Researchers from the National Motor Freight Traffic Association and Assured Information Security discovered that trailer Power Line Communications (PLC) signals can be reliably read using active antennas from 6 feet away and potentially farther with improved receivers. PLC is used to transmit signals between trailer electronic control units (ECUs), such as ABS fault messages, air-weigh systems, brake controller data, and telematics. Because PLC signals are radiated as unencrypted electromagnetic emissions over power lines and cables, an attacker with a simple antenna can passively intercept this traffic. The vulnerability exposes confidentiality of data on the PLC bus; the actual impact depends on what sensitive information a particular trailer is transmitting. Most standard trailer ABS messaging presents minimal risk, but future designs using PLC for weight data, brake diagnostics, or network information could leak business intelligence or operational details.
What this means
What could happen
An attacker with a simple antenna can wirelessly eavesdrop on unencrypted trailer power line signals from 6–8 feet away, potentially exposing sensitive business or operational data such as weight information, brake diagnostics, or telematics if those systems use the PLC bus.
Who's at risk
Operators and manufacturers in the transportation, energy, and manufacturing sectors who deploy trailers with Power Line Communications (PLC) bus systems—especially those carrying air-weigh systems, advanced brake controllers, or telematics—should be concerned. This affects trailer manufacturers, fleet operators managing trailers with electronic braking or weight monitoring, and any organization transmitting proprietary operational or business data over trailer PLC networks.
How it could be exploited
An attacker positions an active antenna within 6–8 feet of a trailer and captures radiated PLC signals transmitted over the power line bus. No special credentials or network access are required; the signals are broadcast as electromagnetic emissions. The attacker decodes the captured signals to read data being transmitted between trailer ECUs.
Prerequisites
Physical proximity to trailer (6–8 feet or potentially farther with improved receivers)
Active antenna or radio receiver tuned to PLC frequency band
No credentials or special permissions needed—signals are passively radiated
Environmental conditions favorable for signal reception
No authentication requiredLow complexity to exploit (antenna + receiver)Physically proximity required but easily accessible in open environmentsNo patch available for existing deploymentsAffects data confidentiality of potentially sensitive operational or business intelligenceRadiated emissions uncontrolled by default design
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
Power Line Communications Bus / PLC4TRUCKS / J2497: All trailer power line communications are affectedAll versionsNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/2
HARDENINGAudit all trailer PLC bus deployments to identify what data is actually being transmitted (e.g., ABS faults, weight information, telematics)
HARDENINGAssess the confidentiality sensitivity of each PLC data stream; flag any that carries business intelligence, weight/scale data, or network information that should remain private
Mitigations - no patch available
0/3
Power Line Communications Bus / PLC4TRUCKS / J2497: All trailer power line communications are affected has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGFor future trailer designs or retrofits, implement PLC bus mitigation by reducing radiated emissions through shorter cable runs and lower transmit voltage
HARDENINGConsider encryption or alternative communication methods (e.g., wireless with proper security) for sensitive trailer data currently on the PLC bus, if replacement is feasible
HARDENINGEstablish procedures to monitor trailers for unauthorized RF emissions or eavesdropping attempts if sensitive data is present