Vulnerabilities in common electronic tachographs (ELDs) could be present in more than 14 million U.S. trucks, according to researchers at Colorado State University. The experts demonstrated how the attacks could take place.
U.S. regulations require modern trucks to be equipped with electronic logging devices (ELDs), but these have become potential cybersecurity threat vectors. Research from three Colorado State University experts uncovers three critical vulnerabilities in commonly used ELDs.
Three weak points in the tachographs
First, they demonstrated that the ELDs could be controlled wirelessly to send arbitrary Controller Area Network (CAN) messages, allowing unauthorized control of vehicle systems.
The second vulnerability shows that malicious firmware can be uploaded to these ELDs, allowing attackers to manipulate data and vehicle operations at will. The final and perhaps most concerning vulnerability is the possibility of a self-propagating truck-to-truck worm that exploits the inherent networking capability of these devices. Such an attack could cause widespread disruption to commercial fleets, with serious implications for safety and operations.
Hack demonstration on a test system
Using test systems on a test bench, the experts demonstrated that they not only have theoretical concerns, but also showed how the attacks work in practice. These results show that there is an urgent need to improve the security posture of ELD systems.
Following some best practices and adhering to known requirements can significantly improve the security of these systems. The researchers explain the process of discovering the vulnerabilities and their exploitation in a detailed report.
Editor/sel