Mechanic computers used to pwn cars in new model-agnostic attack
Proof-of-concept gets shiny sharp new teeth.
Nullcon Hacker Craig Smith has designed an attack whereby a car bearing malicious code could infect computers used in mechanics' workshops. The workshop computers emerge capable of infecting nearly any other vehicle that arrives for service.
Smith's attack is a significant improvement on his proof-of-concept first brewed during 2015 that allowed attackers to deliberately infect a car with code that could then attack repair shop computers used for diagnosis.
From there it could attack any car mechanics attach to the compromised computer.
It has now been overhauled from its basic proof of concept malware to boast machine learning capabilities and can now let attackers do their worst without specialist knowledge or coding.
“These (mechanics) tool have the codes to read and write firmware and if it is compromised by a malicious car it can modify the firmware of other cars that come in afterwards,” Smith told Vulture South at the Nullcon security conference in Goa, India.
“That would be the end-game, the worst thing that could happen.
“There are easier ways to compromise a car dealership – shoddy wifi, whatever – but this is the kind of thing that needs to be considered by anyone making these tools.”
Smith's mechanic malware compromises of learning, simulation, and attack modes. Learning mode monitors network communications between the mechanic's computer and a car, and identifies potential modules. Those modules that diagnosis tools successfully contact are lit up in blue, and the findings are saved to an .ini configuration file along with captured packets.
“It sorts through all the complex stuff for you and just highlights the packets and as a a researcher that is really useful.”
Attack mode fuzzes the information gained in the simulation, and is as a result a bit anarchic. “Everything is point and click up to this point so if there's a crash you're going to have to go and figure out what caused it," Smith told El Reg. The tool also has some intelligence that stops it fuzzing elements like VINs which can cause problems.
Smith, the founder of mechanic-meets-hacker hangout Open Garages, has been lobbying for change in the automotive security space. Through Open Garages Smith has been warning car makers that they need to open up the software running vehicles to allow owners to modify their cars.
Maintaining a lock-down on software essentially means car buyers are more akin to leasers who never truly own their vehicles, Smith says, adding that courts will eventually force manufacturers into action.
Smith is also a member of the I Am The Cavalry group of hackers which are finding success in pushing for better adoption of security controls in cars and medical equipment.
Vehicle manufacturers are more resistant than those in the health sector perhaps, Smith says, because of the many third parties involved in the manufacturing process.®