Security experts are warning that your car dealer and mechanic could be the next victim of a cyber-attack as hackers attempt to gain access to your car’s computer.
The new risk has been highlighted by ‘security consultant’ Craig Smith at the annual Derbycon hacker convention in Louisville, Kentucky, in the US.
According to Smith, car dealers in the future will be subjected to a new hacker technique that involves booking a car in for a service that has malware pre-programmed into its ECU.
When the workshop’s mechanic unknowingly plugs the infected car into their dealership’s diagnostic tool, the virus is uploaded to the dealer’s computer network.
Once uploaded the virus infects the whole computer system allowing the hacker to take control.
Worse still, any subsequent car to be plugged into the same diagnostic tools will be infected.
Smith said once your car is infected the hacker could effectively ‘control’ your car and even go as far as attacking critical driving systems like the transmission, throttle, brakes and, with cars fitted with electronic power steering racks, could create the nightmare scenario where your car’s steering can be manipulated.
Speaking to US tech mag, Wired, Smith, who’s also author of the Car Hacker’s Manual, said: “Once you compromise a dealership, you’d have a lot of control.
“You could create a malicious car…The worst case would be a virus-like system where a car pulls in, infects the dealership, and the dealership then spreads that infection to all the other cars.”
To help protect dealers, Smith has created a device that, he says, can test to see how vulnerable the diagnostic tool and computer are from cyber-attacks.
It’s not just Smith who is voicing concerns about how vulnerable independent and big franchise’s workshops are.
Computer science professor, Stefan Savage, from the University of California is also investigating the risk of hackers attacking diagnostic tools.
Savage told Wired he’s worried about the sheer numbers of cars that could be infected by malware implanted into just one dealer with the scientist estimating over a thousand vehicles per month could be affected.
“If the goal is to create mayhem or plant some kind of car ransomware, then going after the dealership is a fine way to get a lot of cars,” Savage says.
It’s not just malicious hackers both Savage and Smith are worried about.
A new breed of ‘hobbyist’ hackers is emerging who might harness the newly identified security flaw to actively ‘improve’ the cars they drive.
Current hobbyist hacks being discussed include everything from tweaks to improve emissions to huge power boosts.