Jake Jepson, Rik Chatterjee, Jeremy Daily (Colorado State University)

ETAS Best Paper Award Runner-up!

In compliance with U.S. regulations, modern commercial trucks are required by law to be equipped with Electronic Logging Devices (ELDs), which have become potential cybersecurity threat vectors. Our research uncovers three critical vulnerabilities in commonly used ELDs.

First, we demonstrate that these devices can be wirelessly controlled to send arbitrary Controller Area Network (CAN) messages, enabling unauthorized control over vehicle systems. The second vulnerability demonstrates malicious firmware can be uploaded to these ELDs, allowing attackers to manipulate data and vehicle operations arbitrarily. The final vulnerability, and perhaps the most concerning, is the potential for a selfpropagating truck-to-truck worm, which takes advantage of the inherent networked nature of these devices. Such an attack could lead to widespread disruptions in commercial fleets, with severe safety and operational implications. For the purpose of demonstration, bench level testing systems were utilized. Additional testing was conducted on a 2014 Kenworth T270 Class 6 research truck with a connected vulnerable ELD.

These findings highlight an urgent need to improve the security posture in ELD systems. Following some existing best practices and adhering to known requirements can greatly improve the security of these systems. The process of discovering the vulnerabilities and exploiting them is explained in detail. Product designers, programmers, engineers, and consumers should use this information to raise awareness of these vulnerabilities and encourage the development of safer devices that connect to vehicular networks.

View More Papers

Invisible Reflections: Leveraging Infrared Laser Reflections to Target Traffic...

Takami Sato (University of California Irvine), Sri Hrushikesh Varma Bhupathiraju (University of Florida), Michael Clifford (Toyota InfoTech Labs), Takeshi Sugawara (The University of Electro-Communications), Qi Alfred Chen (University of California, Irvine), Sara Rampazzi (University of Florida)

Read More

Understanding Route Origin Validation (ROV) Deployment in the Real...

Lancheng Qin (Tsinghua University, BNRist), Li Chen (Zhongguancun Laboratory), Dan Li (Tsinghua University, Zhongguancun Laboratory), Honglin Ye (Tsinghua University), Yutian Wang (Tsinghua University)

Read More

Designing and Evaluating a Testbed for the Matter Protocol:...

Ravindra Mangar (Dartmouth College) Jingyu Qian (University of Illinois), Wondimu Zegeye (Morgan State University), Abdulrahman AlRabah, Ben Civjan, Shalni Sundram, Sam Yuan, Carl A. Gunter (University of Illinois), Mounib Khanafer (American University of Kuwait), Kevin Kornegay (Morgan State University), Timothy J. Pierson, David Kotz (Dartmouth College)

Read More

Exploiting Sequence Number Leakage: TCP Hijacking in NAT-Enabled Wi-Fi...

Yuxiang Yang (Tsinghua University), Xuewei Feng (Tsinghua University), Qi Li (Tsinghua University), Kun Sun (George Mason University), Ziqiang Wang (Southeast University), Ke Xu (Tsinghua University)

Read More