresses, logs and servers, but Gardiner warned that radio attacks are almost impossible to track down. The radio attacks involve no login or location information, and since extremely low frequency radio waves are used, it would be hard to triangulate the threat’s source.

“Since messages can be sent, there is a possibility that you could put a worm, code control, or malware into a system,” he said. “Every piece of equipment that is on the blue auxiliary line on the trailer is receiving those messages.”

Mitigating the threat

The threat is real, but Gardiner also has ways to block these attacks. When NMFTA discovered this vulnerability and disclosed it to the Cybersecurity and Infrastructure Security Agency, it developed eight mitigation technologies to stop the threat.

Gardiner stopped his own attack by demonstrating keyhole mitigation — a signal that jammed powerline commands. “We cut little pieces out of the jamming signal that only the regulation-required messages will fill in,” he said.

An antenna strung besides a tanker trailer
An antenna is strung alongside a tanker trailer during the demonstration, but such signals could be sent from 20 feet away. (Photo: Leo Barros)

The ABS lamp lights up on the dash and trailer in case of a fault or attack. “We deny access to the powerline with [a] jamming signal, cut out holes so that the checks on them match,” he said. “If there is a lamp fault, that will show in the dash. But every other message gets denied.”

He added that all the information to mitigate this particular threat is in the public domain, so there are no licencing fees, and it should not be too expensive for OEMs to implement.

But Gardiner warned that carriers must be vigilant about threats. Newer trucks have more software that can be exploited. Even older equipment has been connected to the internet and may incorporate less security.

Credit: Source link


Please enter your comment!
Please enter your name here

Must Read

World of Volvo opens to celebrate brand’s past and future – Truck News

Volvo Group has partnered with Volvo Cars in opening World of Volvo,...

Erb Group comes full circle with International’s last Lonestar – Truck News

The Erb Group has completed a full circle with the International Lonestar....

Trucking Announcements: New Canpar, Loomis president; DataDis U.S. hire – Truck News

Each week, TruckNews.com lists notable moves, promotions and awards in the trucking industry. This week,...

Zero Fatalities: Volvo’s other road to zero – Truck News

Volvo Trucks is simultaneously charting two parallel paths to zero. While its...

In-cab technology the focus of latest Truckers Gear Guide From: RoadPro – Truckers News

In-cab technology the focus of latest Truckers Gear Guide From: RoadPro  Truckers News Credit: Source link