Researchers from Colorado State University presented findings at the 2024 Network and Distributed System Security Symposium, revealing vulnerabilities in Electronic Logging Devices (ELDs) required in US commercial trucks. These flaws, potentially affecting over 14 million trucks, allow attackers to manipulate data, control vehicles, and spread malware via Bluetooth or Wi-Fi connections. Despite a federal mandate, ELDs lack adequate security measures and are susceptible to attacks exploiting default firmware settings and weak passwords. The researchers demonstrated three attack scenarios, including disrupting vehicle systems, uploading malicious firmware, and spreading a truck-to-truck worm. They conducted real-world simulations to illustrate the severity of these vulnerabilities. The team notified ELD manufacturers and the US Cybersecurity and Infrastructure Security Agency (CISA) to address the issues.
