If a hacker were to bring in a malware-harboring car for service, the vehicle could spread that infection to a dealership’s testing equipment, which in turn would spread the malware to every vehicle the dealership services, kicking off an epidemic of nasty code capable of attacking critical driving systems like transmission and brakes.
Once you compromise a dealership, you’d have a lot of control,” “You could create a malicious car…The worst case would be a virus-like system where a car pulls in, infects the dealership, and the dealership then spreads that infection to all the other cars.”
That “auto brothel” attack is hypothetical, but it’s not as farfetched as it might seem. In 2010 and 2011, researchers at the University of California at San Diego and the University of Washington revealed a slew of hackable vulnerabilities in a 2009 Chevy Impala that allowed them to perform tricks like disabling its brakes, although they didn’t name the make or model of the vehicle at the time. One of those attacks was designed to take advantage of an auto dealership: The researchers found that they could break into the dealership’s Wi-Fi network and gain access to the same diagnostic tools. Wi-Fi connections. From there, they could hack any vehicle an infected tool plugged into.
Stefan Savage had said
“Any car ever connected to it, it would compromise,” the computer science professor who led the UCSD team in 2011. “You just get through the Wi-Fi in the dealership’s waiting room and the attack spreads to the mechanics shop.”