For decades European truck drivers have been used to using a tachograph, a device installed in the vehicle that logs driving behavior and helps drivers to comply with regulations related to working hours. The purpose of this implementation is to improve the safety of road users by reducing the number of drowsy drivers on the roads due to long shifts. The US market has introduced similar devices, known as Electronic Logging Devices (ELDs), to keep track of drivers’ working condition. The ELDs not only help the trucking industry to save administrative cost by waving farewell to the commonly-used paper logbooks but also shorten the time needed for inspections. The ELDs provide an automated way of tracking the hours of service, which reduces paperwork and allows easy access to the data if requested by authorities.
Since December 2017, vehicle fleets have been legally required to equipped with ELDs to register hours. These hardware devices may be installed right onto the CAN network, or for instance, as a dongle in the OBD-II port and communicate wirelessly e.g. over Bluetooth with a smartphone or tablet. In recent years, researchers have shown that OBD-II dongles have proven to be insecure and they have been able to write to the CAN bus remotely, which potentially concerns safety.
Since the law came into enforcement, the mandate has become a security threat for the heavy-duty OEMs, even for new vehicles. The reason behind it is because it opens up new remote entry points via internet connectivity into vehicles which did not exist before. Furthermore, it highlights the importance of working on a defense-in-depth approach and not relying on perimeter protection alone.
Written by Christian Sandberg, Volvo AB.
