Cybersecurity is top of mind for fleets across the globe. An uptick in bad actors targeting trucks has raised concerns about the reliability of the de facto security protocol known as seed-key exchange.
Seed-key exchange is a method used in truck diagnostics systems to establish a privileged diagnostic session. The client (diagnostics software or attacker) requests a seed and then must return a matching key to successfully establish the session.
Seed-key exchange is typically utilized to control access to a truck’s electronic control unit (ECU). The ECU is “unlocked” to perform elevated privilege operations, some with cyberphysical impacts. At its core, however, seed-key exchange is simple and leaves trucks vulnerable to an attack. The protocol can be unlocked by attackers in a variety of ways.
Reverse-engineering the algorithm
When bad actors manage to reverse-engineer the seed-key algorithm, they typically start with either the diagnostics software executables or the ECU firmware. After gaining that initial foothold, it is not particularly difficult for a dedicated attacker to reverse-engineer the seed-key exchange routine.
Additionally, the simplicity of the protocol makes it possible for hackers to lift or emulate the routine without needing to understand it. This ability to gain access to vehicle networks by simply reusing an identified routine in the software or firmware can often be easier than reverse-engineering.
Replaying a key
Seed-key exchange relies on random number generation to provide unique, and hence secure, seeds. The problem, however, is that not all random number generators are created equal.
Some generators are time-based, meaning that the sequence of “random” numbers repeats each time an ECU is reset. This leads to a predictable set of seeds. Once attackers get the key for these seeds, they can unlock the ECU simply by replaying the known key.
Reusing a currently authenticated session
Seed-key exchange does not track the source of authentication. This means that when an ECU is unlocked, it is unlocked for anyone with access to the ECU on that controller area network (CAN) bus.
For example, if diagnostics software has unlocked the ECU, any malicious code with vehicle network access, e.g., on a compromised maintenance laptop, will also gain unlocked privileges.
An attacker who gains access to an ECU also gains access to a number of powerful features, which may include the capabilities to read memory, write memory, reflash firmware and even carry out cyberphysical impact commands like disabling cylinders.
Increasingly relevant
Additionally, many attacks not using diagnostics can lead to engines being derated. A derate is a fail state in engine control for diesel engines. Once an engine is derated, the vehicle goes into “limp mode,” essentially becoming inoperable. This can be a harrowing experience for professional truck drivers, and it leads to significant frustration for everyone involved.
More modern trucks are designed with cybersecurity in mind, and improved segmentation, which limits what is reachable. Despite these improved measures, which make derate attacks harder, diagnostics will remain an accessible entry point for attackers. This easy access is created by design, as diagnostics are a really important feature for fleets.
The importance of accessible diagnostics — coupled with the hackability of seed-key exchange — is a recipe for disaster. It is clear that stronger protections need to be levied in order to specifically protect diagnostics.
There are a number of steps fleets can take to protect themselves now and in the future. The National Motor Freight Traffic Association Inc. (NMFTA) discussed multiple options in its recent webinar, “Unlocking Seed-Key Exchange.”
Things fleets can do to protect their vehicles now
- If the fleet’s ECUs support passwords, these should be used instead of seed-key exchange. Passwords should not be reused.
- Telematics devices should be connected to an RP1226 connector, not a Deutsch-9 connector.
- Maintenance laptops should be secured: See the Securing Legacy Maintenance Software Project.
- Secure telematics devices should be procured, using the TSRM.
NMFTA has a wide range of resources available to fleets looking to increase cybersecurity precautions. Download the association’s latest guide to learn more about unlocking the potential of seed-key exchange, or nmfta.org/cybersecurity to learn about the current state of cybersecurity in the industry.
You also won’t want to miss the NMFTA Cybersecurity Conference Oct. 27-29 in Cleveland. This is the industry’s only cybersecurity conference. It will bring together cybersecurity, trucking and supply chain professionals to discuss emerging cybersecurity threats and related issues the transportation and logistics industries face. Click here to learn more about NMFTA.
