GoFetch Side Channel, OpenSSF & Security Education, Fuzzing vs. Formal Verification – ASW #278 – SC Media

0 minutes, 55 seconds Read

In the US (probably other places, too?), commercial trucks (think tractor-trailer, “Semis,” etc) are required to have Electronic Logging Devices(ELD) that track statistics like mileage per day to ensure driver/vehicle safety. Researchers at Colorado State University have discovered that these devices use bluetooth low-energy or wifi for some communication, such as software updates. And the security on these is weak. Did I mention yet that the ELDs connect to the vehicle’s CAN bus?

While the researchers focused on a particular ELD, they believe the different devices out there are are similar enough that these weaknesses are industry-wide: Besides controlling the CAN bus, they were also able to demonstrate a “truck to truck worm” using ESP32 dev boards. In particular I like this, as it’s breaching the concept of an expensive, difficult to learn “industrial” control systems with the ease and availability of controller devices that are becoming very common in consumer products.

We talk about “infrastructure security” and think of power plants and the like. But that 80,000 pound truck barreling down the highway at 60MPH can be a pretty big risk, as well…

This post was originally published on the 3rd party site mentioned in the title of this this site

Similar Posts