Colorado State University (CSU) researchers say that cybersecurity vulnerabilities in Electronic Logging Devices (ELDs) could allow hackers to take control of semi trucks, steal data, or “even disrupt entire fleets.”
The CSU researchers published a major paper raising alarm bells on the cybersecurity gaps found in popular ELDs, which have been federally mandated in the U.S. since December 2019.
Researchers examined several “off-the-shelf” ELDs and determined that they could be accessed through the air using Wi-Fi or Bluetooth to disrupt operation.
They also showed that malware on one truck could spread to other trucks while traveling on a highway or waiting at a distribution center or a truck stop, an effect they dubbed a “selfpropagating truck-to-truck worm.”
In the video below, the CSU researchers demonstrate what they call the “first-ever wireless drive by attack on a truck.”
Researchers say that they have shared their findings with the U.S. Cybersecurity and Infrastructure Security Agency as well as with ELD manufacturers.
“The challenges highlighted in our paper are substantial, and we have identified several critical vulnerabilities in a particular ELD model that represents a significant share of the existing market,” said author Jake Jepson. “The manufacturer is working on a firmware update now, but we suspect these issues may be common and potentially not limited to a single device or instance.”
“This research expands on past work we have done around the cybersecurity of heavy machinery like trucks, boats and tractors with the National Motor Freight Traffic Association and through our hands-on Cyber Challenge Events with students on campus,” said CSU Associate Professor Jeremy Daily “These are evolving and complex security problems that require field testing in addition to extended collaboration with all of the stakeholders involved.”