Colorado State University researchers have found that ELDs are “potential cybersecurity threat vectors” and there is an urgent need to make them more secure.
Researchers Jake Jepson, Rik Chatterjee and Jeremy Daily uncovered ELD vulnerabilities that could lead to unauthorized control of vehicle systems and data, as well as widespread fleet disruptions. Product designers, programmers, engineers and consumers should raise awareness of these vulnerabilities and encourage development of safer ELDs, their February paper says.
The United States has 14 million medium- and heavy-duty trucks on the road, many of which are required to use ELDs to track truckers’ driving time and ensure compliance with hours-of-service regulations. The devices acquire data by communicating with the vehicle’s engine control module through the vehicle network.
This technology is vulnerable to “truck-to-truck worms,” self-replicating malware that autonomously propagates across a network. Traditionally, these “worms” have targeted computer network systems, but in an age of increased connectivity of systems, technology like ELDs carries a risk of being hacked, the researchers discovered.
“Each system by itself may not have cybersecurity concerns; the truck without an ELD does not have a wireless connection, and the ELD by itself cannot command a truck. The heavy truck acts as a dynamic operational platform, encompassing various mechanical and electronic components, while the ELD serves as a mandated interface for data logging, regulatory compliance, and potentially, vehicle control,” the paper said.
An attacker could connect to a device — and only one device needs to be compromised to begin a larger attack — through a drive-by attack or by waiting at a location frequented by truck drivers, such as truck stops, distribution centers or ports. Then, the malicious firmware can spread to similar devices. Attacks can occur via Wi-Fi or Bluetooth or even through cellular networks, the paper said.
“Our findings revealed that, even in a full parking lot, a connection could be established up to approximately 12 parking spots away, equivalent to about 120 feet,” researchers said.
The researchers recommend the following to strengthen ELDs against attacks:
- Enhancing default security settings.
- Implementing high-entropy passwords.
- Utilizing a secure firmware signing mechanism.
- Eliminating unnecessary API features.
Gautam Dev @ Genix Cyber
Unmonitored Third-party access to systems from an infected device can cause havoc… Besides stay clear of public networks and configure Bluetooth to not automatically allow for file transfers… Restrict such activity through an MDM agent…
Lstn
Us had to be special… They couldnt use existing ELDs(digital tachographs) from europe(they use elds since 2010 i think) which uses chip card to log everything on that drivers card, its more secure and noone can move your truck without your card and it also prints the paper log if the card isnt working good.its not connected to the internet
Michael Harrington
When I wrote my book “For Lawyers, all about Automated Trucking” a significant section covered the risk of viruses. Even with the highest security in the world things like Stuxnet managed to reach their targets and insert their packages undetected until the damage was done.
Devices connected to the internet 24/7, with access to change a few hundred thousand devices into a botnet, alone would convince a true hacker to start targeting trucks. A deliberate enemy of the nation can do significant harm. No one want’s to talk about the security risks, no one want’s to cover the hazards. Instead everyone keeps pushing for profits even though the losses would exceed the profits when the worst does happen, not an if scenario but a when scenario.
When millions of trucks need updates monthly then it won’t be a situation for the manufacturer to do, it will be a situation for every truck shop possible to be involved because nothing else will suffice.
MeLek
Good- now for the devastating total disruption rendering this device utterly useless. Can my fellow blue collar hard working truckers yell out, “HELL YEAH!”.
And a grand shout out to our French Truckers!
Stephen Webster
This also a real danger for self driven trucks and cars