Incident: Potential Car Hacking via Dealership Diagnostic Tools.

Published Date: 2015-10-01

Postmortem Analysis
Timeline 1. The software failure incident mentioned in the article happened at the Derbycon hacker conference in Louisville, Kentucky last week [51582]. Therefore, the software failure incident occurred in September 2015.
System 1. Diagnostic tools used by mechanics and dealerships to update car software and run vehicle diagnostics [51582]
Responsible Organization 1. Automotive security researcher Craig Smith identified vulnerabilities in equipment used by mechanics and dealerships to update car software and run vehicle diagnostics, sold by companies like Snap-On and Bosch [51582].
Impacted Organization 1. Auto dealerships [51582]
Software Causes 1. Vulnerabilities in dealership tools used to update car software and run vehicle diagnostics, allowing for potential hacking of vehicles [51582].
Non-software Causes 1. Lack of proper security measures in dealership equipment used for updating car software and running vehicle diagnostics [51582].
Impacts 1. The software failure incident highlighted the vulnerability of cars to hacking through various means such as cellular Internet connections, intercepted smartphone signals, and dealership diagnostic tools [51582]. 2. The incident demonstrated the potential for a malware-infected car to spread the infection to dealership testing equipment, which could then spread the malware to all other vehicles serviced by the dealership, leading to a widespread epidemic of malicious code capable of attacking critical driving systems like transmission and brakes [51582]. 3. The failure incident exposed flaws in dealership diagnostic tools, such as not checking for the length of a vehicle identification number, which could be exploited to deliver malware payloads and trigger glitches in the software [51582]. 4. Researchers found hackable vulnerabilities in a 2009 Chevy Impala that allowed them to disable its brakes, demonstrating the real-world risks associated with software vulnerabilities in automotive systems [51582]. 5. The incident raised concerns about the potential for malicious attacks on dealership diagnostic tools, which could be used to extract cryptographic keys or alter vehicle settings, posing significant security threats to the automotive industry [51582].
Preventions 1. Implementing robust security measures in dealership diagnostic tools: By ensuring that dealership tools have strong security protocols in place, such as encryption, authentication mechanisms, and regular security updates, the vulnerability exploited by the ODB-GW tool could have been mitigated [51582]. 2. Conducting regular security audits on dealership tools: Regular security audits on the tools used by mechanics and dealerships to update car software and run vehicle diagnostics could have helped identify and address potential vulnerabilities before they could be exploited by malicious actors [51582]. 3. Educating dealership staff on cybersecurity best practices: Providing training to dealership staff on cybersecurity awareness, safe practices, and how to detect and respond to potential security threats could have increased the overall security posture of the dealership's digital systems [51582].
Fixes 1. Conducting security audits in the automotive industry to check dealership tools for vulnerabilities [51582].
References 1. Security consultant Craig Smith presented a tool at the Derbycon hacker conference in Louisville, Kentucky [Article 51582]. 2. Researchers at the University of California at San Diego and the University of Washington revealed vulnerabilities in a 2009 Chevy Impala [Article 51582].

Software Taxonomy of Faults

Category Option Rationale
Recurring multiple_organization (a) The software failure incident related to vulnerabilities in dealership tools that could lead to widespread car hacking has not specifically been mentioned to have happened again within the same organization or with its products and services [51582]. (b) The articles mention a previous incident in 2010 and 2011 where researchers at the University of California at San Diego and the University of Washington revealed hackable vulnerabilities in a 2009 Chevy Impala that allowed them to perform tricks like disabling its brakes. This incident involved exploiting vulnerabilities in a specific vehicle model [51582].
Phase (Design/Operation) design, operation (a) The article discusses a potential software failure incident related to the design phase of automotive systems. Security consultant Craig Smith presented a tool at the Derbycon hacker conference designed to find security vulnerabilities in equipment used by mechanics and dealerships to update car software and run vehicle diagnostics. Smith's tool, called ODB-GW, simulates a malware-carrying car to test for vulnerabilities in dealership tools, potentially leading to a scenario where a dealership's diagnostic tools could be compromised and spread malware to all vehicles serviced by the dealership [51582]. (b) The article also mentions a software failure incident related to the operation phase of automotive systems. Researchers at the University of California at San Diego and the University of Washington revealed hackable vulnerabilities in a 2009 Chevy Impala that allowed them to perform tricks like disabling its brakes. They found that they could break into the dealership's Wi-Fi network and gain access to diagnostic tools via Wi-Fi connections, potentially allowing them to hack any vehicle serviced by the dealership [51582].
Boundary (Internal/External) within_system, outside_system (a) within_system: The software failure incident discussed in the articles is primarily within the system. The failure is related to security vulnerabilities in the equipment used by mechanics and dealerships to update car software and run vehicle diagnostics [51582]. The vulnerability lies in the dealership tools that trust that a car is a car, making them a soft target for potential hacking attacks [51582]. The tool created by security consultant Craig Smith simulates an attack by acting like a malware-carrying car, aiming to find bugs in the dealership tools that could be exploited to infect diagnostic devices [51582]. (b) outside_system: The software failure incident is also influenced by factors outside the system. For example, the vulnerability could be exploited by hackers bringing in malware-harboring cars for service at dealerships, which could then spread the infection to the dealership's testing equipment and subsequently to all other serviced vehicles, creating a widespread epidemic of malicious code capable of attacking critical driving systems [51582]. Additionally, researchers in the past have demonstrated vulnerabilities in vehicles that could be exploited through dealership networks, showing how attacks could spread from the dealership's Wi-Fi network to diagnostic tools and then to any vehicle connected to those tools [51582].
Nature (Human/Non-human) non-human_actions, human_actions (a) The software failure incident occurring due to non-human actions: The incident described in the articles is related to a potential software failure caused by non-human actions, specifically through a simulated attack using a tool created by security consultant Craig Smith. Smith's tool, the ODB-GW, is designed to find security vulnerabilities in equipment used by mechanics and dealerships to update car software and run vehicle diagnostics. By acting like a malware-carrying car, the tool aims to identify bugs in dealership tools that could be exploited to infect diagnostic devices and potentially spread malware to multiple vehicles serviced by the dealership [51582]. (b) The software failure incident occurring due to human actions: The potential software failure incident discussed in the articles could also be attributed to human actions. For instance, the vulnerability scanning software developed by Craig Smith involves techniques like "fuzzing," which involves throwing random data at a target diagnostic tool until it produces a crash or glitch that might signal a hackable vulnerability. Additionally, the scenario presented by Smith where a hacker could plant an Arduino board behind a car's OBD2 port to carry malware and infect diagnostic devices is a human-driven attack strategy that could lead to software failures in dealership tools [51582].
Dimension (Hardware/Software) hardware, software (a) The software failure incident occurring due to hardware: - The incident described in the article involves a potential software failure incident that could occur due to hardware vulnerabilities in dealership tools used for updating car software and running vehicle diagnostics [51582]. - Security consultant Craig Smith presented a tool at the Derbycon hacker conference designed to find security vulnerabilities in equipment used by mechanics and dealerships, which could potentially lead to a scenario where malware could spread from a car to a dealership's testing equipment, and then to all other vehicles serviced by the dealership [51582]. - Smith's invention, the ODB-GW, simulates a malware-carrying car by using OBD2 ports, a resistor, wiring, and a 12-volt power source to impersonate a car when a dealership's diagnostic tool is plugged in, potentially revealing vulnerabilities in the diagnostic tools [51582]. (b) The software failure incident occurring due to software: - The incident also involves software failure incidents that could originate in software vulnerabilities in dealership tools used for updating car software and running vehicle diagnostics [51582]. - Smith's software, used in conjunction with the ODB-GW hardware setup, performs techniques like "fuzzing" to identify vulnerabilities in the dealership tools by throwing random data at them until a crash or glitch occurs, indicating a potential hackable vulnerability [51582]. - Smith mentions finding flaws in the dealership tools he tested, such as one handheld diagnostic tool not checking for the length of a vehicle identification number, which could allow for malware payloads to be delivered [51582].
Objective (Malicious/Non-malicious) malicious (a) The software failure incident described in the articles is related to a malicious objective. The incident involves the creation of a tool by a security consultant, Craig Smith, to find security vulnerabilities in equipment used by mechanics and dealerships to update car software and run vehicle diagnostics. This tool is designed to simulate an attack by acting like a malware-carrying car, potentially infecting dealership tools and spreading malware to multiple vehicles serviced by the dealership. Smith's device, the ODB-GW, is used to perform techniques like "fuzzing" to identify vulnerabilities in dealership tools, which could be exploited by hackers to compromise vehicles and critical driving systems [51582]. The scenario described by Smith involves a potential "auto brothel" attack where a dealership could be compromised, leading to the spread of infections to all other cars serviced by that dealership, highlighting the malicious intent behind the software failure incident. (b) The software failure incident is not related to a non-malicious objective. The focus of the incident is on identifying security vulnerabilities in dealership tools that could be exploited by hackers to compromise vehicles and potentially cause harm. The article does not mention any instances of software failures caused by non-malicious factors such as accidental bugs or faults. The primary concern highlighted in the incident is the intentional creation of a tool to find and exploit weaknesses in dealership equipment for potential malicious purposes [51582].
Intent (Poor/Accidental Decisions) accidental_decisions (a) The intent of the software failure incident related to poor_decisions: - The incident described in the article involves potential vulnerabilities in dealership tools used to update car software and run vehicle diagnostics [51582]. - These vulnerabilities could be exploited by hackers to infect dealership tools and subsequently spread malware to all vehicles serviced by the dealership, leading to a widespread epidemic of malicious code capable of attacking critical driving systems like transmission and brakes [51582]. - The vulnerabilities in the dealership tools could be leveraged to create a scenario where a car infects the dealership, which then spreads the infection to all other cars serviced, demonstrating a significant security threat [51582]. (b) The intent of the software failure incident related to accidental_decisions: - The vulnerabilities in the dealership tools, as highlighted by the security researcher, were not intentionally introduced but rather represent unintended weaknesses that could be exploited by malicious actors [51582]. - The potential for these vulnerabilities to be exploited for malicious purposes, such as creating a virus-like system that spreads through dealership tools to infect multiple vehicles, was not the intended design or purpose of the software but a consequence of the identified flaws [51582].
Capability (Incompetence/Accidental) development_incompetence (a) The software failure incident related to development incompetence can be seen in the article where security consultant Craig Smith presented a tool designed to find security vulnerabilities in equipment used by mechanics and dealerships to update car software and run vehicle diagnostics. Smith's tool, built with around $20 of hardware and free software, is aimed at identifying bugs in dealership tools that could potentially be exploited by hackers to infect thousands of vehicles [51582]. (b) The software failure incident related to accidental factors can be observed in the article where researchers at the University of California at San Diego and the University of Washington discovered hackable vulnerabilities in a 2009 Chevy Impala that allowed them to perform tricks like disabling its brakes. They found that they could break into the dealership's Wi-Fi network and gain access to diagnostic tools via gadgets' Wi-Fi connections, potentially leading to the hacking of any vehicle connected to those tools [51582].
Duration temporary The software failure incident described in the articles can be categorized as a temporary failure. The vulnerability highlighted by the security researcher, Craig Smith, in dealership tools used for updating car software and running diagnostics is a specific circumstance that could lead to potential hacking incidents [51582]. This vulnerability is not a permanent failure affecting all circumstances but rather a specific issue that could be addressed and mitigated to prevent potential security breaches in the future.
Behaviour crash, omission, value, byzantine (a) crash: The article describes a scenario where a hacker could bring in a malware-harboring car for service at a dealership, which could then spread the infection to the dealership's testing equipment, potentially leading to a crash or glitch in the diagnostic tools used by the dealership [51582]. (b) omission: The article mentions a specific vulnerability found in a handheld diagnostic tool where it did not check for the length of a vehicle identification number. This omission could allow an infected vehicle to send a longer number that breaks the diagnostic tool's software, potentially leading to the omission of performing its intended functions [51582]. (c) timing: There is no specific mention of a timing-related failure in the articles provided. (d) value: The vulnerability found in the diagnostic tools, where an infected vehicle could send a longer number than expected, could lead to the diagnostic tool performing its intended functions incorrectly by allowing a malware payload to be delivered [51582]. (e) byzantine: The potential scenario described in the article where a hacker could plant an Arduino board behind a car's OBD2 port to carry malware, ready to infect any diagnostic device plugged into it, could lead to inconsistent responses and interactions within the system, resembling a byzantine behavior [51582]. (f) other: The articles do not provide information on any other specific behavior of the software failure incident.

IoT System Layer

Layer Option Rationale
Perception sensor, actuator, processing_unit, network_communication, embedded_software (a) sensor: The article discusses vulnerabilities in equipment used by mechanics and dealerships to update car software and run vehicle diagnostics. These vulnerabilities could potentially lead to a scenario where a malware-harboring car could infect a dealership's testing equipment, spreading malware to every vehicle serviced by the dealership. This indicates a potential failure related to the sensor layer of the cyber-physical system, where the diagnostic tools may not properly validate inputs from the car's sensors, allowing for malicious data injection [51582]. (b) actuator: The article mentions a hypothetical scenario where a hacker could plant an Arduino board behind a car's OBD2 port to carry malware, ready to infect any diagnostic device plugged into it. This could be seen as a potential failure related to the actuator layer of the cyber-physical system, where the actuator (Arduino board) is compromised to carry out malicious actions [51582]. (c) processing_unit: The article discusses how a testing device created by a security consultant simulates an attack by acting like a malware-carrying car. This device is used to find vulnerabilities in dealership tools that could be exploited to spread malware to multiple vehicles. This indicates a potential failure related to the processing unit layer of the cyber-physical system, where vulnerabilities in the processing of data by the dealership tools could lead to the spread of malware [51582]. (d) network_communication: Researchers in the article demonstrated hackable vulnerabilities in a 2009 Chevy Impala that allowed them to disable its brakes by exploiting weaknesses in the dealership's Wi-Fi network. This indicates a potential failure related to the network communication layer of the cyber-physical system, where vulnerabilities in the network communication infrastructure of the dealership allowed for unauthorized access and control of the vehicle [51582]. (e) embedded_software: The article discusses how vulnerabilities in dealership tools could be exploited to spread malware to vehicles serviced by the dealership. This indicates a potential failure related to the embedded software layer of the cyber-physical system, where vulnerabilities in the software running on the dealership tools could be leveraged to compromise the vehicles' systems [51582].
Communication connectivity_level The failure discussed in the article is related to the communication layer of the cyber-physical system that failed at the connectivity level. The vulnerability exploited by the researcher Craig Smith involved the dealership tools used for updating car software and running vehicle diagnostics. These tools were found to have security vulnerabilities that could be exploited to infect multiple vehicles serviced by the dealership. The attack involved spreading malware from a car to the dealership's testing equipment, which in turn could spread the malware to all other vehicles serviced by the dealership, affecting critical driving systems like transmission and brakes [51582]. This failure was not at the link level (physical layer) but rather at the connectivity level (network or transport layer) where the dealership tools were susceptible to hacks and malware injections.
Application TRUE The software failure incident described in the article [51582] is related to the application layer of the cyber physical system. The failure was due to vulnerabilities in equipment used by mechanics and dealerships to update car software and run vehicle diagnostics. Security consultant Craig Smith presented a tool designed to find security vulnerabilities in these dealership tools, which could potentially be exploited by hackers to infect vehicles with malware. Smith's tool simulated an attack by acting like a malware-carrying car and identified flaws in the dealership tools that could be exploited to deliver a malware payload. This incident highlights the risks associated with bugs and vulnerabilities in the application layer of the automotive cyber physical system.

Other Details

Category Option Rationale
Consequence property, non-human, theoretical_consequence (a) death: The articles do not mention any incidents of people losing their lives due to the software failure. (b) harm: The articles do not mention any incidents of people being physically harmed due to the software failure. (c) basic: The articles do not mention any incidents where people's access to food or shelter was impacted because of the software failure. (d) property: The software failure incident discussed in the articles could potentially impact people's property in the form of their vehicles. The vulnerability in dealership tools could lead to the spreading of malware to vehicles serviced by those dealerships, affecting critical driving systems like transmission and brakes [51582]. (e) delay: The articles do not mention any incidents where people had to postpone an activity due to the software failure. (f) non-human: The software failure incident discussed in the articles primarily focuses on the vulnerability of vehicles to hacking through dealership tools, impacting the vehicles themselves [51582]. (g) no_consequence: The articles do not mention that there were no real observed consequences of the software failure. (h) theoretical_consequence: The articles discuss potential consequences of the software failure, such as the hypothetical scenario of a "auto brothel" attack where malware could spread from a car to dealership tools and then to other vehicles, impacting a large number of cars [51582]. (i) other: The articles do not mention any other specific consequences of the software failure beyond those discussed in the options (a) to (h).
Domain transportation, manufacturing, finance (a) The failed system in the incident was related to the automotive industry, specifically targeting car dealerships and the equipment used by mechanics and dealerships to update car software and run vehicle diagnostics [51582]. This incident highlighted vulnerabilities in the systems used by dealerships, which could potentially lead to widespread hacking of vehicles through infected diagnostic tools. (h) The incident also has implications for the finance industry, as it could potentially involve malicious activities such as extracting cryptographic keys or altering vehicle settings, similar to the Volkswagen emissions scandal [51582]. (m) The incident could also be related to the technology industry, as it involves the development and use of diagnostic tools and software in the automotive sector, showcasing potential security threats that need to be addressed by the auto industry [51582].

Sources

Back to List