From October 22-25, NMFTA hosted its annual Digital Solutions Conference on Cybersecurity in Houston, TX. The presentations contained powerful information for any company in the trucking industry that’s concerned about cybersecurity for its enterprise and/or assets. Of course, that needs to be the entire industry. This is part of a series of blogs that summarize the information presented for those who could not be there.
TOPIC: Live Truck Hacking Demonstration
Presenter: Ben Gardiner, NMFTA
Attendees of NMFTA’s Digital Solutions Conference on Cybersecurity had the opportunity to see an eye-opening demonstration at the end of the event’s first day – of just what can happen to a truck when hackers take control of it.
The demonstration was a reminder that the trucking industry ultimately comes down to the assets on the road. When cyberattackers target a trucking company’s enterprise operations, they can bring about financial disaster and compromised data. That’s a threat to be taken very seriously.
But when they target an individual truck, they could bring about anything from missed deliveries to a large loss of revenue. Perhaps the most jarring reality about threats to over-the-road assets is how easily hackers can compromise a truck – and with surprisingly rudimentary tools.
The hacker in question was one of the good guys, our own senior cybersecurity research engineer Ben Gardiner.
“We demonstrated that we can send arbitrary data to this brake controller,” Gardiner said during the live truck hacking demonstration in a hotel parking lot near the conference venue. “If there is no problem with the software on that brake controller, there is no risk. However, the history of cybersecurity vulnerabilities over the past 30 years would tell us there almost certainly are software problems, and hence a risk that should be defended against with our public domain mitigations.”
With a tractor/trailer on loan from United Petroleum Transports, Gardiner put together a simple, low-budget antenna consisting of two wires while the rest of the conference attendees bused over from the main conference site to witness the hacking.
It was clearly not what a tractor/trailer is supposed to do. While the driver had his foot on the brake, the truck began “chuffing,” which is to say it made a series of odd noises to indicate the truck was dumping its pneumatic air supply – thus compromising the brakes.
At the same time, unusual responses from the brake lights provided further evidence that the hacker’s signal was being received and obeyed by the truck.
Why would the tractor/trailer do that? Because Gardiner told it to, using commands to the trailer brake controller transmitted via that rudimentary antenna.
This was possible because trailer brake controllers were developed in the 1990s by sticking converter chips in front of the existing code, which was written in the 1980s – well before anyone was concerned about preventing cyber hacks.
Gardiner didn’t have to enter the cab. He didn’t have to use Wi-Fi or Bluetooth. But he was able to make the truck chuff the brakes by dumping that air.
And yet its implications were jarring. As the conference attendees watched the demonstration, a discussion ensued about what would happen if the hack occurred while the truck was moving – particularly at high speeds and/or down a steep hill.
If the brakes were to fail in a situation like that, the results would be catastrophic. And while it’s easy to dismiss the possibility that any hacker would try such a thing, the entire conference group saw on Monday, October 23, how easy it would be to send the signals, although the hard part for the hacker would be discovering and developing an exploit to do it. The demonstration showed reception of messages but is not claiming existence of exploits on these controls.
This observation can’t be dismissed during times of international conflict, when the incentive of bad actors to cripple the U.S. economy could be heightened. Remember: After 9/11, the United States grounded all planes for a week. Imagine if a series of attacks like this on trucks prompted a similar response.
The trucking industry would suffer a serious blow, and the U.S. economy could plummet into an immediate freefall.
The bottom line is this, as Gardiner demonstrated in that parking lot in Houston: It is far too easy to hack a tractor/trailer, and it doesn’t even require the most sophisticated tools to do it.
That makes it critical for truck fleets to ask their OEMs to prioritize security measures on new trucks before they leave the factory. That applies to truck diagnostics and control systems.
“For truck diagnostics, the newer trucks are coming with gateway devices to segment and separate the RP1226 databus for accessory devices such as telematics from the vehicle network segments,” Gardiner said. “Fleets should use these by installing their telematics devices on the RP1226 port – and test what privileged operations are possible from the RP1226 port to ensure the gateway is doing its job.”
Gateways can also be installed in older trucks to put in a first line of defense, which would prevent hackers from disabling engines or brakes even if they do manage to get into the system. NMFTA has also collected security requirements for gateways that will define what functions they need to perform and how they need to perform it.
Gardiner suggested that new tractors should protect old trailers. NMFTA has offered help for that by publishing attack mitigations into the public domain so that tractor OEMs can ship these mitigations in new equipment as well as working with standards bodies to include these into the new standards. In fact, one of them—a keyhole mitigation—was demonstrated that same day.
Whenever fleets purchase new trucks, the first question they should ask is whether the vehicles they are considering have mitigating technologies to protect the truck and trailer diagnostic systems against attacks like this.
It shouldn’t be this easy. If the industry works together and makes cybersecurity a priority, we may soon see the day when it isn’t.
View photos from the demonstration, access our event photo album.