Hack
John Mahoney6 Feb 2016
NEWS

Hackers targeting mechanics to access your vehicle

New cyber security risk involves an infected car uploading virus to dealer’s diagnostic tool that then reinfects your vehicle

Security experts are warning that your car dealer and mechanic could be the next victim of a cyber-attack as hackers attempt to gain access to your car’s computer.

The new risk has been highlighted by ‘security consultant’ Craig Smith at the annual Derbycon hacker convention in Louisville, Kentucky, in the US.

According to Smith, car dealers in the future will be subjected to a new hacker technique that involves booking a car in for a service that has malware pre-programmed into its ECU.

When the workshop’s mechanic unknowingly plugs the infected car into their dealership’s diagnostic tool, the virus is uploaded to the dealer’s computer network.

Once uploaded the virus infects the whole computer system allowing the hacker to take control.

Worse still, any subsequent car to be plugged into the same diagnostic tools will be infected.

Smith said once your car is infected the hacker could effectively ‘control’ your car and even go as far as attacking critical driving systems like the transmission, throttle, brakes and, with cars fitted with electronic power steering racks, could create the nightmare scenario where your car’s steering can be manipulated.

Speaking to US tech mag, Wired, Smith, who’s also author of the Car Hacker’s Manual, said: “Once you compromise a dealership, you’d have a lot of control.

“You could create a malicious car…The worst case would be a virus-like system where a car pulls in, infects the dealership, and the dealership then spreads that infection to all the other cars.”

To help protect dealers, Smith has created a device that, he says, can test to see how vulnerable the diagnostic tool and computer are from cyber-attacks.

It’s not just Smith who is voicing concerns about how vulnerable independent and big franchise’s workshops are.

Computer science professor, Stefan Savage, from the University of California is also investigating the risk of hackers attacking diagnostic tools.

Savage told Wired he’s worried about the sheer numbers of cars that could be infected by malware implanted into just one dealer with the scientist estimating over a thousand vehicles per month could be affected.

“If the goal is to create mayhem or plant some kind of car ransomware, then going after the dealership is a fine way to get a lot of cars,” Savage says.

It’s not just malicious hackers both Savage and Smith are worried about.

A new breed of ‘hobbyist’ hackers is emerging who might harness the newly identified security flaw to actively ‘improve’ the cars they drive.

Current hobbyist hacks being discussed include everything from tweaks to improve emissions to huge power boosts.

Share this article
Our team of independent expert car reviewers and journalistsMeet the team
Stay up to dateBecome a carsales member and get the latest news, reviews and advice straight to your inbox.
Disclaimer
Please see our Editorial Guidelines & Code of Ethics (including for more information about sponsored content and paid events). The information published on this website is of a general nature only and doesn’t consider your particular circumstances or needs.

If the price does not contain the notation that it is "Drive Away", the price may not include additional costs, such as stamp duty and other government charges.
Download the carsales app
    AppStoreDownloadGooglePlayDownload
    App Store and the Apple logo are trademarks of Apple Inc. Google Play and the Google Play logo are trademarks of Google LLC.
    © CAR Group Ltd 1999-2024
    In the spirit of reconciliation we acknowledge the Traditional Custodians of Country throughout Australia and their connections to land, sea and community. We pay our respect to their Elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.