VisualThreat Presents at POC2014 About "Auto Mobile Malware, Attack Scenarios, and How to Defend"

November 07, 2014

Auto malware is coming at a fast pace. Malicious auto mobile apps can send potentially dangerous CAN message commands into cars via the onboard OBD-II port to control or change the auto's systems and/or status. Drivers may be at risk of being targeted by auto hackers, such as thieves, phishing scams, or nefarious phone attacks. There is currently no solution on the market to specifically defend against such attacks and monitor the communication channels between cars and mobile apps.

Auto malware don't need to damage the car, instead they can leverage traditional phishing or spam tricks to fool drivers, filing the gap between traditional mobile malware and auto domain. In this abstract, we successfully implemented several auto malware demo. For instance, we implemented the first mobile app of auto over-the-air attack. Another example is able to brute-force scan surrounding OBD dongle, measure the distance between mobile and dongle. When the driver is going to leave the car, the malicious code will send "door-open" or "trunk-open" command to car without driver's awareness. When the door is open, the code will send message to remotely hacker about the car's location so that the hacker will come to steal belongings in the car. In this way, we can build up the auto attack scenario database, and use the scenario database for auto security penetration testing.

How to defend against such attacks? We showcase our research findings on the first auto anti-hack solution, adding protection where there presently is none today on the vehicle system to minimize penetration from outside cyber attacks. Our auto security solution can discover and prevent a range of such attack scenarios in real time, including the attacks mentioned by Charlie Miller at Blackhat and Defcon. Our solution is generic, which means firewall signature can be updated from the cloud for different car models.