Criminals could take control of your tractor-trailer by exploiting just one vulnerability — whether they are looking to immobilize a vehicle to steal freight or block vital supply chain routes.

And one truck that was wirelessly hacked on Oct. 24 showed that such threats are not limited to the movies.

A hacker attacked a tanker trailer’s roll stability system by constantly sending commands and resetting the electric control unit (ECU), forcing air to vent out of the air brake system. If enough air was forced out of the system, the vehicle wouldn’t be able to move.

Fortunately, it was a good guy doing the hacking during a demonstration at the National Motor Freight Traffic Association’s (NMFTA) Digital Solutions Conference in Houston, Texas.

Ben Gardiner, NMFTA’s senior cybersecurity research engineer, used technology worth US$300 and leveraged ham radio knowledge for the hack. “The risk of software exploitation on these trailers and tractor brake controller units is something we just can’t push to the side,” he told TruckNews.com.

“If software is 100% perfect, then there is no risk to receive messages. The risk of malicious data of reaching a piece of software that wasn’t prepared for it is big in 2023. The purpose of this demonstration is to show you we can talk to these things,” the Arnprior, Ont.-based engineer said.

He added that in dry vans, especially equipment dating back to around 2001, trailers responded to almost any command. Their systems have no authentication, authorization or replay protection.

Such dry vans have larger and older valves, and the commands could also bleed the air faster than the compressor can generate it.

Road trains are particularly susceptible to such attacks because tractors have to work hard to maintain air supply through the braking system, he said.

How the hack was accomplished

Gardiner laid an antenna beside the tanker trailer, emitting signals identical to those on the power line communications network — a…