Electronic logging devices may be a security threat – especially lower-cost devices from smaller providers, according to Glenn Atkinson, Geotab vice president, product safety, speaking at the 2018 Geotab Connect conference in Ontario, Canada.
“It’s surprising the number of small to medium-sized companies that aren’t aware of what they’re putting in their truck,” he said, contending that devices from smaller providers or that were less expensive may not have the security their purchasers think they do.
Like all electronic devices, when ELDs transmit information over-the-air to backend databases, they initiate a process called a handshake. The device transmits a seed-key as a security measure, and like a password might, the seed-key confirms the devices are allowed to share encrypted information with each other.
In some cases, however, that security measure is exactly what makes the device vulnerable to hackers, Atkinson explained.
Students from the heavy-truck cybersecurity engineering program at the University of Tulsa found that those with shorter seed-keys, and those with seed-keys that didn’t change with each use (also known as dynamic seed-keys), were easily hacked.
The students were able to break into ELDs that use only 8-bit or 16-bit seed-key encryption. With shorter keys, students were able to create a program that discovered the key and gain access to the devices with very little effort.
For security reasons, Atkinson said he could not reveal how many devices or what manufacturers were able to be compromised.
The answer, he said, lies in making sure the seed-key for devices is longer and dynamic, using 96-bit or even 256-bit encryption that changes after each handshake.
Fleets should be asking existing or prospective ELD software providers and device companies this and other questions about security. For ELDs you already own, seed-key information should be available online, in the user manual, or by speaking to a company representative.
For those already operating with devices using shorter seed-keys, the answer may be in attaching another device, called a hardware break, into the ELD. Compatible hardware breaks will allow the ELD to function while coming between it and potential hackers. The solution isn’t ideal, because it locks down the device and may make it more difficult to use, but it serves as a stop-gap if fleets don’t want to replace their equipment.
This is a version of an article that originally appeared on Today's Trucking, repurposed through a content sharing agreement.