Car hacking via compromised car diagnostic tools

Car hacking is a topic that has received considerable attention from security researchers in the last year or so, and the general public and (hopefully) lawmakers are finally beginning to perceive the danger as real.

Among the researchers that delved into the matter is security consultant Craig Smith, who presented this week at the Derbycon conference the results of his latest efforts: a cheap-to-make testing tool that is made to simulate a car’s system, and to bombard a car dealership’s diagnostic tools with random data in order to discover vulnerabilities that can be exploited to compromise the device.

The idea behind this is that attackers looking to infect as many vehicles as possible with malware could do it by infecting the aforementioned diagnostic tools and, consequently, the cars that get connected to them in the future.

For those interested in more details, here’s a video of Smith’s presentation from Derbycon (via Irongeek):

Don't miss