Overview
Explore a DEF CON conference talk where two Colorado State University Systems Engineering Master's students reveal critical security vulnerabilities in Electronic Logging Devices (ELDs) used throughout the trucking industry. Learn about the potential remote exploits through wireless ELD compromise that could lead to cyber-physical control payloads and wormable scenarios. Discover how insecure defaults and poor security practices in commercially available ELDs expose truck networks to unauthorized control and highlight systemic issues in device certification. Follow their journey from reverse engineering ELDs to discovering common architectural weaknesses and demonstrating proof of concept attacks. Gain insights into the coordinated disclosure process of their first CVE and the manufacturer's response. While prior knowledge of network protocols like CAN and J1939 and firmware reverse engineering experience can enhance understanding, the semi-technical presentation remains accessible to both cybersecurity professionals and enthusiasts. Examine the tools and techniques used, including network scanners, Ghidra reverse engineering platform, and various wireless communication methods, while understanding the broader implications for embedded systems security in transportation and the urgent need for industry-wide security reforms.
Syllabus
DEF CON 32 - Compromising Electronic Logger & Creating Truck2Truck Worm -Jake Jepson, Rik Chatterjee
Taught by
DEFCONConference