Systems engineering graduate student Jake Jepson performs research on ELD cybersecurity. Source: Colorado State University Systems Engineering Department
Previously, theft committed upon trucking companies primarily involved physical acts, such as siphoning fuel from parked trucks or stealing cargo while drivers took breaks. However, as technology has advanced, the methods of attacking trucking companies have shifted towards digital means.
Cyberattacks on trucking companies now encompass various techniques, including phishing, smishing, ransomware, social engineering, and compromised business email. These attacks extend beyond back-office operations to target trucks directly. A recent study by researchers from Colorado State University discusses cybersecurity threats related to electronic logging devices (ELDs), commonly used in truck cabs.
The study identifies vulnerabilities in widely used ELDs that could enable hackers to manipulate vehicle systems, steal data, and disrupt entire fleets by spreading malware between vehicles. These vulnerabilities include wireless control, malicious firmware uploads, and the potential for self-propagating truck-to-truck worms.
The researchers conducted tests on a vulnerable ELD connected to a research truck, highlighting widespread security risks across the trucking industry. With over 14 million registered medium and heavy-duty vehicles in the U.S. and many ELDs sharing similar architecture and minimal security features, the potential for widespread attacks is significant.
These attacks could have serious consequences for trucking companies, including accidents and increased insurance costs. To mitigate these risks, the study suggests several security measures, such as disabling unused interfaces, implementing strong default passwords, using secure firmware signing mechanisms, eliminating unnecessary API features, and implementing telematics device firewalls or gateways.
Jeremy Daily, the lead researcher, emphasizes the importance of these findings for the trucking industry and beyond, as interconnected assets and infrastructure pose similar vulnerabilities. The research aims to develop adaptable security measures that can be integrated into existing operations, ensuring the safety and security of trucking fleets.
The study concludes with a call for increased diligence when selecting ELD providers and advocates for enhanced security measures to be implemented in these devices to protect against cyber threats.
Credit to Angel Cocker Jones of Commercial Carrier Journal. Read the original article here.