ScapyCon 25 - Blind Wireless Seed-key Unlock - Ben Gardiner

This talk reveals a newly discovered wireless vulnerability (CVE-2024-12054) in J2497 trailer equipment, enabling a replay-style seed-key attack via forced ECU resets. Ben Gardiner (NMFTA) presents background on J2497 (PLC4TRUCKS), prior wireless CVEs, discovery methods, and mitigations. He provides insight into the vulnerability’s mechanics, its impact on trailer telematics, and strategies for assessing and securing affected systems.

About ScapyCon:
ScapyCon is the annual get-together of an engaged community of cybersecurity aficionados – pushing the boundaries of network packet manipulation across automotive, IoT, aviation, defense and beyond.

At its core, ScapyCon is about technical expertise and shared knowledge – because only through collaboration can we advance cybersecurity in the long run. Therefore, ScapyCon combines a classic conference experience with deep-dive workshops led by industry pioneers and seasoned experts. These sessions focus on providing practical skills for real-world applications.

Learn more: www.scapycon.com

About dissecto:
Founded in 2022, by the maintainers and primary contributors to “Automotive Scapy“, a widely embraced packet manipulation tool in the automotive industry, dissecto specializes in simplifying cybersecurity testing for embedded systems. Our flagship product, dissecto HydraVision, is an automated security test environment for electrical control units (ECUs), that detects and reports vulnerabilities. Alongside, we provide security training, pentesting and advanced hardware solutions like the dissecto HydraLink interface.

GET IN TOUCH WITH US:
www.dissecto.com
contact-us@dissecto.com
+ 49 941 4629 7370