DEF CON 32 - Compromising Electronic Logger & Creating Truck2Truck Worm -Jake Jepson, Rik Chatterjee

Presented by Jake Jepson and Rik Chatterjee, two Systems Engineering Master's students at Colorado State University, this talk delves into the critical security implications within the trucking industry, particularly focusing on Electronic Logging Devices (ELDs). These devices, integral to compliance with Hours of Service regulations, present unique cyber-physical threats due to their networked nature and lack of standardized security protocols. The presentation will walk through examining potential remote exploits via wireless ELD compromise, leading to cyber physical control payloads and even wormable scenarios. Key vulnerabilities identified include insecure defaults and poor security practices shown on a commercially available ELD. These vulnerabilities not only expose truck networks to potential unauthorized control but also highlight systemic issues in device certification and security oversight. The talk will cover their journey from acquiring and reverse engineering ELDs, discovering their common architectures and weaknesses, to demonstrating proof of concept attacks that underline the urgent need for industry-wide security reforms. Notably, Jepson will discuss his first CVE, detailing the coordinated disclosure process and subsequent manufacturer response. This session is semi-technical, ideal for cybersecurity professionals and amateurs alike, interested in vehicle network protocols, and embedded systems security. Prior knowledge of network protocols such as CAN and J1939, along with an understanding of firmware reverse engineering, will enhance the learning experience, but is not required. Tools and techniques used include network scanners, reverse engineering platforms like Ghidra, and various wireless communication methods. By attending this presentation, participants will not only understand the specific security flaws affecting heavy vehicles but also appreciate the broader implications for embedded systems security in transportation. This talk is a call to action for improving security practices and regulatory standards in an increasingly interconnected world.