Article Image

IPFS News Link • Privacy Rights

How a Single Car Could Spread Malware to Thousands More

• Wired

Over the last summer, the security research community has proven like never before that cars are vulnerable to hackers—via cellular Internet connections, intercepted smartphone signals, and even insurance dongles plugged into dashboards. Now an automotive security researcher is calling attention to yet another potential inroad to a car's sensitive digital guts: the auto dealerships that sell and maintain those systems.

At the Derbycon hacker conference in Louisville, Kentucky last week, security consultant Craig Smith presented a tool designed to find security vulnerabilities in equipment that's used by mechanics and dealerships to update car software and run vehicle diagnostics, and sold by companies like Snap-On and Bosch. Smith's invention, built with around $20 of hardware and free software that he's released on GitHub, is designed to seek out—and hopefully help fix—bugs in those dealership tools that could transform them into a devious method of hacking thousands of vehicles.

If a hacker were to bring in a malware-harboring car for service, the vehicle could spread that infection to a dealership's testing equipment, which in turn would spread the malware to every vehicle the dealership services, kicking off an epidemic of nasty code capable of attacking critical driving systems like transmission and brakes, Smith said in his Derbycon talk. He called that car-hacking nightmare scenario an "auto brothel."


JonesPlantation