Posted on 03/21/2024 5:31:42 PM PDT by algore
Vulnerabilities in common Electronic Logging Devices (ELDs) required in US commercial trucks could be present in over 14 million medium- and heavy-duty rigs, according to boffins at Colorado State University.
In a paper presented at the 2024 Network and Distributed System Security Symposium, associate professor Jeremy Daily and systems engineering graduate students Jake Jepson and Rik Chatterjee demonstrated how ELDs can be accessed over Bluetooth or Wi-Fi connections to take control of a truck, manipulate data, and spread malware between vehicles.
"These findings highlight an urgent need to improve the security posture in ELD systems," the trio wrote [PDF].
The authors did not specify brands or models of ELDs that are vulnerable to the security flaws they highlight in the paper. But they do note there's not too much diversity of products on the market. While there are some 880 devices registered, "only a few tens of distinct ELD models" have hit the road in commercial trucks.
A federal mandate requires most heavy-duty trucks to be equipped with ELDs, which track driving hours. These systems also log data on engine operation, vehicle movement and distances driven – but they aren't required to have tested safety controls built in.
And according to the researchers, they can be wirelessly manipulated by another car on the road to, for example, force a truck to pull over.
The academics pointed out three vulnerabilities in ELDs. They used bench level testing systems for the demo, as well as additional testing on a moving 2014 Kenworth T270 Class 6 research truck equipped with a vulnerable ELD.
"In our evaluation of ELD units procured from various resellers, we discovered that they are distributed with factory default firmware settings that present considerable security risks," the authors noted.
This included an exposed API that permits over-the-air (OTA) updates. The devices also have Wi-Fi and Bluetooth enabled by default, with a "predictable" Bluetooth identifier and Wi-Fi Service Set Identifier (SSID) and weak default password. That makes it easy to connect to the device and then obtain network access to the rest of the vehicle's systems – at least for attackers within wireless range.
This can be achieved via a drive-by attack, or by hanging out at truck stops, rest stops, distribution centers, ports – basically anywhere that heavy-duty trucks tend to congregate.
The ELDs use a Controller Area Network (CAN) bus to communicate. For one of the attacks, the boffins showed how anyone within wireless range could use the device's Wi-Fi and Bluetooth radios to send an arbitrary CAN message that could disrupt of some of the vehicle's systems.
A second attack scenario, which also required the attacker to be within wireless range, involved connecting to the device and uploading malicious firmware to manipulate data and vehicle operations.
Finally, in what the authors described as the "most concerning" scenario, they uploaded a truck-to-truck worm. The worm uses the compromised device's Wi-Fi capabilities to search for other vulnerable ELDs nearby.
Here's how it knows the devices are vulnerable:
It specifically looks for devices with SSIDs starting with "VULNERABLE ELD:". Although this may sound contrived the SSID of the ELD we examined was predictable and could be used to identify the vulnerable devices.
It's the dirty story of a dirty man,
And his clinging wife doesn't understand,
His son is working for the Daily Mail,
It's a steady job but he wants to be a firmware writer,
Firmware writer a Firmware writer
It's a thousand pages, give or take a few,
I'll be writing more in a week or two I can make it longer if you like the style I can change it 'round and I want to be a firmware writer Firmware writer
If you really like it you can have the rights,
It could make a million for you overnight,
If you must return it, you can send it here,
But I need a break and I want to be a firmware writer...
Paper logs again?
Yea!!!!
I’d vote for paper logs again. All of this tech in a somewhat rough environment of a vlass-8 truck is bound to be hackable.
Doesn’t look like firmware
This is a case where overrides and workarounds will come into play as needed.
I am going to the Mid America Truck Show in Louisville this weekend.
Going to print the article out and see what some of the ELD providers say.
There will be pushback from the guys that like to show up at sites that have no onsite parking before claiming they’re out of time and thus have to stay.
All while blocking gates, driveways, various accessways, etc.
I’m surprised they didn’t blame it on Russia Russia Russia !!! hackers.
(Yet, anyway)
I drive a f-150 with a logo’d trailer on occasion for my job. The trailer is merely a means to get my demonstration supplies to the shows I do.
So of course, DOT says I need a ELD. I despise the stupid thing because most of the time I have no trailer, thus no need to log.
I got a new truck a couple months ago and kinda forgot to connect the ELD because I haven’t had the trailer connected. I almost feel free.
More like flaccidware.
It needs “This one simple trick…”
Imagine what kind of malware might be infiltrated into EV systems through charging stations. Also malware might be designed to migrate from traveling vehicles and infect other charger installations.
I spotted the problem right there -- not enough DEI in the trucking industry.
Bluetooth is a common invasion path.
Those live in Idaho. Giant Palouse earthworms.
When you do, please bring their response back here, I’d really love to hear it.
WHEN (not “if”) China declares war on the US to capture Taiwan, China can even now then stop all overseas shipping from leaving its ports with a single phone call.
And with this malware program, China can stop all shipping inside the US too.
Instant victory.
I'd be interested in hearing whatever comments they may have. The fact that these systems require NO AUTHENTICATION is insane. Whoever thought this up is obviously working for the government.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.