Vulnerabilities in ELDs could lead to this, according to new security research. PoC code is included. 🚚 🪱 🛻
Security researchers from Colorado University presented their research paper, "Commercial Vehicle Electronic Logging Device Security: Unmasking the Risk of Truck-to-Truck Cyber Worms." In this paper, they disclose several security vulnerabilities in Electronic Logging Devices (ELDs), which are mandatory for commercial vehicles in the US and are also used in other countries.
Vulnerabilities:
🛻 Wi-Fi and Bluetooth are enabled and not protected, allowing attackers to connect to the ELD and send arbitrary CAN commands.
🛻 The ELD hosts a web server on the LAN and allows firmware updates through its interface.
🛻 ELD firmware can be dumped, reversed, altered to become malicious, and uploaded back to the ELD.
As you can see, the infection process can be fully automated. Researchers have developed a PoC for a "Truck-to-Truck Worm" (!!!) - see the code below.
This is literally the first automotive worm to be made public. :)
Post Credits: Denis Laskov on LinkedIn
Truck to Truck Worm code [Github]:https://github.com/SystemsCyber/Truck-Worm
Comentários