Tech News

Car Contagion: Yes they can get malware or hacked

Car Contagion: Yes they can get malware or hacked

car contagion hacks malware problems 2015 techIf Your Car Has a Computer, it could Get Malware or Get Hacked

Anyone remember the good old days when we get computer viruses the old fashioned way? It goes like this. Someone inserts an infected floppy disk, probably a virus-infected operating system or program disk in a drive, the virus loads into memory once the infected program is run and later infects files and executables of clean floppies. Who needs the internet back then to spread malware?  Now the same thing happens on a larger scale. Except today’s newfangled computer-controlled cars are the floppies and the automotive dealership’s computerized diagnostic tools act as the computer.

Someone, malicious or otherwise with a malware-infected car comes into an auto-shop or dealership and gets hooked up to their diagnostic equipment. The malware then gets uploaded to the equipment which, in turn, can spread to uninfected cars. A classic virus infection process. Is it possible? According to Craig Smith, author of the Car Hackers Handbook and founder of open source car hacking group Open Garages, it is.

car contagion malware 2015 tech“Once you compromise the dealership, you have a lot of control…” – Craig Smith.

Control of a lot of vehicles that is. The cars won’t exactly drive by themselves. But a malicious hacker could have potential control of hundreds of vehicles, play God and shut them down or trigger any type of chip-controlled annoyance. Worse if the hacker decides to mess with the brakes during the car’s speed run. Yes, car owners should be very nervous unless they drive the gas-guzzling classics that have no chips on them. Imagine if a car’s GPS system was integrated with another chip-controlled system? An enterprising hacker could shut down the car in the middle of nowhere and demand ransom from the driver just to get it running. Just like that remote-start feature shown in Die Hard 4 only this time, it won’t be 911 in the controls (unless that scene was put there just to emphasize connectivity). A real-world example would be that news where hackers were able to shut down a Chrysler Jeep Cherokee’s brakes resulting in the vehicle running off the road. The very same systems that keep the vehicle safe, secure and comfortable could be used against the owner.

 

Smith demonstrated the possibility at the recent Derbycon hacker conference in Louisville Kentucky using a PC and a very inexpensive tool he crafted that’s used to seek out vulnerabilities of automotive diagnostic systems. The theory is, that if hackers can find the right vulnerability in automotive diagnostic equipment by bombarding it with errors from an infected car, that vulnerability can be used to carry a malware payload that will then be transferred to subsequent vehicles. As more and more equipment and appliance manufacturers think it’s a good idea to add an internet connectivity feature, the more these hacking scenarios get easier. The closest scenario to Craig Smith’s idea was when a team from the University of California and Washington in 2011, tested an auto-dealership attack by hacking into the dealership’s Wi-Fi and later gaining access to the mechanic shop’s diagnostic equipment and gaining access to whatever car was connected to the equipment.

bruce willis justin long diehard movie 2015“…You just get through the Wi-Fi in the dealership’s waiting room, and the attack spreads to the mechanics shop. Any car connected to it, it would be compromised. If the goal is to create mayhem or plant some form of ransomware, then going after the dealership is a fine way to get a lot of cars…”

–Stefan Savage, professor, University of California San Diego

Automotive computers are specialized and not full blown computers that can be loaded with anti-virus or anti-malware programs. But they do have overwritable or updatable firmware, and that firmware can be infected with malicious code. So the best way to avoid the scenarios indicated above, at least for now is to use tools such as what Mr. Smith developed. Tools that check out auto-dealership equipment and the cars themselves. Smith and others like him may have just carved a piece for themselves in the security industry, but that piece goes into the hole the automotive industry created ever since they decided to add chips to cars.

Adding computers to cars created a security hole. That hole just got bigger when those computers became updateable via overwriteable firmware. Made worse when those computers became connected to the internet and can be controlled remotely. Who can blame Mr. Smith for potentially cashing in? But there are others who could do worse, and Mr. Smith and other researchers should be thanked for spreading the awareness of hackable vehicles and creating solutions.

Now that some parties are pushing for driverless, fully automated vehicles, their research becomes all the more important. We have prototypes for driverless cars and maybe someday driverless trucks. It might not be long before some madman actually makes one of Stephen King’s works a reality.

crazy truck 2015

Tech News
@movietvtechgeek

Our technology expert who knows a thing or two about the future, superheroes and Supernatural.

More in Tech News

google goes after uber for self driving theft 2017 images

Google goes after Uber for self driving theft

Jeffrey LangFebruary 25, 2017
Robots that Replace Skilled Labor Should Pay Taxes 2017 images

Robots that Replace Skilled Labor Should Pay Taxes

Marius MaronillaFebruary 23, 2017
Top 10 hottest tech and game changing innovations 2017 images

Top 10 hottest tech and game changing innovations

Jeffrey LangFebruary 22, 2017
The Ultimate Spy Gadget Samsung Galaxy S3 2017 images

The Ultimate Spy Gadget: Samsung Galaxy S3

Marius MaronillaFebruary 20, 2017
yahoo warns on more hack attacks 2017 images

Yahoo warns users on more hack attacks

Jeffrey LangFebruary 16, 2017
From Russia with Love, Take Edward Snowden 2017 images

From Russia with Love, Take Edward Snowden

Marius MaronillaFebruary 16, 2017
Nokia 3310 Memories and the Phone’s Rumored Return 2017 images

Nokia 3310 Memories and the Phone’s Rumored Return

Marius MaronillaFebruary 16, 2017
india online gaming big business 2017

India seeing the rise of online gaming leagues as big business

Jeffrey LangFebruary 16, 2017
samsung chromebook could change everything for google 2017 images

Samsung Chromebook could change everything for Google

Jeffrey LangFebruary 14, 2017

Subscribe to our Daily Newsletter

You will only receive one per day. You'll also get a free THE WALKING DEAD graphic novel with your subscription