The National Motor Freight Traffic Association, Inc. (NMFTA)™ cybersecurity team has been busy tackling challenges on both the enterprise and rolling asset side of trucking. Our recent projects address industry challenges in order to secure trucks, trailers, and the systems that keep freight moving—and now is the perfect time for you to get involved.
NMFTA has developed, in collaboration with Colorado State University, a heavy vehicle cybersecurity assessment and testing tool (HVCA&TT) which combines a variety of different open-source software tools and hardware together in one platform. The HVCA&TT device supports communication using J1939 over CAN Bus, as well as other protocols like PLC and J1587. The device will be useful to researchers and technicians alike.
Additionally, NMFTA has completed research into a vulnerability in trailer equipment. As a result of this research, a CVE was assigned (CVE-2024-12054), and a paper titled Blind Wireless Seed Key Unlock was published, which provides details such as how the bench set-up was done, how the attack was conducted, and concludes with some recommendations and mitigations. This vulnerability builds on previous research and takes advantage of PLC on trailers in order to blindly and wirelessly unlock seed key exchange on trailer brake controllers. Ben Gardiner, a member of NMFTA’s cybersecurity team, also presented this research last month at DEFCON on the main stage.
NMFTA is working on several other projects and initiatives as well. There is an ongoing project that is looking into white-labeling of telematics devices. There may be vulnerabilities that are applicable across the various code bases of telematics devices, but as these systems are often black boxes, and are commonly white-labeled (where the same devices are taken, repackaged, and resold), you as the consumer don’t have this visibility. This project aims to increase transparency into these important devices that are integrated into every truck in North America.
These are just a few of the projects shaping the future of cybersecurity in trucking. Want to hear the latest research, connect with experts, and even help guide what comes next?
Register now for NMFTA’s 2025 Cybersecurity Conference: www.nmftacyber.com.
