Tractor-Trailer Brake Controllers Vulnerable to Remote Hacker Attacks
Researchers have analyzed the cyber security of heavy vehicles and discovered that the brake controllers found on many tractor-trailers in North America are susceptible to remote hacker attacks.
The research was conducted by the National Motor Freight Traffic Association (NMFTA), which is a non-profit organization that represents roughly 500 motor freight carriers, in collaboration with Assured Information Security, Inc.
NMFTA has been analyzing the cyber security of heavy vehicles since 2015 and it has periodically disclosed its findings. The latest report from the organization came in early March, when the US Cybersecurity and Infrastructure Security Agency (CISA) also issued an advisory to describe two vulnerabilities affecting trailer brake controllers.
The flaws described in the CISA advisory are related to the power line communications (PLC) between tractors and trailers, specifically the PLC4TRUCKS technology, which uses a standard named J2497 for bidirectional communications between the tractor and trailer without adding new wires.
PLC4TRUCKS was created in response to a requirement for a warning light in the tractor cab in case the trailer’s ABS system fails. However, the NMFTA discovered that the trailer brake controllers have a great deal of additional J2497 functionality beyond what is required for the ABS warning, and this functionality introduces security risks.
CISA’s advisory describes two vulnerabilities discovered by NMFTA and Assured Information Security researchers: a medium-severity issue tracked as CVE-2022-25922 and related to the lack of authentication and authorization for brake controller diagnostic functions; and a critical-severity flaw tracked as CVE-2022-26131 that is related to the susceptibility of trailer PLC receivers to remote RF attacks.
Ben Gardiner, senior cybersecurity research engineer at the NMFTA, told SecurityWeek that while the most common trailer brake controllers on the road today do not have the capability to activate trailer brakes, which could have serious safety implications, the repeated reception of a command by the controller could lead to the pneumatic reservoirs on the tractor and trailer getting depleted, which can impact the vehicle’s mobility.
Several studies conducted in the past decades showed that a widespread disruption of trucking services could have a significant impact on a nation, and it may be possible to cause such disruptions using cyberattacks.
The NMFTA shared some examples of potential impact from cyberattacks in a study released in 2015. The examples shared in that report include the use of malicious cell transponders placed at key locations in an effort to disable trucks, malicious insiders disabling their company’s trucks using their monitoring and control system, and threat actors strategically targeting one vehicle transporting hazardous cargo.
According to the new research paper from the NMFTA, remote RF attacks can be launched against brake controllers using equipment that costs from $300 to $10,000, from distances of up to 12ft. The organization said that tankers (used to transport fuel and other liquids) and triple road trains (used to transport a wide range of goods) appear to be more susceptible to attacks compared to other types of vehicles.
The researchers warned that the PLC functionality currently available to attackers poses a serious risk to fleets and the trucking industry in general.
They have described several theoretical attack scenarios, including one in which well-funded attackers place transmitters at road choke points (e.g. ports, tunnels, bridges) to target a significant number of trucks. It’s also possible for an attacker to use a mobile transmitter in a long trailer towed by a passenger vehicle.
In the case of more susceptible equipment, such as tankers, it may be possible to launch an attack with a limited budget over shorter distances — for example, a lane separation or ditch-to-road.
While an attacker could try to cause damage in an effort to immobilize a vehicle, a malicious actor could also cause the ABS fault lamp in the cab to light up, which will likely get the driver to pull over at a safe location.
The NMFTA has released a document describing mitigation options that can be implemented by vendors. The organization believes that — in the long term — J2497 tractor-trailer interfaces should only allow the required ABS warning messages. Diagnostics, resets, or other commands that could be abused for malicious purposes should not be allowed. Additional functionality should be moved to new data buses, ones that are designed with security in mind.
“NMFTA researched trailer brake controllers and communications because, when we began, there appeared to be a gap in knowledge of security of the trailer brake controllers and the industry was at a point where the existing communications standard (J2497 aka PLC4TRUCKS) would no longer be sufficient for fleets; new interface standards were being drafted by task forces in the ATA TMC [American Trucking Associations Technology & Maintenance Council],” Gardiner said.
He added, “NMFTA wanted to ensure that the next tractor trailer interface would be a secure platform for the myriad of functions that fleets would like to deploy on it over the next decades. NMFTA is working with ATA TMC task forces to propose amendments to the recommended practices, both as updates and as new ones have been developed.”
Related: Remote ‘Brokenwire’ Hack Prevents Charging of Electric Vehicles
Related: New Flaws Expose EVlink Electric Vehicle Charging Stations to Remote Hacking
Related: Researchers Hack Remote Keyless System of Honda Vehicles