Last month, a research team from Colorado State University published a paper revealing a series of vulnerabilities discovered in the IoT devices found in the majority of U.S. commercial trucks.

ELDs and the need for increased security

In an effort to understand the current state of cybersecurity in the commercial shipping industry, an associate professor and two systems engineering graduate students conducted a study on the Electronic Logging Devices (ELDs) used on commercial trucks. These devices help monitor vehicle behavior, operating as a digital logbook of truck activity. However, the majority of these devices are Bluetooth or Wi-Fi enabled, meaning they serve as a potential point of entry for cyber-attackers. While there are a variety of ELDs available on the market, the setup of the devices is very similar due to the nature of the data they are logging.

Looking at commonly used ELDs, the team discovered that the default firmware settings on the devices were highly insecure, allowing for “over-the-air (OTA) updates” to be made on the devices’ interfaces. Since the default Wi-Fi passwords are often weak (and not updated), “attackers within wireless range” can easily break into the ELDs and use them to “obtain network access to the rest of the vehicle’s systems.” The researchers also determined that once one ELD is compromised, attackers can utilize that device to connect to other ELDs nearby, allowing the malware to spread from ELD to ELD. This is especially concerning considering ELDs are required in most U.S. shipping trucks, and can be found in as many as “14 million medium- and heavy-duty rigs.”

The Register reported:

“[These ELD infiltrations] can be achieved via a drive-by attack, or by hanging out at truck stops, rest stops, distribution centers, ports – basically anywhere that heavy-duty trucks tend to congregate…

In what the authors described as the ‘most concerning’ scenario, they uploaded a truck-to-truck worm. The worm uses the compromised device’s Wi-Fi capabilities to search for other vulnerable ELDs nearby… After finding the right ELDs, the worm uses default credentials to establish a connection, drops its malicious code on the next ELD, overwrites existing firmware, and then starts the process over again, scanning for additional devices.”

Once attackers have breached the system, they can view the data logged on the ELD and use the device to send messages to the truck to alter its operations, such as its current travel speed. The manipulation of this vulnerability would be nothing short of catastrophic.

Mitigating the risk of ELDs

To confirm these findings, the researchers conducted their own “drive-by-attack simulation,” using a 2014 shipping truck equipped with a typical ELD and a Tesla containing a hacker with “a laptop and an Alfa extended range wireless adapter.” With both vehicles driving at 20mph, “in just 14 seconds the team connected to the truck’s Wi-Fi, used the ELD’s interface to re-flash the device, and started sending malicious messages causing the truck to slow down.” 

This research reveals a significant security threat within the commercial shipping industry that could potentially shut down “entire fleets” of trucks, and the need for immediate and widespread increased security measures. As the research team concluded in their paper:

“The findings from our study highlight the importance of security in technologies that are not only integral to operational efficiency but also legally mandated. The vulnerability of such systems poses a broader risk to the entire supply chain, making it imperative that security measures evolve in tandem with technological advancements…

Furthermore, regulating bodies need to be aware of the increased security risks associated with mandated technologies that interface with deployed control networks. Future research should focus on developing and implementing advanced, adaptable security measures that can protect against evolving threats while ensuring seamless operational integration. This balance is vital for safeguarding the trucking industry and, by extension, the critical supply chains it supports.”  

The team also notified the specific manufacturer of the ELD tested in their real-world scenario prior to the publication of their research, and the manufacturer is currently working on a firmware update for the device in question.