Once upon a time, theft was a purely physical transaction. After refueling, the driver heads to a truck stop, but when he returns he finds that the fuel has been siphoned off. Or maybe the driver was parked on the side of the road for his 10-hour reset and the load was stolen.
As technology evolves, the ways and reasons for attacking trucking companies have changed over the years, and many of them are now done digitally. The most common types of cyber-attacks on trucking companies, like most businesses, are phishing, smishing, ransomware, social engineering, business compromised emails, and general attacks primarily related to back-office operations. It comes from all the terms. Attacks on real trucks are also digitized.
[RELATED: Business compromised email one of the biggest threats to cybersecurity]
A group of Colorado State University researchers recently published a paper detailing the cybersecurity threat vector surrounding electronic logging devices, one of the most used devices in truck cabs.
This paper shares commonly used ELD vulnerabilities that could allow hackers to take control of an entire vehicle, steal data, and disrupt it by spreading malware between vehicles unnoticed. there is. These are three critical vulnerabilities. These can be controlled wirelessly, allowing unauthorized control over vehicle systems. Once the malicious firmware is uploaded, it allows the attacker to manipulate the data and operation of the vehicle. Additionally, the networked nature of these devices could allow worms to self-propagate from truck to truck, resulting in widespread disruption to commercial fleets and serious safety and operational concerns. may have a negative impact.
“The challenges highlighted in our paper are significant, and we have identified several significant vulnerabilities in certain ELD models that represent a large share of the existing market,” said lead author of the paper. said Jake Jepson, a systems engineering graduate student. “While manufacturers are currently working on firmware updates, we suspect these issues are general and may not be isolated to a single device or instance.”
Using a bench-level test system, the team conducted additional testing on a 2014 Kenworth T270 Class 6 research truck with the vulnerable ELD connected. The attack modified the firmware of an unnamed, popular, off-the-shelf ELD to perform attacks on vehicles.
There are more than 14 million medium and heavy-duty vehicles registered in the United States, and approximately 880 ELDs. Most of them share the same or similar architecture with default settings and minimal security features, making it easy to hack multiple devices from one device. According to the paper. This could look like forcing a truck to stop or crashing a vehicle into an object through wireless operation via Bluetooth or Wi-Fi connectivity.
[RELATED: NMFTA shares cybersecurity risk predictions for 2024]
“A malicious attacker with access to a wireless-enabled ELD could quickly spread malware to other ELDs in that network,” said Transportation and Logistics Sales at CoverWallet, which provides insurance to fleets. Manager Stephen Ritzler said. “The viral spread of malware can give cybercriminals access at scale. They can reveal a lot of sensitive information about the routes and transit points of high-value packages that they may intend to extort. may be.
“It could also interfere with data related to the safe operation of vehicles,” he added. “This could include logbook data being altered to falsely display hours of use that exceed the daily limit, putting the operator of a compromised vehicle at risk of facing his DOT sanctions.” You could be exposed.”
Therefore, when such an attack occurs, there are many implications for trucking companies. Insurance is one of many things. Not only because an attack can cause an accident and increase insurance premiums, but also because insurance companies use his ELD (many of which now offer telematics and dash cams) to track drivers. This is because we are informing you about safety and insurability. Ritzler said: Many fleets are now also considering cybersecurity insurance. Ritzler said ELD vendors are trusted to protect the privacy of customer data.
“When choosing an ELD provider, always do your due diligence to ensure they are not only compliant, but also safe from a cybersecurity perspective,” said NMFTA Executive Director Debbie Sparks. says.
The document emphasizes that ELDs currently do not require any security precautions.
“After evaluating ELD units purchased from various resellers, we found that these units were distributed with factory default firmware settings, which poses a significant security risk.” says the paper.
Mitigation measures against attacks
“A multifaceted approach is required to address the vulnerabilities identified in our study and effectively prevent track-to-track worm attacks in electronic logging devices,” the researchers wrote. “This approach includes strengthening default security settings, implementing robust firmware integrity and authenticity checks, and removing unnecessary and high-risk features.”
The researchers made the following suggestions to enhance the security of ELDs.
• Disable unused interfaces and services that are not actively used. The study found that while some resellers used Bluetooth and others used Wi-Fi, no reseller used both interfaces or web servers at the same time. It became clear. Therefore, ELDs should be configured to disable unused wireless interfaces and internal web servers by default.
• Implement high-entropy default passwords for initial device access in two ways. Generate a long, complex, randomized password that is unique to each device during the initial provisioning of the device. Alternatively, you can use a standard password prefix with the last four digits randomized.
• Use secure firmware signing mechanisms that include cryptographic signatures of firmware updates to ensure that firmware updates are untampered with and come from verified sources. This ensures that only genuine, untampered firmware is installed on the ELD and prevents malicious firmware from being installed.
• Remove unnecessary API functionality. Our findings suggest that the ability to send and receive arbitrary CAN messages via API in production ELDs poses unreasonable risk without a valid use case, so we removed this functionality from his ELDs. It is recommended that you do so. Restricting this functionality greatly reduces the risk of unauthorized access and control of the vehicle's CAN network, reducing potential security threats.
• Implement a firewall or gateway for telematics devices. These act as an intermediate layer of security between the ELD and the vehicle's diagnostic port.
This document emphasizes that these measures are practical, user-friendly, and cost-effective. Jeremy Daley, an associate professor at the CSU Walter Scott Jr. Institute of Technology who led the research, said these findings are important for the trucking industry, but have broader potential as various assets and infrastructure elements become more vulnerable. He said that it also alerts people to some of the vulnerabilities that exist. It was linked.
“Our group continues to develop adaptable security measures, assessments, and models that can be easily integrated into existing operations,” said Jeremy Daley, associate professor in the CSU Walter Scott Jr. College of Engineering, who led the research. I will continue to do so.” “These security design patterns can also be utilized throughout the truck lifecycle, from conceptual design to system retirement.”
