Imagine this scenario: A big rig is cruising down the interstate when a passenger vehicle, or any vehicle for that matter, pulls alongside and connects to the truck’s Wi-Fi using a laptop and an extended-range wireless adapter. The attackers in the passing vehicle exploit the ELD’s web interface to re-flash the device—this means they update or rewrite the device’s firmware in a reprogrammable section of its memory—while both vehicles are in motion. About 20 seconds later, allowing time for the ELD to initialize its Controller Area Network (CAN) interfaces, the truck starts to slow down as the ELD floods the CAN bus with malicious messages.
Eventually, the vehicle comes to a stop, which can lead to serious consequences, such as the engine derating and going into limp mode, effectively disabling the truck in potentially dangerous locations.
This drive-by attack simulation was conducted by researchers at Colorado State University on an empty mile-long airfield to demonstrate the potential risks associated with ELDs, especially in scenarios where trucks congregate, such as at rest areas, truck stops, or even while in transit. In their study, a 2014 Kenworth Class 6 research truck equipped with an ELD was driven down the runway at approximately 20 miles per hour. The attacker, seated in a Tesla Model Y with a laptop, simulated attack.
This test successfully illustrated the feasibility of a drive-by attack, underscoring the realistic possibility that such an event could occur under actual driving conditions. The researchers highlighted significant vulnerabilities in ELDs, which have become a mandated technology in the trucking industry. Through comprehensive testing in controlled and real-world environments, they demonstrated the practical risks and potential impacts of a truck-to-truck worm facilitated by these devices.
In cybersecurity, a worm is a type of self-replicating malware that autonomously spreads across a network by exploiting security vulnerabilities or software flaws. Since Dec. 17, 2017, modern commercial trucks have been legally required to be equipped with ELDs, which have recently emerged as potential cybersecurity threat vectors.
The Colorado State University study and related simulations revealed three critical vulnerabilities in commonly used ELDs:
- ELDs can be wirelessly controlled to send arbitrary CAN messages, allowing unauthorized control over vehicle systems.
- Malicious firmware can be uploaded to these ELDs, enabling attackers to manipulate data and vehicle operations.
- The most concerning vulnerability is the potential for a self-propagating truck-to-truck worm. This worm could leverage the networked nature of these devices to disrupt a fleet of trucks by targeting the ELD provider’s back-end infrastructure.
The study concludes that enhancing ELD security is vital. This includes optimizing default security settings, ensuring firmware integrity, and limiting unnecessary API features to mitigate the identified risks and establish a foundation for more secure operations.
Continuous innovation and vigilance in cybersecurity are crucial, especially for mandated technologies like ELDs. Fleets must ensure their ELD providers implement the latest and best cybersecurity practices to enhance the resilience of their business systems and vehicles.
Additional resources are available here for more information on evaluating ELD providers.
