Cybersecurity vulnerabilities in electronic logging devices and development of a software defined truck testbed

Abstract

This thesis addresses critical cybersecurity vulnerabilities in Electronic Logging Devices (ELDs), mandated equipment for modern commercial trucks, and introduces an innovative solution for comprehensive system testing. Through extensive reverse engineering and practical testing, significant security flaws in commonly used ELDs are uncovered. These vulnerabilities enable unauthorized control over vehicle systems through arbitrary CAN message injection, allow upload of malicious firmware, and most alarmingly, present the potential for a self-propagating truck-to-truck worm. To demonstrate these vulnerabilities, bench-level testing and real-world experiments were conducted using a 2014 Kenworth T270 Class 6 research truck equipped with a vulnerable ELD. The findings reveal how these security weaknesses could lead to widespread disruptions in commercial fleets, with severe safety and operational implications. Addressing the fundamental challenge of disparate design and testing of after-market systems in trucks, this research introduces CANLay, a key networking component of the Software Defined Truck (SDT) concept. CANLay enables the virtualization of in-vehicle networks, facilitating the transportation of Controller Area Network (CAN) data and sensor signals over long-distance networks. This innovation allows for holistic security assessments and efficient testing of integrated vehicle systems, accounting for emergent behaviors that arise from system integration. The efficacy of CANLay in heavy vehicle network performance testing is demonstrated, showcasing its potential to streamline system integration and verification efforts in a versatile digital engineering environment. This work contributes to the field by illuminating current vulnerabilities in mandated trucking technology, demonstrating potential attack vectors, and providing a framework for more comprehensive and efficient testing of integrated vehicle systems. This research underscores the urgent need to improve the security posture of ELD systems and offers recommendations for enhancing their security. The findings and proposed solutions have significant implications for improving cybersecurity in the trucking industry and, by extension, safeguarding critical supply chains.