The Federal Bureau of Investigation has released a warning that Electronic Logging Devices can make companies vulnerable to hacking by cyber criminals. The potential damage that could be caused is enormous. And ELDs which are vulnerable include those provided by large, well-known companies.
As the FBI points out, there were no security checks or even quality assurance requirements put in place for ELD suppliers as part of the regulation that mandated them in CMVs. Because of that, the FBI says that most ELDs, including those produced by “well-known companies” did “little to nothing follow cybersecurity best practices” and are considered “vulnerable to compromise.”
ELDs are a vulnerable point through which hackers can access vehicle data remotely. Sensitive data like position, VINs, user IDs, and carrier information like load contents can be pulled in real time from them. Depending on the ELD integration in a company’s network, ELDs could give hackers access to all of the company’s data – potentially including personal information, business and financial records, and more.
Even more concerning though, ELDs provide a point through which hackers could directly “affect functions such as vehicle controls.”
The FBI notice recommends that drivers and companies ask their ELD makers and suppliers a series of questions to make sure that they are taking proper cyber-security measures. The notice does not provide the names of ELD providers which meet the suggested criteria.
To see the criteria questions and to get more information, you can read the FBI notification here.
Source: FBI
Time to file lawsuits against the FMCSA for putting truckers lives in danger. Elds were never about safety it was always about blood money.
Shut up
go pound sand stupid
How great is this?!!!
“Thou shalt install an ELD” was the word from big (dumb) brother.
Now, there are safety and privacy issues.
Who could’ve seen this coming?
This was we been saying but FMCSA called us liars
**what***
** is what we have been
What da?
Thing is, most of them communicate via cellphone signal. So anyone with access to cellphone skimming technology could easily do this. Old ELDs used encrypted signal via satellite but with companies wanting more and more data to be used through the ELD, satellite is simply too slow and expensive.
😂😫🥴😒 So wait the same people who mandated ELD’s are contradicting the very same “facts” they argued that this was the safest way for the drivers and the public?!? In fact according to them ELD’s are worse because it can take conrol your vehicle!!! Huh?!? 🤯😬🙄 I wonder when they try to double down on pushing the driverless trucks will this be considered a factor?! Of course, as so many people said before. Of course it won’t because it’ll be insisted that security is under control. This is such a joke and frankly insulting. I mean they act as people have the memory of a gold fish.
Hey quit insulting poor goldfish
Very true. They always have an agenda riding behind the news.
Have you seen a truck driver? They arnt to smart
LOL 😂👍🏼
IF the ELD ONLY was a log book this would not be a problem – but it is not. it is tied to the trucks systems and like the QUALCOMM, who really knows what it’s actually recording and like the QUALCOMM, who really knows what it’s actually recording and then you add communication capabilities which apparently this has opens the door for being hacked.
Correct me if I’m wrong please but the FMCSA only cares about the hours of service it’s only your company that wants to monitor hard braking, and all the other fun stuff that the QUALCOMM or ELDs record.
My company we use keep trucking and of course you know keep trucking we can use our cell phone so in majan the information that they’re not telling us that they probably can see inside out cell phone because I claimed I dropped my trailer and went on personal convenience and did something my dispatcher sent me a satellite showing me where I was all my moves I made a got damn picture all the locations I were sitting at so we don’t see it on our end but on their end they have satellite pictures to actually see where we’re sitting i9
If you have one of the gas price aps on your cellphone information on your trips including hard acceleration and braking , length of trips including time of day is collected and sold to the insurance industry. You can disable the reporting..
MAYBE.
Yes,,,, you must,,,,,cause( we )no what’s best for you dummy truck driver !!!!!
Wow! Is it me or is illiteracy running rampant on this thread. Spell check Pleeeeeease!
You guys need to stick to truck driving, because it is painfully obvious that you have no clue about technology. And as for the writer, you sir need to stop spreading lies and panic to the public, you and your min stream media partners are 100% of the problem in this country. You spew lies as truth and expect everyone to listen to you, but when you are proven wrong you don’t even publish apologies or retort the facts. Fact: ELDs are not connected to any “financial” information of a company. FACT: ELDs are not remote controls of the trucks (automated trucks are a different story). FACT: in order to “remote into an ECU you must be within 10 feet and it is done via bluetooth. FACT: ELD’s do not use standard “cell service”, these units do not have a phone number or ip to access the internet, they use non encrypted cell for GPS only (no different than your little gps in your car).
There is NOTHING an ELD can do to endanger a truck while moving down the road, please stop spreading lies and panic, educate yourself, and for the love of God, RESEARCH FACTS before printing them.
And what are your credentials in saying this?
You’ll have to understand his perspective. If you know anything about drivers especially anxious ones, all you have to do is send a signal to the ELD that alerts the driver they have violated ELD rules of service and they’ll freak out and slam the brakes no matter where they are. They’ll drive off bridges. Etc. why? Because the anxious ones are anxious for a reason, they’re close to losing their job and for many their homes. Living paycheck to paycheck etc. this writer in the article could have gone into depth about all of this but it would take a while book to explain all the angles that you can’t see so yes it does affect everything including financials. What no I must be ignorant. Lol. It can destroy your financial life Simply. All someone has to do is alter your hours so that you never have enough and know exactly when you are on a load that is sensitive and if late your company will lose a high paying account and enough of those they’ll go bankrupt. Different variations of this can affect specific bank accounts also and yes they know what loads those are because it’s send through text onto the ELD. So still care about telling people not to worry? Maybe tell them how this will never happen to them specifically? It can even to the simple little people and does. No one has to personally target anyone. There are simple A.I. Programs that do target people for reasons given by the programmers. Sometimes it benefits you and sometimes not. I won’t disclose the specifics except for this, Jesus loves you.
The driver losing money because he does not keep records is the drivers fault, not the would be hacker, and the writer said hackers could access COMPANY financials. try learning to read before commenting.
“drive off bridges” lol
How do you know this??
The ELD is tied into the OBD system on a vehicle, so that it can pull real-time vehicle info. This gives it protected access to the ECU, if its anything like CANBUS on cars.
It also accesses and modifies company DB, which I’m sure are not very secure yet.
These are legitimate concerns by the FBI, especially considering the trucking industry has not been a historical target for cyber attack.
I for one, wholly support ELDs, they keep everyone honest. Guys who complain about having to run legally are a danger to us all.
It’s tied into the system for MONITORING ONLY, it has absolutely NO control over the vehicle. Remember back when these first came out, everyone was concerned that the company could shut the truck down if you went over your hours. Well sir, how did that turn out? It was a complete fabrication and a total lie. There is nothing an ELD can do to a truck, not without physically attaching to the truck itself. Even the programmers that rewrite the ECU have to physically remove the ECU to do the programming, otherwise the ONLY things an ecu can control is your speed, when a regin is due, your hours of service (and most of you dont abide by them anyways, thats why your so against them), your governed speed, etc and those can only be changed with a reader that is physically attached to the ecu, which an ELD is NOT a reader.
Yeah and you ninny nerds are what’s destroyed this industry!
ELD’s & Saftey.
Tony B. Your notion that ELD’s = safety is false. It’s like having a big cut on your leg and picking up a band-aid from the dirt and putting it on to stop the bleeding. It’ll help stop the bleeding; but it is certain to get infected. While I agree there are a few drivers out there who try to cheat the system via paper logs; ELDs force drivers to beat the clock, or lose your job. That is wayyyy more dangerous; especially for inexperienced drivers. I’m sure you’ve come across them, driving like mad-men (wondering what the heck – where’s the fire).
On paper logs if – you get caught up in traffic and need another 20 – 30 minutes no big deal (for the most part) drive safe; get to your destination and everyone is happy. I say for the most part because there is a small percentage of morons in every type of employment that are just careless people.
Many are under the impression that ELDs = more sleep; and that equates to a safe driver. It’s just not the case. That are too many other factors that aren’t taken into account in the realm of safe and alert drivers.
Thank you. These truck drivers are IDIOTS!!!
After reading a few of your comments Rage; you are in dire need of a 90 day ride along with an OTR trucker. It’s always great to see people who have absolutely no idea of a particular subject present themselves as some type of expert that knows what is needed. Perhaps tomorrow you will wake up in a Holiday Inn and start regulating surgeries.
Yeahhh No doubt!!! A 90 day ride along…. lol heck, a 2 day ride along would cure quite a few. Most CLUELESS crybabies couldn’t make it 90 days!!! let alone 30 or even 15!!!
you willing to back your mouth up with your life? If you are let me know I’ll set up a test. But you’ll need to sign a waiver so when you die you can’t sue.
Fact, some elds are tied to financial information so as to order express codes and such from cab of truck without a person on the other end having to do anything…
Fact, some elds run on at&t cell phone service
Fact, some elds can “remotely control” trucks… they can set governed speeds, etc from afar
Fact, some elds give load descriptions
So, yeah, you need to go fact check yourself
You are incorrect about several things.
While a stand alone eld app or device may not have those features, the ones the fleet level runs do.
They tie directly into the company database to track IFTA taxes mpg, calculate load profits etc.
The more advanced units like the Peoplenet ones also tie into the truck computer and allow remote access for diagnostics, as well as the ability to disable the truck remotely. That means that with the new trucks that have auto start capabilities, steering assist, brake assist, cameras etc (such as my truck), a hacker may be able to access into those features and affect the operation of the truck.
And all this is done via a cell data modem running on the AT&T cell network from an Android tablet installed on the dash.
Even scale PrePass is done via the cell connection now, no window transponder anymore.
Now, none of what I just mentioned is required by law, most of that is features that fleets want, so this isn’t FMCSAs fault, the fleets were running this stuff anyway.
So the security risks are real, and it’s important to check the systems and make sure that security is bulletproof, and that the truck companies ensure that the assist systems are not controllable by code, and are well protected, but it needs to be talked about.
And while I may be driving truck right now, my background is industrial automation, IT, ham radio etc.
I beg to differ with you. Would you like to see my monthly bill from Verizon?
The eld is connected to the obd port. If hacked, it can control the truck. If you hack the eld you gain access to the obd. Got it?
100% correct!
Well I for 1 work for a company that can disable the truck through the GPS. Now what
When an eld device has sat on the dashboard and shorts out all the electronics on the truck its connected to its a safety issue. Serial ports where never meant to have these things connected to them and there is going to be long term cosequences for the working stiffs who have been forced to comply with unconstitutional “MANDATES”. But if your so inclined to worship your robot overlords in china, be my guest, fire that rig up and strap on your ankle bracelet. Good luck
Fact, you work for a major ELD company. Fact I need you to return our info immediately. Fact mind your business and stay out of my cab you pervert
Yet, another reason to call for a scrapping of elds, and a return to paper logs!
Will that happen? No.
Michael, the writer didn’t say this ,he’s reading from the FBI’s report. Our whole system including monetary ,utilities ,anything using technology can be shut down almost instantly. We are hanging by a thread! Ever heard of a pulse bomb? You do your research!
There is absolutely NOTHING the ELD can do. the ELD cannot shut down a truck, cannot push on the brakes, can not disengage a gear, cannot control the steering. A bomb is a whole new topic, lets stick to the facts of what the writer wrote. And no where is there a “quote” from the FBI, he is claiming the FBI is saying this, but there are no sources to back it up and a Google search shows no such report. try again sunshine.
your a liar sir. you sound like a clown that’s about to lose his job. elds even record when your truck I’d running or shut off. it’s already been proven they can control the electronics of a truck.
You sir are an idiot. Ask any reputable mechanic that works on these every day. that elog cannot control the truck movement, mechanics, or any other form of “remote control” and it has already been proven that the ELD cannot SHUT DOWN a truck. get educated. The ELD MONITORS the electronics it does NOT control them. quit being stupid and go back to being a steering wheel holder.
Are you willing to put your life on the line so I can prove you wrong. If your not you need to shut your mouth.
Michael ~ the article said the ELDs can make it VULNERABLE to attacks. Not all EOBRS/ELDS are identical. The more information a hacker has, the more they are able to do with that information.
They can go through ELD into your electronics and bypass chip in key. And when you get self driving trucks—-
Michael ~ You apparently did not read the FBI notification
Theyve been shown to short out tge electronics on trucks. Ive seen them wipe out transmission control modules on automatics and witnessed a device nuke the entire inside cab electronics. So yes they are an untested safety risk we as drivers shouldnt have to be forced to use.
Sorry Mike. Wrong again. Wayback with the first quellcoms they could shut you’re truck down after your 10 hours driving or 15 hour work day. It’s a fact! Give it up Mike!
Wrong , but cute
elaborate, so I can publicly embarrass you with facts. ELD’s do NOT control anything on a truck, even the company who has DIRECT access to the unit cannot shut the truck down.
You should really educate yourself on the matters in which you speak. You are spreading obviously false notions. For what purpose I don’t know. But you are way out of your league.
Michael, thinks truck drivers are punch of ignorants, and he is acting he knows better than what most of us know, and he definitely doesn’t know what he is talking about, my eld uses internet I have SIM card with phone number Plus WiFi capability , I can surf the net, I can send email, receive email, if I violate my HOS more then 45 minutes my company can shut me down give commands to my ecm, same way when my after treatment goes bad there is speed sensor that the ecm gives commands to slow down the truck 5mph, but luckily the company never uses that commands because if they give the command in wrong time and in the middle of the highway it can cause accidents.
Michael is talking about the early eld systems that used to use GPS, this is 2020 all ELDs have built in modems with active internet, as for financial hacking it can happen if the company integrates the eld system with their office network.
Eld already contains, driver name, driver license number, company address company Mc# company dot # some company add information of contents of the load you’re hauling, address for your delivery, if a hacker knows you have high value load they can shut you down in the middle of nowhere and then while you’re waiting for mechanic on your bunk bed they can empty your trailer.
I’m SOOOOOOOO glad I’m retired from this crap- enjoy you robots!!!!
No one is exempt really though, it affects us all no matter where we live unless its totally off the grid in another country.
Still reading Trucker News A? LOL 😂
Your point is well taken, but let’s leave the racial slurs out.
Where was race mentioned? Someone always trying to race bait.
Look exactly halfway down the post regarding the school bus.
You gonna cry ?
You mean the big country in Asia that just tried to take down our electrical grid again and is hiding a fugitive that stole military secrets? Yeah- we wouldn’t want to upset them
Have there been actual cases of hackers doing this?
Since Werner pioneered the ELD’s so long ago you would think ALL of the problems would be worked out.
It figures and the biggest culprits are the rogue US spy agencies themselves, “believed to be linked to Al-Qaida”. Truckers are no different than anyone else we have seen the one world agenda coming on for a long time. If the scumbags can hack into Jet aircraft controls then this is a given.
I got scam message on Qualcomm saying “ Kevin Gate has violated hours of service and must stop vehicle immediately” I just started driving 2 hours ago smh
I knew it was gonna b l8ke this .!!! First they will hack drivers .
information.
I hope CL Werner burns in hell. He came up with installing these devices in his trucks to exclude smaller companies from commercial driving. Only a dummy works for Werner and is happy about it
HATE ME
When they say “HACKERS “ do they mean people who work for big CORPORATIONS?
Blue horseshoe loves ANDICOTT STEEL.
I would be more concerned about someone trying to nuke us then someone hacking my ELD. If they want to know how many hrs or how many miles I’ve driven go for it. I have better things to worry about like these drivers who seem not to care about anyone else on the road but themselves and that’s fact.
the big companies wanted it, we are stuck with it
exact why my elog is on a separate tablet and only email on it is
Driver email for the ELD. Wont even use project 44 on my phone
It was rumored that Werner would shut trucks down in the road when drivers went over hours when it first started using them. Never knew if it’s TRUE or not.
The article. as weak as it is plainly stated Information about location, load type. etc could be accessed. And “could” possibly control vehicle functions. Probably monitoring functions but I highly doubt manual fictions like braking or steering. Although lane and collision avoidance monitor and control more and more. My personal pick up truck alarm will disable starter so I’m sure it can easily disable ignition. Law enforcement and me too debate over a vehicle being able to be remotely shut off. These are legitimate concerns. But I too would rather see articles on Driver Compensation take first plate in the news.
Logs are only for a nanny state. If you are too incapable of knowing when you are too tired to drive, then I don’t know what you are good for. Maybe basket weaving, or making mud-pies for mommy. HOS rules are arbitrary and violate basic personal liberty. The whole industry and country would be significantly better off to let drivers develop the professional skills to manage their own time as intelligent adults, themselves – period.
A lot of people on here are saying truck drivers are stupid. They are stupid, because it’s a requirement of the HOS rules, to be stupid. They make you have to play dumb and not do things that are perfectly rational to do, or force you to do what makes no sense. The HOS rules don’t let the driver make the best, or smartest decisions.
LOL, ELD’s were the ‘cure all’ and they were going to make the Trucking industry safer and more streamlined.
I’m so happy to STILL be using dead trees, I wouldn’t haveit any other way.
That’s nothing new! Everything the government touches end up being screwed up or put something in jeopardy!
Werner was a good company back in the 80’s and early 90’ when I drove for them They started going South after CL turned the Company over to the KIDS That was when I quit and got my own Authority in 93 and never looked back
There is no doubt that the FMCSA will mandate all trucking. What we must remembe is, resistance is futile. One must be compliant at all times
Actually it was for 2 reasons
Training new drivers and
Law enforcement doesn’t need much Training to read an eld report on a computer.
Here’s the deal; for all the smarty pants commenters talking about Read before voicing your OPINIONS.
The drivers are in control, if you do not feel SAFE TO DRIVE THEN don’t.
Safety Regulations #390.6; that’s in that Lime Green booklet that’s in your side box underneath your bunk. READ THAT. NUFF SAID!
Also; remember you get paid by the mile not by the HOUR, that means you decide how much you want to make; not some computer 👨💻 geek trying to drive your truck with a computer 👩💻.
AT-WILL EMPLOYMENT does not void WRONGFUL TERMINATION.
Also please BEWARE of the BINDING ARBITRATION CLAUSES HIDDEN IN YOUR APPLICATION PAPERWORK OR YOUR DRIVER HANDBOOK.
#390.6 , you do not have to sign and agree to anything except a W-2 TAX RETURN FORM. LEGALLY that’s all they can deduct from your paycheck.
Unless you sign a form for them to do so, which you don’t have too.
Safety Regulations Code; #390.6, A Commercial Attorney can only help you if you STAND YOUR GROUND AND DO NOT SIGN ANYTHING.
FACT, the ELD my company uses has a phone number and is on a “standard cell service”AND has an I.P. address.
FACT, the ELD my company uses gives load information because we have to enter it and if we enter false information that is a violation for entering false information (similar to falsifying on a log book).
FACT, the ELD my company uses has a specific que for express codes for COMDATA and to pay for a hotel on the company’s account-I drive a daycab-when I have a layover.
And finally, I second and third the notion that ELD=more sleep and safer drivers is a farse!! Some drivers are TRULY trying to “beat the clock” especially when delayed unexpectedly.
On the FBI website
21 July 2020
PIN Number
20200721-001
Please contact the FBI with
any questions related to this
Private Industry Notification
at either your local Cyber
Task Force or FBI CyWatch.The following information is being provided by the FBI, with no
guarantees or warranties, for potential use at the sole discretion
of recipients to protect against cyber threats. This data is
provided to help cyber security professionals and system
administrators guard against the persistent malicious actions of
cyber actors. This product was coordinated with DHS-CISA.
This PIN has been released TLP:WHITE. Subject to standard
copyright rules, TLP:WHITE information may be distributed
without restriction.
Electronic Logging Device Cybersecurity and
Best Practices
Summary
Cyber criminals could exploit vulnerabilities in electronic logging
devices (ELDs), which became required equipment in most commercial
trucking operations as of 16 December 2019 due to a federal
regulatory mandate. Although the mandate seeks to provide safety
and efficiency benefits, it does not contain cybersecurity requirements
for manufacturers or suppliers of ELDs, and there is no requirement
for third-party validation or testing prior to the ELD self-certification
process. This poses a risk to businesses because ELDs create a bridge
between previously unconnected systems critical to trucking
operations. Companies choosing an ELD can mitigate their cyber risk
by following best practices tailored to ELDs. This includes asking the
ELD’s supplier specific questions, some of which are identified in this
PIN.
Just another glaring example of the incompetence in Washington. Do everything your leaders tell you to do. They know better than you do…yea right.
Idiotic story, ELDs can’t control your vehicle now and there is no benefit for a hacker to hack your ELD.
Sorry Mike. Wrong again. Wayback with the first quellcoms they could shut you’re truck down after your 10 hours driving or 15 hour work day. It’s a fact! Give it up Mike!
You know they will say it’s going to cost more money to safely secure the ELDs so no one can hack into them.
this is why ELDS are so great, its a shame they caught on. i enjoyed the fact you could tamper with loc data, time stamps, even administer your own logs to make it look like a company or DoT edit.
as far as the trucks ECU, ELD’s only have read access would have to tamper with the ECU to give the ELD set flags to write access.(these flags change every year and are what tuners use to Gain access the engine management system)