Hacking mechanic’s workshop to infect cars

Pierluigi Paganini March 14, 2016

Hacking mechanic’s workshop to infect cars, this is the concept behind a new attack technique devised by the hacker Craig Smith.

It might seem far-fetched, it looks like the hacker Craig Smith was able to design a malicious code that could infect computers used in the mechanic’s workworkshop, and these machines can later start infecting other vehicles that are going for service.

Craig Smith is the founder of the Open Garages, a Vehicle Research Labs (VRL) focused around understanding the increasingly complex vehicle systems.  He spends a lot of his time, warning car makers that there is a need to open up their software to owners, to allow them to modify their cars, he is also a member of the I Am The Calvary initiative.

During 2015, Craig Smith presented the world a proof-of-concept code that allows an attacker to infect the car with a malware that could be used also to compromise the computers at the repair workshops. Smith continued to work on his own attack and now the malware used in his proof-of concept was improved in terms of machine learning capabilities. The expert claims that now an attacker without a deep knowledge could use the malware and launch successfully attacks.

“These (mechanics) tool have the codes to read and write firmware and if it is compromised by a malicious car it can modify the firmware of other cars that come in afterwards,” Smith told Vulture South at the Nullcon security conference in Goa, India, as reported by El-Reg.

“There are easier ways to compromise a car dealership – shoddy wifi, whatever – but this is the kind of thing that needs to be considered by anyone making these tools.”

Hacking mechanic's workshop

How does the malware work?

The malware uses a learning mode, to monitor traffic between the Workshop’s computer and the car, and finds out potential modules. Modules where the diagnosis tool was able to contact with success are in blue, and all the findings are saved to a .ini file, alongside with the captured packets.

“It sorts through all the complex stuff for you and just highlights the packets and as a a researcher that is really useful.”

After the learning mode, the malware can switch to the attack mode, and starts fuzzing the information got in the learning mode,

“Everything is point and click up to this point so if there’s a crash you’re going to have to go and figure out what caused it,”.

Even if many details are missing, we can understand that this proof-of-concept if applied to the real word, can be create a lot of damaged if in the wrong hands.

Car makers need to do a bigger effort in allowing hackers to work with them towards understanding their software, and in my opinion maybe even allowing a restrict group of security professions to have full access to cars maker’s software to assess it and find security vulnerability before black hat do it.

About the Author Elsio Pinto

Elsio Pinto (@high54security) is at the moment the Lead McAfee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog McAfee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog McAfee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog http://high54security.blogspot.com/

Edited by Pierluigi Paganini

(Security Affairs – hacking mechanic’s workshop, car hacking)



you might also like

leave a comment