Experts are raising the alarm about critical cybersecurity vulnerabilities within the technology underpinning the U.S. trucking industry, a backbone of the nation’s economy.
Recent findings highlight the urgent need for enhanced security measures to protect against potential threats that could have far-reaching consequences for the flow of goods and services across the country.
Modern commercial trucks are required by law to be equipped with electronic logging devices (ELDs), which are now potential cybersecurity threat vectors, Jake Jepson, Rik Chatterjee, and Jeremy Daily warn in their new report.
The research team has identifies three critical vulnerabilities that can allow a malicious actor to remotely hack commercial fleets.
According to the report, the first vulnerability is that ELDs can be wirelessly controlled to send controller area network (CAN) messages, which allows unauthorized control over vehicle systems.
The second vulnerability identified is that malicious firmware is able to be uploaded to ELDs, which allows cyber attackers the ability to manipulate data and vehicle operations.
The third vulnerability, which the authors say is “most concerning,” is the “potential for a self-propagating truck-to-truck worm, which takes advantage of the inherent networked nature of these devices. Such an attack could lead to widespread disruptions in commercial fleets, with severe safety and operational implications.”
As detailed in the report, the U.S. alone has more than 14 million medium and heavy-duty trucks, which move roughly 73 percent of the nation’s freight.
“The seamless operation of these commercial vehicles is vital for the smooth functioning of supply chains, directly impacting everything from local businesses to international markets,” the research team says, underscoring the “urgent need” to improve security in ELD systems.
Hackers deploying a widespread worm-like attack can compromise “numerous ELDs from multiple companies to inflict substantial damage,” the report states.
In a truck-to-truck worm attack, network interfaces are setup prepping file systems and setting up CAN bus communication protocols.
Next, the worm utilizes WiFi to search for nearby ELDs that could be potential targets.
Once a vulnerable ELD is identified, the truck-to-truck worm proceeds with the infection process, exploiting a vulnerability by connections to the ELDs using hardcoded default credentials. After a connection is established, the worm transfers malicious code to the target ELD, which overwrites the existing firmware and prepares the device for its role in compromising other devices.
After an ELD has been successfully infected, the worm changes the WiFi access point of the infected device, which signals that the device is already infected, preventing unnecessary infection attempts as the worm spreads.
The infected ELD, controlled by the worm, continues the cycle of infecting other vulnerable devices, perpetuating the spread of the truck-to-truck worm, the report explains.
Attacks of this type are not purely theoretical.
Last year, the National Motor Freight Traffic Association (NMTFA) held an event to demonstrate the ease with which a hacker with just $300 could gain control of a semi-truck and shut down its anti-lock braking system.
Hackers could also remotely cause the truck to slam on its brakes in a traffic choke point.
“Certainly, disabling entire fleets of trucks could have large impacts on cities, critical infrastructure, and the safety of the nation,” Ben Gardiner, a senior cybersecurity research engineer with NMFTA, said at the event.
