Hackers Taking Control

I already know about the ransom ware attacks on the hospitals, but what does it have to do with seizing control of this truck? A spurious correlation lead you to make one hell of a reach. Once they gain access to the mobile logging, they'll pretty much have the whole truck? Still don't see it

 

A compromised ELD would only have to be reprogrammed to send commands to the ECM. Technical restrictions to prevent a connected device from performing unauthorized commands would require actual computer security standards to have been formulated and applied (which tends to be very weak), and at least so far as I know, the computers in vehicles were not originally intended to be connected to any devices with remote or Internet connectivity. It is not a question of whether hackers have the knowledge and skill to do it - they do - what actually matters is what an attacker would care to accomplish by it (typical scenario involves a foreign adversary wanting to stir up trouble by disrupting lots of transportation all at once).

Also, taking over trucks and causing trouble would tend to draw a lot of attention and investigation - an adversary hacking an ELD might prefer to limit their activities to long-term surveillance through the ELD.

 

This is what I posted in the o/o part of the forum.

All the program has to do is either mimic can bus commands (it does not need to have passwords or anything like that) to cause serious problems like an engine shut down or light problems, OR it can flood the bus with garbage preventing module-to-module communications.

The app doesn't need to do much, the protocols are software-driven, not hardware, and the "codes" (for lack of a better word) are published by the SAE and the individual truck/engine manufacturing.

The bus is a single physical bus, there are not all these wires carrying all this information to each module, there are bridges within the ECM and PCM that will provide a means to move data to other connected modules.

The point of the paper is clear (link in the original thread), there is a possibility that an ELD app can be easily made to make the engine race, prevent it from reducing the engine speed, or worse mimic the onboard safety features like adaptive cruise to speed up the truck or flood the bus with data to overload the systems to shut them down.

The FMCSA regs are not set to prevent this from happening, I posted in the political forum about Apple and the DoJ lawsuit trying to dismantle Apple's control over quality apps, in this case, the software needs to be controlled like how Apple controls its app store with a clear understanding of standards for the developer to follow to get it published. I feel Android has too many holes and allows the ELD software to be a risk.

Actually, the ELDs do send requests to the ECM for the data, it doesn't monitor the bus to see what's going on, that's not how it works.

 

Not sure if this is still an issue but I did hear that the FBI issued a warning about ELDS in 2020. If I understand correctly if the ELD or hardware is improperly designed it's possible for a hacker to use it as a back door to the carriers server.

FBI issues warning about ELDs