ODB- GW: A New Hope in Car Malware Detection Mechanism
FREMONT, CA: Security researcher Craig Smith has launched a new device, called ODB-GW (Ol’ Dirty Bastard Gateway), which he presented at the Derbycon hacker conference in Louisville, Kentucky, against the car-hacking concept, which he named as an ‘auto brothel’.
It enables car dealers to find security vulnerabilities in equipments that are used by mechanics and dealerships to update car software and run vehicle diagnostics. According to a report by Andy Greenberg for Wired.com, the device was invented with the help of approximately twenty dollars of hardware and free software and delivered it on Github with an anticipation that it will help testers in fixing the bugs in dealership tools.
Commenting on his new invention, Craig Smith, says, “By learning what vulnerabilities are found in a car diagnostics tool, an attacker can craft malware that will be able to infect that device, and then use it to spread to other cars that the device is plugged into, or even to the dealership’s WiFi network, and spread to WiFi- enabled cars from there.”
Designed to detect bugs, the tool is crafted from a pair of the OBD2 or On-board Diagnostic ports and a resistor and some wiring to create a car’s internal network and a twelve volt power source. It performs a technique called ‘fuzzing’, where it throws random data at a target diagnostic tool until it produces a crash or glitch that might signal a hackable vulnerability. However, Smith believes that an attack on a dealership’s diagnostics tools wouldn’t always mean to be malicious; it could also be aimed at hauling out cryptographic keys or code that would let car hacker hobbyists modify their own vehicles for better or worse.
“Ideally I want people doing security audits in the automotive industry to be checking dealership tools, too. This is the way to do it,” Smith concludes.
By Michael Hedges, VP and CIO, Medtronic
By Susan Doniz, Global CIO, Aimia
By Scott Welty, VP-Retail Strategy, JDA Software
By Deborah Gash, VP & CIO, Saint Luke’s Health System
By Bill Krivoshik, SVP & CIO, Time Warner Inc.
By Alberto Ruocco, CIO, American Electric Power
By Lisa Feldner, VC for Institutional Research & IT, North...
By Jim Kaskade, VP and GM, Big Data & Analytics, CSC
By Tom West, M.B.A., CIO, Nova Southeastern University
By Laura Jackson, Sr. Manager-Risk Management, ABS Consulting
By Bob Fecteau, CIO, SAIC
By Edward Grassia, CIO, Washoe County School District
By Henry Bailey, Global VP, Utilities IBU, SAP
By Elizabeth Hackenson, CIO & SVP of Global Business...
By Rosello, SVP & CIOO, Alliance Data Card Services
By Joseph Santamaria, CIO, PSEG [NYSE: PEG]
By Bill Schimikowski, VP, Customer Experience, Fidelity...
By Chad Lindbloom, CIO, C.H. Robinson
By Denise Zabawski, CIO, Nationwide Children's Hospital
By Charles Koontz, President & CEO, GE Healthcare IT & Chief...