ODB- GW: A New Hope in Car Malware Detection Mechanism
FREMONT, CA: Security researcher Craig Smith has launched a new device, called ODB-GW (Ol’ Dirty Bastard Gateway), which he presented at the Derbycon hacker conference in Louisville, Kentucky, against the car-hacking concept, which he named as an ‘auto brothel’.
It enables car dealers to find security vulnerabilities in equipments that are used by mechanics and dealerships to update car software and run vehicle diagnostics. According to a report by Andy Greenberg for Wired.com, the device was invented with the help of approximately twenty dollars of hardware and free software and delivered it on Github with an anticipation that it will help testers in fixing the bugs in dealership tools.
Commenting on his new invention, Craig Smith, says, “By learning what vulnerabilities are found in a car diagnostics tool, an attacker can craft malware that will be able to infect that device, and then use it to spread to other cars that the device is plugged into, or even to the dealership’s WiFi network, and spread to WiFi- enabled cars from there.”
Designed to detect bugs, the tool is crafted from a pair of the OBD2 or On-board Diagnostic ports and a resistor and some wiring to create a car’s internal network and a twelve volt power source. It performs a technique called ‘fuzzing’, where it throws random data at a target diagnostic tool until it produces a crash or glitch that might signal a hackable vulnerability. However, Smith believes that an attack on a dealership’s diagnostics tools wouldn’t always mean to be malicious; it could also be aimed at hauling out cryptographic keys or code that would let car hacker hobbyists modify their own vehicles for better or worse.
“Ideally I want people doing security audits in the automotive industry to be checking dealership tools, too. This is the way to do it,” Smith concludes.
By Nancy S. Wolk, CIO, Alcoa - Global Business Services
By John Kamin, EVP and CIO, Old National Bancorp
By Gregg T. Martin, VP & CIO, Arnot Health
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
By Bryson Koehler, EVP & CIO, The Weather Company, an IBM...
By Gregory Morrison, SVP & CIO, Cox Enterprises
By Adrian Mebane, VP-Global Ethics & Compliance, The Hershey...
By Lowell Gilvin, Chief Process Officer, Jabil
By Dennis Hodges, CIO, Inteva Products
By Gerri Martin-Flickinger, CIO, Adobe Systems
By Walter Carvalho, VP& Corporate CIO, Carnival Corporation
By Mary Alice Annecharico, SVP & CIO, Henry Ford Health System
By Bernd Schlotter, President of Services, Unify
By Bob Fecteau, CIO, SAIC
By Kushagra Vaid, GM, Server Engineering, Microsoft
By Steve Beason, Enterprise CTO, Scientific Games
By Steve Bein, VP-GIS, Michael Baker International
By Jason Alan Snyder, CTO, Momentum Worldwide
By Jim Whitehurst, CEO, Red Hat
By Alberto Ruocco, CIO, American Electric Power