Theft was once a purely physical transaction. A driver heads into a truckstop after fueling only to return and find his fuel has been siphoned. Or maybe a driver is parked on the side of the road for their 10-hour reset, and his cargo is stolen.
The methods and reasons for attacking a trucking company have changed over the years as technology has evolved with much of it now being done digitally. While the most common types of cyberattacks against trucking companies – as with most any company – come from phishing, smishing, ransomware, social engineering, business compromised email and all those popular terms, mostly related to back-office operations, over-the-road attacks on actual trucks have become digital as well.
[RELATED: Business compromised email one of the biggest threats to cybersecurity]
A group of researchers from Colorado State University recently published a paper that details cybersecurity threat vectors surrounding one of the most used devices in the cab of a truck: the electronic logging device.
The paper shares vulnerabilities in commonly used ELDs that could allow hackers to take control of, steal data from and disrupt entire fleets by spreading malware unnoticed between vehicles. These are the three critical vulnerabilities: they can be wirelessly controlled, enabling unauthorized control over vehicle systems; malicious firmware can be uploaded, allowing attackers to manipulate data and vehicle operations; and there is potential for a self-propagating truck-to-truck worm to take advantage of the networked nature of these devices that could result in widespread disruptions in commercial fleets with severe safety and operational implications.
“The challenges highlighted in our paper are substantial, and we have identified several critical vulnerabilities in a particular ELD model that represents a significant share of the existing market,” said systems engineering graduate student Jake Jepson, a primary author of the paper. “The manufacturer is working on a firmware update now, but we suspect these issues may be common and potentially not limited to a single device or instance.”
