Owner- operators are are more at risk to get hacked than larger carriers. The FBI warns users of ELD risks that the electronic logging devices could potentially bring. Unfortunately the ELD can’t protect all of the drivers logging information against any hackers.
A copy of the advisory lists advice on what you can do to prevent a hack. These hacks could be financially harmful towards carriers and brokers.
“The FBI routinely advises private industry of various cyber threat indicators observed during the course of our investigations. This data is provided in order to help systems administrators guard against the actions of persistent cyber actors.”
The advisory had examined samples of ELDs that could be purchased at retail stores or bought from the manufacturers. Safety is very important to all individuals and companies. Safety matters for the driver, and the equiptment they are using.
“Researchers demonstrated the potential for malicious activity to remotely compromise the ELDs and send instructions to vehicle components to cause the vehicle to behave in unexpected and unwanted ways,” the advisory stated.
It mentioned that even though the ELD are only meant to allow data to be logged from the engine, “in practice some self-certified ELDs allow commands to be sent to the truck engine via their connection to the ECM. Commands passed into the vehicle network through an ELD could affect functions such as vehicle controls and the accuracy of the console display.”
The issue that they’re coming across is that the ELDs are using more advanced functions that are allowing connection to shipping tracking or dispatching sector that can lead to access into the companies business functions.
“Cyber criminals interested in stealing data such as personal information, business and financial records, location history and vehicle tracking or other proprietary data such as lists of customers and cargo can use vulnerabilities in ELDs as a way in to access trucking companies’ enterprise networks and databases,” the advisory warns.
“With that access, financially motivated cyber criminals would also be positioned to install malware such as ransomware, preventing the ELD, the vehicle or connected telematics services such as dispatching or shipment tracking from operating until the ransom is paid.”
Late last year, truck brokers and their carrier customers were victim to a ransomware attack that caused a week long outage. The company that was victimized was Truckstop.com that effected their loadboard, online carrier safety & payment services.
It doesn’t stop there, in February Total Quality Logistics notified carriers that external hackers had gained access to the customers business information by breaching the system. A trucking company filed a lawsuit against Total Quality Logistics which led to employees being fired.
A piece of advice the FBI warns for ELD users of risks is to simply contact the ELD manufacture and require information about cyber security before installing it.
“When contacting suppliers, seek specific and detailed information regarding the security of the entire ELD solution. Because ELDs can include a combination of in-vehicle, communications link, user interface and cloud back-end systems, the supplier should be asked for details that address the cybersecurity of all functions and components.”
The agency also recommended trucking companies follow guidance issued by the Federal Motor Carrier Safety Administration in May, Cybersecurity Best Practices for Integration/Retrofit of Telematics and Aftermarket Electronic Systems.