Attendees at the National Motor Freight Traffic Association’s (NMFTA) upcoming Digital Solutions Conference on Cybersecurity should be prepared to hear an array of strange and disturbing noises. The noise that will be apparent during a live truck hacking demonstration is referred to as a chuff, to be specific.
And when you hear it, it will mean the battle against truck hackers has been joined.
The eye-opening demonstration will take place during a three-day, complimentary conference in Houston, TX, set for October 22-25. The live truck hack will be conducted by Ben Gardiner, NMFTA’s senior cybersecurity research engineer. The purpose of the hack is to demonstrate an example of exactly how hackers can exploit vulnerabilities to sabotage a vehicle.
“The trailer brakes are going to start chuffing, which is dumping pneumatic air supply,” Gardiner said. “It definitely is unmistakable when it happens.”
That, of course, is the point. The demonstration is exactly what can happen to any fleet’s asset if effective cybersecurity steps are not taken.
What might surprise some attendees is that the truck will not be hacked using modern wireless technologies like Wi-Fi or Bluetooth. Rather, the hack will take advantage of the trailer line power network, which Gardiner said functions as a wireless interface even though it wasn’t designed to be one.
And that is the primary reason it’s not secure. The trailer brake controllers were developed by sticking converter chips in front of them. The code comes from the 1980s—a time when the technologies didn’t require any authentication or authorization. Why? Because, if you had asked a person in the 1980s what they were doing to stop cyber hackers, the person would have replied, “Stop who?”
Yet this same technology has been present on every tractor and trailer in North America since 2001 because it is the only industry standard way to satisfy the trailer ABS fault regulations – plus it will still be prominent on trucks made for the next tractor-trailer interface standard because fleets understandably want to get as many years as they can out of their assets. And while there are many commands a hacker could give a trailer once the hacker has gained control of the diagnostic system, the demonstration will involve chuffing for a simple reason.
It’s loud and you can’t miss it.
“The chuff commands are just one of the many diagnostic commands that are possible, which includes things like changing axle configurations or changing axle lift settings,” Gardiner said. “Anything you can do from your diagnostics tool over the power line, we can do wirelessly. And the chuff commands are proof we can do it.”
When attendees see how the hack is done, they may find it jarring how simple the technology is. Gardiner said he will position an antenna some distance away from the driver’s side of the truck, then use a radio frequency to send the command to the trailer line power network. That will start the brakes chuffing.
“In some limited situations you could probably immobilize a truck,” Gardiner said. “This is more of a canary of other issues since all the diagnostics on the trailer brake controllers are accessible wirelessly. It was never designed to have malicious people poking at it.”
Gardiner hopes the takeaway from the trailer hack demonstration is for fleets to prioritize firewalls and other mechanisms to secure their truck systems. While it may be impractical to upgrade all existing trucks and trailers, Gardiner urged fleets to make sure any new vehicles they purchase have mitigating technologies.
“You should be asking, ‘Does it have mitigations against these attacks?’” Gardiner said.
To attend the live truck hacking demonstration for yourself, make plans to attend the conference. Get all the details and register here.