A new academic study reveals how vulnerable ELDs are to cyberattacks that hack systems in seconds while trucks are driving side by side.
Jeremy Daly, an associate professor of systems engineering at Colorado State University, is well-versed in truck cybersecurity. He co-founded his Cyber Truck Challenge in 2017 and has published numerous research papers related to this topic. But his latest research reveals the surprising truth that some electronic logging devices are susceptible to hacking.
Daily, along with research assistants Rik Chatterjee and Jake Jepson, wanted to understand how ELD mandates would impact truck cybersecurity. Researchers believe that not only can he access a truck's gas pedal by simply driving next to it, but he can also infect a fleet of trucks with malicious malware by hacking the ELD. I discovered that there is a sex.
For this experiment, Jepson was able to disassemble the ELD and reverse engineer it. He quickly discovered his default Wi-Fi password, and over the next few months he developed a malicious version of the ELD's firmware. Jepson admitted to Land Line Now that this was the first time he had reverse engineered a device, and that a more experienced hacker could have exploited the vulnerability much faster.
Check out Land Line Now's interview with Colorado State University researchers.
The researchers' next task was to infect the truck, which turned out to be quite easy.
Equipped with only laptops and Wi-Fi range extenders, they drove alongside a running 2014 Kenworth T270. In just 30 seconds, they were able to access his ELD in the truck and infect it with malicious firmware, slowing the truck down. Chatterjee, who was driving the Kenworth, said no matter how hard he pressed the pedal, it wouldn't pick up speed.
In this scenario, the researchers decided to slow down the truck for safety reasons. But they could have easily increased the speed of the truck. Hackers also have access to the truck's operating system, which could give them access to other features as well.
As if hacking one ELD wasn't enough, Daly and his team were able to infect multiple trucks after initially infecting just one.
The malicious firmware included what researchers called a “track-to-track worm.” Her ELD infected with this firmware can scan her ELDs nearby. Once a vulnerable worm is identified, the virus can be spread by truck-to-truck worms. Newly infected ELDs can repeat the scanning process and increase the spread of the virus. This process allows hackers to infect entire fleets of trucks in close proximity, with truck stops, rest areas, and yards being prime targets.
ELD technology and regulations
Although only one brand of ELD was used, the researchers noted that manufacturers use similar technology.
Although there are hundreds of certified ELDs available, the research literature reports relatively few distinct models. The study says companies are essentially rebranding ELDs and making the devices “clones of each other with minimal variation.” Therefore, vulnerabilities that exist in his one brand of ELD may exist in many other brands as well.
Another area of concern is the lack of regulation regarding ELD cybersecurity. Devices must meet technical specifications before being registered with the Federal Motor Carrier Safety Administration, but manufacturers only need to self-certify.
The American Motor Freight Transportation Association has published a list of recommended security requirements for ELDs. However, these recommendations seem to have been largely ignored.
“I can say with great confidence that if we had followed guidance from the industry, we would not have been able to demonstrate these exploits that Rik and Jake developed,” Daily told Land Line Now. .
The researchers contacted ELD manufacturers before publishing their findings. Daly said the manufacturer worked with him and his team to develop a firmware patch to address the vulnerability.
What can truck drivers do to make their trucks safer?
There are steps truck drivers and fleet owners can take to reduce cybersecurity vulnerabilities.
First and foremost, truckers must keep their ELDs up to date. Like smartphones, ELDs may require regular security updates, including patches for newly discovered vulnerabilities. Also, if the trucker has access to her Wi-Fi password on your device, you should change it to something stronger.
Daly also believes in the power of the free market. If industry players, especially large fleets that buy in bulk, buy only the more secure ELDs, the manufacturers of his less secure ELDs will be forced to sink or swim.
The good news is that the industry has responded well to cybersecurity concerns in recent years. The truck used in this experiment was a 2014 Kenworth, his 10-year old truck. Over the past decade, truck manufacturers have improved security measures within their systems. LL
Land Line Now's Scott Thompson contributed to this report.
