Why Bluetooth technology is a security disaster

Oct. 12, 2017
A teenager can now hack a truck for less than $100.

From the medical devices we rely on to the cell phones and home gadgets we use on a daily basis, it is no secret that Bluetooth technology is changing the way we live our lives. But what if the dearly celebrated convenience and innovation behind wireless connectivity is actually one of our greatest security threats?  

When it comes to the changing landscape of the motor carrier industry, Bluetooth enabled devices are certainly the up-and-coming trend that should be avoided; the National Security Agency (NSA) called Bluetooth “inappropriate” for sensitive operations and advised users to turn off Bluetooth capabilities whenever possible to minimize security risks.

You don’t have to dig too deep for examples of how security flaws in Bluetooth technology become serious threats to our safety. Researchers at IOActive recently discovered the popular Segway hoverboards can be monitored and hacked to lock or halt devices, causing riders to fall off mid-ride. Johnson & Johnson released a warning last fall describing a security vulnerability in its OneTouch Ping insulin pumps, which a hacker could use to overdose diabetic patients. What’s next? It might be the freight trucks on the road carrying thousands of pounds of hazardous chemicals, iPhones or home goods.

Following ongoing national concern surrounding the safety of highways, the Federal Motor Carrier Safety Administration (FMCSA) recently enacted a mandate requiring transportation organizations of a certain scale to use electronic logging devices (ELDs) to record a driver’s Record of Duty Status (RODS) by December 2017, in place of the paper logbooks some drivers currently use. The goal is to more accurately capture hours driven and to avoid drowsy fleet drivers falling asleep at the wheel during long shifts. With the introduction of ELD devices enters Bluetooth technology. Though a Bluetooth-enabled ELD may check all the boxes when it comes to mandate compliance and affordability, what cost are we willing to pay?

The ability for just about anyone to easily hack into a car from across the street was introduced as a reality when Eric Evenchick, founder of CANtact, launched his $60 open-source Controller Area Network (CAN) designed specifically as a simple and accessible hacking device. Furthermore, a group of University of Michigan researchers found that, in general, it is easier to hack big rig trucks than consumer cars. From ignition controls, tire pressure monitoring, GPS navigation, diagnostic and entertainment systems components, the list of wireless capabilities pertaining to the automotive industry goes on and on. This is a huge red flag for fleet owner operators and drivers. Because third-party devices including ELD devices are connected to the vehicle through diagnostic ports, hackers can leverage Bluetooth technology to gain control over various automotive features, such as manipulating acceleration or eliminating a driver’s ability to break.

According to the FMCSA, fleets are provided with a Bluetooth pairing code to enter into the ELD for the data file transfer. However, hackers actively develop tactics that target and exploit these pairing mechanisms. In fact, Intel-funded researchers Avishai Wool and Yaniv Shaked of Tel Aviv University found that a 4-digit PIN can be cracked in less than half a second using an old Pentium III 450MHz computer, and in less than a tenth of a second on a Pentium IV 3Ghz HT computer. Commonly known as the blue backdoor attack, this hack has the potential to not only grant attackers complete control over the device but also to create strategic backdoors as re-entry points for possible continued exploitation in the future. Since a Bluetooth ELD is always on and broadcasting for pairing, hackers and thieves can find a target and open a car door without the key.

While manufacturers attempt to limit the interaction between vehicle systems and capacity of wireless communications, remote attacks on vehicle controls and systems are still a reality. Thanks to the open structure of Bluetooth technology, a thief hacking an ELD device can determine when a fleet driver will need to pull over to stay in Hours of Service (HOS) compliance, and use the opportunity to hijack a vehicle. In another example, a fleet can easily be hacked and controlled by an outsider because the Bluetooth ELD is connected directly to the technology that controls the vehicle’s steering, acceleration and brakes.

With the serious threat of Bluetooth hacking confronting the fleet industry directly, how can fleet managers ensure the safety of their vehicles, cargo and drivers? The best way is to eliminate the risk of Bluetooth hacking all together and adopt a cellular-based ELD solution.

The inevitable reality for the long-distance driver on the nearly empty highway is that Bluetooth devices run a high security risk for both the drivers themselves and the commercial trucks carrying valuable cargo, particularly as they drive through areas without cellular network—still susceptible to Bluetooth hacking and hijacking but no emergency phone calls.

Furthermore, Bluetooth ELDs are unstable and unreliable when it comes to complying with the mandate. Bluetooth ELDs operate over radio frequency that can easily be interrupted, causing ELD data loss. If data isn’t captured, the driver will be found in violation. With a non-Bluetooth device, however, reliability or compliance issues are virtually eliminated because HOS data will be stored despite lack of reception and will automatically upload and sync upon reconnection.

Non-Bluetooth ELD solutions with hidden direct installations not only ensure compliance with the FMCSA’s December 2017 mandate, but also offer comprehensive fleet management services for those who understand that there is no room for compromise when it comes to reliability and safety.

When evaluating ELD solutions, the key consideration is this: Is sacrificing data security, driver safety, and connection reliability really worth a Bluetooth connection, or is FMCSA compliance, data and cargo security, and the safety of drivers worth 10-20 minutes of installation? The answer may ultimately be the difference in your fleet operation’s success. 

Information written and provided by FleetUp. 

Sponsored Recommendations

The impact of electric vehicles on the automotive market

Steps to help prepare your shop for electric vehicles.

The benefits of digital inspection tools

A good diagnostic tool arsenal should help you complete jobs faster and more efficiently.

Tool Review: Mayhew Tools 14-pc Micro Hand Tool Set

Reviewed by Benedict Grubner, technician at Mercedez-Benz of Burlington in Burlington, Massachusetts.

Big-Time Boxes: Korey Wong, Mac Tools

Although this technician works out of his service truck most days, he’ll never give up on his customized jack-o'-lantern-colored Macsimizer.

Voice Your Opinion!

To join the conversation, and become an exclusive member of Vehicle Service Pros, create an account today!