Car hack technique uses auto repair shops to spread malware

A recent article, posted by Wired.com, calls attention to the vehicle software vulnerable to a hack via cellular Internet connections, intercepted smartphone signals, and even insurance dongles plugged into dashboards.
Oct. 6, 2015
2 min read

A recent article, posted by Wired.com, calls attention to the vehicle software vulnerable to a hack via cellular Internet connections, intercepted smartphone signals, and even insurance dongles plugged into dashboards. 

"At the Derbycon hacker conference in Louisville, Kentucky last week, security consultant Craig Smith presented a tool designed to find security vulnerabilities in equipment that’s used by mechanics and dealerships to update car software and run vehicle diagnostics, and sold by companies like Snap-on and Bosch. Smith’s invention, built with around $20 of hardware and free software that he’s released on GitHub, is designed to seek out—and hopefully help fix—bugs in those dealership tools that could transform them into a devious method of hacking thousands of vehicles," says the article.

If a hacker were to bring in a malware-harboring car for service, the vehicle could spread that infection to a dealership’s testing equipment, which in turn would spread the malware to every vehicle the dealership services, kicking off an epidemic of nasty code capable of attacking critical driving systems like transmission and brakes, Smith said in his Derbycon talk. He called that car-hacking nightmare scenario an “auto brothel.”

What does this mean?

The suggested attack is hypothetical, but it’s not as far-fetched as it might seem, according to Wired.com. In 2010 and 2011, researchers at the University of California at San Diego and the University of Washington revealed a slew of hackable vulnerabilities in a 2009 Chevy Impala that allowed them to perform tricks like disabling its brakes, although they didn’t name the make or model of the vehicle at the time. 

This attack can be used, like a web, to connect to any and every vehicle that the dealership has worked on. More than anything, this weakness forms a security threat to dealerships and auto shops, alike. To read the article in its entirety, visit: http://www.wired.com/2015/10/car-hacking-tool-turns-repair-shops-malware-brothels/

Sign up for our eNewsletters
Get the latest news and updates

Related

Plews & Edelmann Releases 55 New Parts in January
Solved: Jeep Cherokee won't communicate
A Guide to the Perfect ADAS Calibration Setup
Sponsored
Easily Educate Your Customers and Insurance Adjusters on the Latest in ADAS System Technology
Sponsored

Voice Your Opinion!

To join the conversation, and become an exclusive member of Vehicle Service Pros, create an account today!