The Federal Bureau of Investigation has released a warning that Electronic Logging Devices can make companies vulnerable to hacking by cyber criminals. The potential damage that could be caused is enormous. And ELDs which are vulnerable include those provided by large, well-known companies.
As the FBI points out, there were no security checks or even quality assurance requirements put in place for ELD suppliers as part of the regulation that mandated them in CMVs. Because of that, the FBI says that most ELDs, including those produced by “well-known companies” did “little to nothing follow cybersecurity best practices” and are considered “vulnerable to compromise.”
ELDs are a vulnerable point through which hackers can access vehicle data remotely. Sensitive data like position, VINs, user IDs, and carrier information like load contents can be pulled in real time from them. Depending on the ELD integration in a company’s network, ELDs could give hackers access to all of the company’s data – potentially including personal information, business and financial records, and more.
Even more concerning though, ELDs provide a point through which hackers could directly “affect functions such as vehicle controls.”
The FBI notice recommends that drivers and companies ask their ELD makers and suppliers a series of questions to make sure that they are taking proper cyber-security measures. The notice does not provide the names of ELD providers which meet the suggested criteria.
A while back I mentioned in conversation here that my Qualcomm not once, but twice in Chicago had a message pop up asking about pairing up with another device. I had it happen again in Ohio. Maybe Cincinnati or Columbus, I can't remember for sure but I did snap a pic this time. Then I see a this article this week and it makes me wonder.
Qualcomm:
Omnitracs (a.k.a. Qualcomm) is a satellite-based messaging system with built-in GPS capabilities built by Qualcomm. It has a small computer screen and keyboard and is tied into the truck’s computer. It allows trucking companies to track where the driver is at, monitor the truck, and send and receive messages with the driver – similar to email.
CMV:
Commercial Motor Vehicle
A CMV is a vehicle that is used as part of a business, is involved in interstate commerce, and may fit any of these descriptions:
Weighs 10,001 pounds or more
Has a gross vehicle weight rating or gross combination weight rating of 10,001 pounds or more
Is designed or used to transport 16 or more passengers (including the driver) not for compensation
Is designed or used to transport 9 or more passengers (including the driver) for compensation
Is transporting hazardous materials in a quantity requiring placards
TWIC:
Transportation Worker Identification Credential
Truck drivers who regularly pick up from or deliver to the shipping ports will often be required to carry a TWIC card.
Your TWIC is a tamper-resistant biometric card which acts as both your identification in secure areas, as well as an indicator of you having passed the necessary security clearance. TWIC cards are valid for five years. The issuance of TWIC cards is overseen by the Transportation Security Administration and the Department of Homeland Security.
HOS:
Hours Of Service
HOS refers to the logbook hours of service regulations.
The Federal Bureau of Investigation has released a warning that Electronic Logging Devices can make companies vulnerable to hacking by cyber criminals. The potential damage that could be caused is enormous. And ELDs which are vulnerable include those provided by large, well-known companies.
As the FBI points out, there were no security checks or even quality assurance requirements put in place for ELD suppliers as part of the regulation that mandated them in CMVs. Because of that, the FBI says that most ELDs, including those produced by “well-known companies” did “little to nothing follow cybersecurity best practices” and are considered “vulnerable to compromise.”
ELDs are a vulnerable point through which hackers can access vehicle data remotely. Sensitive data like position, VINs, user IDs, and carrier information like load contents can be pulled in real time from them. Depending on the ELD integration in a company’s network, ELDs could give hackers access to all of the company’s data – potentially including personal information, business and financial records, and more.
Even more concerning though, ELDs provide a point through which hackers could directly “affect functions such as vehicle controls.”
The FBI notice recommends that drivers and companies ask their ELD makers and suppliers a series of questions to make sure that they are taking proper cyber-security measures. The notice does not provide the names of ELD providers which meet the suggested criteria.
A while back I mentioned in conversation here that my Qualcomm not once, but twice in Chicago had a message pop up asking about pairing up with another device. I had it happen again in Ohio. Maybe Cincinnati or Columbus, I can't remember for sure but I did snap a pic this time. Then I see a this article this week and it makes me wonder.
Qualcomm:
Omnitracs (a.k.a. Qualcomm) is a satellite-based messaging system with built-in GPS capabilities built by Qualcomm. It has a small computer screen and keyboard and is tied into the truck’s computer. It allows trucking companies to track where the driver is at, monitor the truck, and send and receive messages with the driver – similar to email.CMV:
Commercial Motor Vehicle
A CMV is a vehicle that is used as part of a business, is involved in interstate commerce, and may fit any of these descriptions:
TWIC:
Transportation Worker Identification Credential
Truck drivers who regularly pick up from or deliver to the shipping ports will often be required to carry a TWIC card.
Your TWIC is a tamper-resistant biometric card which acts as both your identification in secure areas, as well as an indicator of you having passed the necessary security clearance. TWIC cards are valid for five years. The issuance of TWIC cards is overseen by the Transportation Security Administration and the Department of Homeland Security.
HOS:
Hours Of Service
HOS refers to the logbook hours of service regulations.