Trailer Shouting: Talking PLC4TRUCKS Remotely with an SDR

Presented at DEF CON 30 (2022), Aug. 13, 2022, 4 p.m. (45 minutes)

Ben Gardiner, Chris Poore and other security researchers have been analyzing signals and performing research against trailers and Power Line Communication for multiple years. This year the team was able to disclose two vulnerabilities focused on the ability to remotely inject RF messages onto the powerline and in turn send un-authenticated messages to the brake controller over the link. The team will discuss the details of PLC4TRUCKS, identify what led to this research and the discovery of the vulnerabilities, and then highlight the details of the SDR and software used to perform the attack. The talk will conclude with the demonstration of a remotely induced brake controller solenoid test using an FL2K and the release of the GNU radio block used to perform the test to the community to promote further research in the area.

Presenters:

• Ben Gardiner - Senior Cybersecurity Research Engineer, National Motor Freight Traffic Association Inc.,
  Ben Gardiner is a Senior Cybersecurity Research Engineer contractor at the National Motor Freight Traffic Association, Inc. (NMFTA) specializing in hardware and low-level software security. Prior to joining the NMFTA team in 2019, Gardiner held security assurance and reversing roles at a global corporation, as well as worked in embedded software and systems engineering roles at several organizations. He is a DEF CON Hardware Hacking Village and Car Hacking Village volunteer. He also participates in and contributes to working groups in SAE and ATA TMC.
• Chris Poore - Senior Reverse Engineer, Assured Information Security
  Chris Poore is a Senior Reverse Engineer at Assured Information Security in Rome, NY. He has expertise discovering vulnerabilities in wireless systems, gaining access to systems via RF, reverse engineering RF protocols, forensically testing cybersecurity systems, and administering RF collection events. He has experience writing code for software-defined radios and GNU Radio to reverse-engineer RF communication protocols and perform sophisticated attacks. Chris is excitable when working with the community to draw out ideas and takes advantage of networking opportunities with both humans and computers.

Links:

• https://forum.defcon.org/node/241816
• https://infocon.org/cons/DEF CON/DEF CON 30/DEF CON 30 video and slides/DEF CON 30 - Ben Gardiner - Trailer Shouting - Talking PLC4TRUCKS Remotely with an SDR.mp4
• https://infocon.org/cons/DEF CON/DEF CON 30/DEF CON 30 video and slides/DEF CON 30 - Ben Gardiner - Trailer Shouting - Talking PLC4TRUCKS Remotely with an SDR.srt (subtitles)
• https://www.youtube.com/watch?v=Na8K_fVEzQo

Similar Presentations:

• ShmooCon XIII (2017) / So You Want to Hack Radios
• DeepSec 2014 „Do you want to know more?“ / Trap a Spam-Bot for Fun and Profit
• 30C3 (2013) / The Exploration and Exploitation of an SD Memory Card: by xobs & bunnie