{"id":55660,"date":"2024-03-22T00:03:10","date_gmt":"2024-03-22T00:03:10","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/truck-to-truck-worm-could-infect-and-disrupt-entire-us-commercial-fleet\/"},"modified":"2024-03-22T00:03:10","modified_gmt":"2024-03-22T00:03:10","slug":"truck-to-truck-worm-could-infect-and-disrupt-entire-us-commercial-fleet","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/truck-to-truck-worm-could-infect-and-disrupt-entire-us-commercial-fleet\/","title":{"rendered":"Truck-to-truck worm could infect \u2013 and disrupt \u2013 entire US commercial fleet"},"content":{"rendered":"

Vulnerabilities in common Electronic Logging Devices (ELDs) required in US commercial trucks could be present in over 14 million medium- and heavy-duty rigs, according to boffins at Colorado State University.<\/p>\n

In a paper presented at the 2024 Network and Distributed System Security Symposium, associate professor Jeremy Daily and systems engineering graduate students Jake Jepson and Rik Chatterjee demonstrated how ELDs can be accessed over Bluetooth or Wi-Fi connections to take control of a truck, manipulate data, and spread malware between vehicles.<\/p>\n

\"Schemes<\/p>\n

White Van Man could become a rolling radio relay<\/h2>\n

READ MORE<\/span><\/a><\/div>\n

“These findings highlight an urgent need to improve the security posture in ELD systems,” the trio wrote<\/a> [PDF].<\/p>\n

The authors did not specify brands or models of ELDs that are vulnerable to the security flaws they highlight in the paper. But they do note there’s not too much diversity of products on the market. While there are some 880 devices registered, “only a few tens of distinct ELD models” have hit the road in commercial trucks.<\/p>\n

A federal mandate requires most heavy-duty trucks to be equipped with ELDs, which track driving hours. These systems also log data on engine operation, vehicle movement and distances driven \u2013 but they aren’t required to have tested safety controls built in.<\/p>\n