FBI offers NASTF attendees rundown on cyber threats

April 30, 2018
Attendees at the spring meeting of the National Automotive Service Task Force got a bit of intel into cyber security as FBI Special Agent Paul Schaaf sorted thru the anatomy of a hack and discussed areas of vulnerability within today’s vehicles.

Attendees at the spring meeting of the National Automotive Service Task Force got a bit of intel into cyber security as FBI Special Agent Paul Schaaf sorted thru the anatomy of a hack and discussed areas of vulnerability within today’s vehicles.

“Vehicles today are rolling networks,” said Schaaf, to attendees at the NASTF meeting, held at the Loews Ventana Canyon Resort in Tucson, Arizona. Schaaf noted that today’s cars hold as much as 2.6 miles of wiring connecting systems that communicate with homes, cell phones, vehicle repair facilities, insurance companies, other vehicles and more.

The NASTF meeting took place Monday, April 30, in conjunction with Equipment and Tool Institute ToolTech Conference. 

As vehicle owners demand, and OEMs deliver, more and more communication options in newer makes and models, the opportunity exists for criminals to use insecure systems to access valuable personal information and link to unprotected business data. That access could lead to a number of criminal activities, from workplace disruptions to full-on data theft.

Schaaf referenced a March 2018 article from The Register,“Auto manufacturers are asleep at the wheel when it comes to security,” which should be a red flag to the auto industry and consumers. According to that story from The Register, “Cars are getting smarter every year but their increasing computational power isn’t being backed up by good IT security practices – hacking them is child’s play. That’s the conclusion of a series of speakers at the Kaspersky Security Analyst Summit. These security researchers have demonstrated how easy it is to introduce software into vehicles to steal data, take control of vital functions, get around alarm and electronic key systems and even crash the car.”

Take, for instance, cell phones. Once a phone is plugged into a car the vehicle system can crawl the entire address book, emails lists, copy SMS messages, look into the most visited locations online in the last month. That information, if not protected, can result in easy access for criminals.

“All of this information is stored in plain text and is perfect for those interested in surveillance,” said Schaaf. This data can serve as tentacles to connect hackers to other systems, such as dealerships or service repair facilities, and even reach as far as carmaker internal business systems to create extortion opportunities and ransomware efforts.

He cited a number of reasons why companies get hacked, which included:

  • Failure to check code before it’s deployed
  • Leaving source codes exposed
  • Failure to change default passwords or shared passwords
  • Poor patching practices
  • Human error in social engineering/phishing
  • Poor exfiltration control
  • Failure to recognize infiltration of a system.

Speaking to the NASTF crowd, which included a number of large vendors, Schaaf noted that, “A lot of companies are asking vendors, ‘What are you doing now to secure your products that are put on my network?’”

In the automotive industry, businesses large and small need to view cyber threats as real and dangerous, and worthy of attention.

Sponsored Recommendations

ZEUS+: The Cutting-Edge Diagnostic Solution for Smart, Fast, and Efficient Auto Repairs

The new ZEUS+ simplifies your diagnostic process and guides you through the right repair, avoiding unnecessary steps along the way. It gives you the software coverage, processing...

Diagnostic Pre- and Post-scan Reports are Solid Gold for Profitability

The following article highlights the significance of pre-scans and post-scans, particularly with Snap-on scan tools, showcasing their efficiency in diagnosing issues and preventing...

Unlock Precision and Certainty: TRITON-D10 Webinar Training for Advanced Vehicle Diagnostics

The TRITON-D10 lets you dig deep into the systems of a vehicle and evaluate performance with comparative data, systematically eliminating the unnecessary to provide you with only...

APOLLO-D9: Trustworthy Diagnostics for Precision Repairs

The APOLLO-D9 provides the diagnostic information and resources you need to get the job done. No more hunting through forums or endlessly searching to find the right answers. ...

Voice Your Opinion!

To join the conversation, and become an exclusive member of Vehicle Service Pros, create an account today!