The J2497 is the Power Line Carrier Communications for Commercial Vehicles and successful exploitation of these vulnerabilities could allow a nearby attacker to activate or disable a trailers brakes. There are so many sensors and computing power on a truck, you’d think the tractor would be the focus of a cyberattack, but the trailer is more likely to be the initial actual target.
Contents of this video
00:00 10-44 intro
00:22 J2497, Trailers brakes exploitation vulnerabilities
01:53 What is the J2497?
02:20 Difficulty of hacking a trailer
03:09 Cyberattacks and financial motives
03:38 Actionable mitigation options for J2497 attacks
04:11 Avoiding aftermarket solutions
05:04 Vulnerabilities on trailers
Speaker 1:
J2497 sounds like an airplane tail number, but it's actually an opening for cyber criminals to get into your truck and trailer systems. You're watching CCJs 10 44, a weekly episode that brings you the latest trucking industry news and updates from the editors of cj. Don't forget to subscribe and hit the bell for notification so you'll never miss an installment of 10 44. Hey everybody, welcome back. I'm Jason Cannon and my co-host is Matt Cole. The J 24 97 is the power line carrier communications for commercial vehicles, and the successful exploitation of these vulnerabilities in the J 24 97 can allow nearby cyber attackers to activate or disable trailer brakes.
Speaker 2:
There are so many sensors and computing power on a truck. You'd think the tractor would be the focus of a cyber attack, but the trailer is more likely to be the initial actual target.
Speaker 3:
The thing about the trailer specifically is J 24 97 is its wireless communication. So on the tractor primarily canvas is used and there's certainly wireless vectors available, but they're not typically legacy like PLC for tru. So those are harder attack. Just the level of complexity tends to be higher. And of course, if you have access to a tractor, if it stopped and you have physical access to a tractor, there aren't very many protection measures currently. You have physical access, then you can do anything. But the thing about trailers is it is wirelessly, and that's the whole thing is if you're driving down the highway and someone wants to hack into your trailer, then they would go probably through the trailer and not the tractor.
Speaker 1:
The wireless nature of the J 24 97 is what exposes the trailer to attack specifically the A BS and the trailer brakes.
Speaker 3:
So basically it's the communication bus for trailers specifically. It's how different components on the trailers talk to each other. Theoretically, if you're driving by and you have a big antenna, you could interface with it since it's a wireless communication.
Speaker 2:
Hacking a trailer doing 65 miles an hour down the highway sounds difficult, but if you know what you're doing, all the tools you really need, you can get on Amazon.
Speaker 3:
J 24 97 doesn't have any protections against replay attacks, and that's what we've done in the past in these demonstrations is show if you have the equipment that's required, the cost is not super high. It's not like you have to have a supercomputer or anything like that. You can generally find them at hardware stores and stuff like hobbyist shops. So that level to get into that attack is not super high. And then having a basic understanding of interfacing with a device and using wireless like SDR radio to interface with it. So the level of difficulty is not super high.
Speaker 1:
Almost all cyber attacks are financially motivated, and an attack on a trailer is hardly different if the brakes are locked up the trailer or maybe many trailers are either ripe targets for cargo theft or the ransom collateral to get the freight back moving.
Speaker 3:
For example, if you deny the service, you could lock up everything and then you'd have to pull over and wait for service, and that costs time and money for everyone involved.
Speaker 2:
Every combination rig is going to be equipped with a J 2 4 97. So the best thing motor carriers can do right now is limit the kind of information going through it.
Speaker 3:
N-M-F-T-A has published a list of mitigations, actionable mitigations, so that's a more in-depth document that has several different actions that you could take. But in general, we recommend limiting the capabilities of the J 24 97 and limiting it to lamp on so that these kinds of attacks can't have any impact.
Speaker 1:
Now, that's going to mean talking to your dealer and steering clear of potential aftermarket solutions. Manufacturers are working on it too.
Speaker 3:
Third party, if you went to a third party that could introduce other factors and stuff. It's like putting on third party aftermarket devices and stuff. That's just another piece of equipment that you'd have to pet and make sure it's cyber secure and stuff like that. So avoiding that if possible. So J 24 97 is a really, it's a relatively old standard right from the nineties or something like that, or even earlier than that. But currently there is discussion with specifically the connector, the interface like the tractor trailer connector and making that more secure so that way communications back and forth from the tractor and trailer that's more secure
Speaker 2:
As part of its ongoing work on cybersecurity and trucking. N-M-F-T-A continues to find vulnerabilities on trailers.
Speaker 3:
So the new CVE, the new vulnerability that N-M-F-T-A found and reported was on specifically a blind wireless seat key exchange on trailers, which is, it's a bit different from the previous vulnerability reported in 2022 was replay attacks for J 24 97 in general, and that vulnerability is there was lacking authentication. There was no authentication in general on the trailers, or there was no authentication on an ECU reset, which is why we were able to do demonstrations such as ching, the brakes. So what we discovered in the new vulnerability reported in 2024 was that we found this something called seed key exchange, which is basically authentication method for diagnostic functions, which is diagnostic functions. They have more privilege in the ECUs, and so we found that seed key exchange and we were able to basically, we were able to prime it to make that seed predictable, and then we were able to unlock the seed key exchange and get access to those higher diagnostic functions.
So it's a little bit different from the 2022 vulnerability because that was specifically for J 24 97 in general. The one we found in 2024 was related to a specific piece of equipment. But it brings in that question of if we were able to find and unlock these higher diagnostic functions, which have higher privilege and means you could do higher, more sophisticated attacks or attacks that have more impacts to the trailer, then it's also, it opens up more research into is this applicable to more pieces of equipment and is a wider equipment also susceptible to these attacks?
Speaker 1:
That's it for this week's 10 44. You can read more on ccj digital.com. While you're there, sign up for our newsletter and stay up to date on the latest in trucking industry news and trends. If you have any questions or feedback, please let us know in the comments below. Don't forget to subscribe and hit the bell for notifications so you can catch us again next week.
