ELD Security in Question: Logging Devices Could Be Vulnerable to Cyberattacks

cyber security symbol

The truck industry has undergone several huge transitions and changes in its long history. In 2024, semis have evolved into sprawling networks of interconnected computer systems and IoT devices sitting on 18 wheels.

For nearly a decade, Electronic Logging Devices (ELDs) have been a staple in truck cabs. However, despite the recent mandate, ELDs have been around since the early 1980s. This poses cybersecurity risks, according to cybersecurity consultant Michael Hasse, who notes that many of today’s ELDs were designed decades ago, leaving them vulnerable to cyber threats.

“That makes retrofitting security into an embedded system like that, when it was never planned for previously, cost-prohibitive for various reasons,” Hasse said.

Drawing parallels to cybersecurity challenges faced by upscale vehicles like Tesla, Hasse emphasizes the importance of proactive security measures. Leading ELD manufacturer Geotab prioritizes cybersecurity by including specific algorithms and continuously monitoring the cybersecurity landscape.

“These technologies validate the authenticity, integrity, and confidentiality of every message transmitted to and from our GO devices and help to mitigate the potential for an adversary to abuse or alter GO firmware,” said Don Bailey, senior security researcher at Geotab. “By first securing our GO device, we help ensure the vehicle and its CAN network from any remote attack.”

Trimble, another leading ELD manufacturer, invests in developer security training, code scanning solutions, and firmware updates to fortify its ELD systems. They also encourage customers to enhance security measures by safeguarding credentials, conducting cybersecurity awareness training, and applying vendor-recommended updates.

“Trimble conducts security due diligence, which includes whitebox testing of all our hardware and embedded firmware for vulnerabilities,” said Conan Sandberg, Trimble’s global business information security officer. “Trimble uses several measures of security, including secure certificates and authentication mechanisms, and we do not use default authentication or configuration settings from the manufacturer that malicious actors can target.”

Data theft and potential criminal actions, such as remotely disabling a moving truck, are significant concerns for trucking industry professionals. To reduce these risks, Trimble emphasizes the importance of full-scale cybersecurity protections and shared responsibility throughout the supply chain.

“ELD threats are ever-evolving. We strive to measure and understand those threats through advanced vulnerability management scanning, endpoint detection and response, and threat intelligence tooling inside our solutions. We provide updates to the devices and certificates used and manage inter-process communications securely,” Sandberg said.

 

 

Source: Commercial Carrier Journal