A $20 tool may be the key to one day preventing the spread of malware that could infect the computer systems of thousands of cars. The tool designed by security researcher Craig Smith, tracks down security flaws in testing equipment commonly used to update car software or check vehicle systems.
Author of the 'Car Hacker's Handbook', Smith says that theoretically, a hacker could take a purposely infected vehicle for service to spread malware to the testing equipment which would then spread the malware to other customers’ vehicles, compromising electronically-controlled systems such as braking and steering.
Smith's detection tool, which mimics how a malware-carrying car could infect a dealership’s testing equipment, consists of On-board Diagnostic ports similar to those that mechanics plug their diagnostic tools into in order to access a vehicle's computers network.The tool’s software tests the diagnostic tool with random data until it creates glitches that may represent exploitable security holes.
Security experts say there are many examples of how vulnerable modern cars are with all of their electronic systems. They cite one case where researchers simply relying on an Internet connection, managed to firstly hack the 2014 Jeep Cherokee's entertainment system and then the vehicle’s complete CAN network, controlling everything from braking to steering. (CAN typically connects the car’s central computer to its various electronic subsystems.)
They say there have even been cases where the laser-ranging systems used by experimental self driving cars to detect obstacles have been hacked, which clearly demonstrates how potential security threats will only increase in the future as new cars rely increasingly upon electronic and computer systems.
Smith says by focusing on car dealerships, he hopes to draw attention to "a previously overlooked security concern.”