www.tdiclub.com

Economy - Longevity - Performance
The #1 Source of TDI Information on the Web!
Forums Articles Links Meets
Orders TDI Club Cards TDIFest 2016 Gone, but not forgotten VAG-Com List Unit Conversions TDIClub Chat Thank You




Go Back   TDIClub Forums > VW TDI Discussion Areas > OBD Scanners

OBD Scanners Discussions on using On Board Diagnostic (OBD) scanners/ Diagnostic Equipment related to TDIs

Reply
 
Thread Tools
Old October 23rd, 2015, 19:19   #1
bhtooefr
TDIClub Enthusiast
ToofTek Inventor
 
bhtooefr's Avatar
 
Join Date: Oct 2005
Location: Newark, OH
TDI(s): None
Default PSA: Keep your VCDS computer up to date and use antimalware software

Earlier this month, three Hungarian researchers did a talk at Hacktivity 2015 on potential attacks against cars by installing malware on PCs used to do OBD diagnostics. They used an Audi TT in the proof of concept, running VCDS (although they didn't name it - probably because, for "a few tens of dollars", they were likely running a pirated version) on the PC in question, and demonstrated that they could silently do things like disable airbags. They did not directly attack VCDS, but rather performed replay attacks based the communications that VCDS would make, sitting in between VCDS and the FTDI driver with their malware.

This is not something to panic about, but there are some things that would be wise to consider in light of this.
  • Ensure that any computer that touches a car's data link connector is receiving regular security updates. (Read: stop running XP, it's time to upgrade!) This includes phones and tablets, too, if you're using VCDS Mobile, Torque, or any other diagnostic product. (Read: keep that old tablet that's stuck on Android 4.0 far away from your car's data link connector, and I'd honestly be leery of any iOS devices that can't run iOS 9, based on Apple's current security policies of only reliably supporting the current version of an OS.)
  • Ensure that you have antimalware software installed on any computer that touches a car's DLC. Microsoft offers Security Essentials for Windows Vista and 7, and Windows Defender is included with Windows 8 and 10.
  • If you absolutely must use a machine that no longer has security updates available (for instance, a machine running Windows XP) for car diagnostics, make sure that the machine is never connected to any networks, and do not connect untrusted media (thumb drives and the like) to it.
__________________

Quote:
Originally Posted by Lug_Nut View Post
The really cool ToofTek made "Emperor's Clothes" injector fork risers only worked until someone pointed out that there wasn't any thing there.
bhtooefr is offline   Reply With Quote
Old October 26th, 2015, 10:39   #2
fredthe
Veteran Member
 
Join Date: Jul 2012
Location: Bowie, MD
Default

There is a good summary article also available here: http://www.theregister.co.uk/2015/10...e_car_airbags/
__________________

fredthe is offline   Reply With Quote
Old October 27th, 2015, 08:23   #3
Uwe
 
Uwe's Avatar
 
Join Date: Feb 2000
Location: Lansdale, PA, USA
Default

If you're worried about VCDS, check the digital signatures on the EXE and DLL files. Right-click -> Properties -> Digital Signatures tab. Double-click Ross-Tech's signature. If the signature is OK, you can be pretty confident someone hasn't replaced 'em with anything sketchy.





-Uwe-
__________________
__________________________________________________ ___
VCDS:
Satisfaction guaranteed or double your fault codes back!
Uwe is offline   Reply With Quote
Old October 27th, 2015, 09:39   #4
bluesmoker
Veteran Member
 
bluesmoker's Avatar
 
Join Date: Jun 2006
Location: Maple Ridge, B.C.
Fuel Economy: 57 highway mpg
Default

Quote:
Originally Posted by bhtooefr View Post
Earlier this month, three Hungarian researchers did a talk at Hacktivity 2015 on potential attacks against cars by installing malware on PCs used to do OBD diagnostics. They used an Audi TT in the proof of concept, running VCDS (although they didn't name it - probably because, for "a few tens of dollars", they were likely running a pirated version) on the PC in question, and demonstrated that they could silently do things like disable airbags. They did not directly attack VCDS, but rather performed replay attacks based the communications that VCDS would make, sitting in between VCDS and the FTDI driver with their malware.

This is not something to panic about, but there are some things that would be wise to consider in light of this.
  • Ensure that any computer that touches a car's data link connector is receiving regular security updates. (Read: stop running XP, it's time to upgrade!) This includes phones and tablets, too, if you're using VCDS Mobile, Torque, or any other diagnostic product. (Read: keep that old tablet that's stuck on Android 4.0 far away from your car's data link connector, and I'd honestly be leery of any iOS devices that can't run iOS 9, based on Apple's current security policies of only reliably supporting the current version of an OS.)
  • Ensure that you have antimalware software installed on any computer that touches a car's DLC. Microsoft offers Security Essentials for Windows Vista and 7, and Windows Defender is included with Windows 8 and 10.
  • If you absolutely must use a machine that no longer has security updates available (for instance, a machine running Windows XP) for car diagnostics, make sure that the machine is never connected to any networks, and do not connect untrusted media (thumb drives and the like) to it.
xp is supported until 2019 as it is used as an embedded OS in banks ect

a simple change to a registry value will allow critical updates until 2019

The hack, as reported by ZDNet, fools Microsoft into thinking the system is running Windows Embedded POSReady 2009, a variant of XP that's used by ATMs and cash registers. Those systems will keep getting security updates until 2019.

All XP users need to do is create a text file with the following contents:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady]

"Installed"=dword:00000001

Then, change the file extension from .txt to .reg, and run the file in Windows Explorer. Opening Windows Update at this point should reveal several new security updates.

http://www.pcworld.com/article/23103...s-rolling.html
__________________
2004 pd 5 speed tip,malone tuning stage 1.5 with egr delete
former:1998 red jetta 5 speed man, malone tuning stage 1 with egr delete (it still lives in Maple Ridge)
new gas guzzler: 2001 Mercedes Benz Ml 320
bluesmoker is offline   Reply With Quote
Old October 27th, 2015, 11:15   #5
bhtooefr
TDIClub Enthusiast
ToofTek Inventor
 
bhtooefr's Avatar
 
Join Date: Oct 2005
Location: Newark, OH
TDI(s): None
Default

Doing that is against any license agreements, and Microsoft may have ways to detect and block that.
__________________

Quote:
Originally Posted by Lug_Nut View Post
The really cool ToofTek made "Emperor's Clothes" injector fork risers only worked until someone pointed out that there wasn't any thing there.
bhtooefr is offline   Reply With Quote
Old October 27th, 2015, 22:37   #6
tadawson
Veteran Member
 
Join Date: Jun 2013
Location: Lewisville, TX
Default

And I could care less myself . . . Windows has a net value to me very close to zero, even if my copy is legal and legit. It's not like you are stealing a license, but rather refusing the involuntary screwing of 'planned obsolesence' . . .Myself, I'm not worried .. . .the license is legal, the updates of questionable value, and worst case, you simply upgrade . . .pretty hard to lose here . . .

- Tim
tadawson is offline   Reply With Quote
Old October 27th, 2015, 22:54   #7
JSWTDI09
Veteran Member
 
JSWTDI09's Avatar
 
Join Date: Jan 2009
Location: Las Vegas, Nevada
Default

This advise: Keep your (VCDS) computer up to date and use antimalware software

..should apply to all computers whether they run Windows, Android, an Apple OS, a Unix variant, or whatever. There is nothing particularly vulnerable about Windows, VCDS, or VWs that does not also apply to any other program or system. Any computer is a potential target for malware and any dll (or other executable) can be altered. Believing that you are safe is one of the most dangerous thing you can do. This PSA is not really about VCDS (except that someone hacked a version of it), it is good advice for every computer in the world (and this often includes your phone).

Have Fun!

Don
__________________
2009 Jetta SportWagen TDI (gone but not forgotten)
2018 VW Tiguan SE (I wish it was a TDI)
JSWTDI09 is offline   Reply With Quote
Old October 27th, 2015, 23:24   #8
tadawson
Veteran Member
 
Join Date: Jun 2013
Location: Lewisville, TX
Default

Ah, no . . . Windows is massively more vulnerable than a *nix system . . . . do a little reasearch. In just about every challenge, Windows boxes fall in hours, and *nix takes days, if they succeed at all. About the only folks that may actually believe that Win* is competitive with regard to seucrity is theMS marketing dept . . . Commercial *nix serves most major enterprise systems, including internet front ends and portals, and for most variants, there are none of the third party security packages, because they are just inherently secure.

- Tim

Last edited by tadawson; October 27th, 2015 at 23:26.
tadawson is offline   Reply With Quote
Old November 19th, 2015, 17:22   #9
Lug_Nut
TDIClub Enthusiast
Pre-Forum Veteran Member
 
Lug_Nut's Avatar
 
Join Date: Jun 1998
Location: Sterling, Massachusetts. USA
Fuel Economy: 116 mpg(e), 36 mpg gas, 100 mpg combined
Default

What tadawson paraphrases is "I rob banks because that's where the money is."
MS has a majority of machines, and the simplest for mommy and grampa to learn, so it is logical to hack into the easier, more plentiful, systems if you want to increase the odds of getting in.
The percentage of Linux, Unix, Apple OS, other OS in the hands of those that will open up for off-shore princes needing a place to deposit their national funds is piddling.
It is the same reason that Toyota Camry is at or near the top of thieves lists. They aren't any less secure than any other car, but it's stolen more often because there are more of them and more parts for all those other Camrys are needed.

Win 98 is no doubt even less secure than XP, but I don't think anyone is actively searching ways to hack in to the dozen or so 98SE machines still in use...
__________________
If the quantity of carbonic acid increases in geometric progression,
the augmentation of the temperature will increase nearly in arithmetic progression.

Svante Arrhenius 1896

Cogito ergo soy (I think, therefore: Biodiesel)
Lug_Nut is offline   Reply With Quote
Old November 19th, 2015, 18:38   #10
bhtooefr
TDIClub Enthusiast
ToofTek Inventor
 
bhtooefr's Avatar
 
Join Date: Oct 2005
Location: Newark, OH
TDI(s): None
Default

The other thing with Windows 98 is that it doesn't have much that's exploitable that's running by default, whereas XP has a ton of network services running by default. This means that, at least in some attack scenarios, 98 may well be more secure.
__________________

Quote:
Originally Posted by Lug_Nut View Post
The really cool ToofTek made "Emperor's Clothes" injector fork risers only worked until someone pointed out that there wasn't any thing there.
bhtooefr is offline   Reply With Quote
Old November 19th, 2015, 18:51   #11
JSWTDI09
Veteran Member
 
JSWTDI09's Avatar
 
Join Date: Jan 2009
Location: Las Vegas, Nevada
Default

When I made my comments above, I was not intending for this to become a discussion of the security merits of various operating systems. My only point was that there is no such thing as a completely safe computer. Malware can be written for any computer system. Granted, some may be easier to write or have more potential targets but ANY computer security can be breached if you have the desire and the right knowledge. Therefore any (and every) computer should be protected as well as possible. There is no one more vulnerable that a person who believes themselves to be completely safe.

Have Fun!

Don
__________________
2009 Jetta SportWagen TDI (gone but not forgotten)
2018 VW Tiguan SE (I wish it was a TDI)
JSWTDI09 is offline   Reply With Quote
Old November 20th, 2015, 14:21   #12
tadawson
Veteran Member
 
Join Date: Jun 2013
Location: Lewisville, TX
Default

Not at all, and a feeble attempt to defend trash. Most of the core systems in business IT are *nix, because that *IS* where the money is, and they want to keep it. MS is a consumer targeted platform that is far more interested in useless cutesy stuff than security, and thus, is a design that has numerous gaps that MS is either unwilling or incapable of fixing. What other platform do you know that supports an entire industry (anti virus) simply because they can't/won't get it right in the first place?

And 'offshore princes' is not a software security issue - that is a 'deficient between the ears' issue, that no design can fix . . I'm talking about actual OS security . . .

- Tim

Quote:
Originally Posted by Lug_Nut View Post
What tadawson paraphrases is "I rob banks because that's where the money is."
MS has a majority of machines, and the simplest for mommy and grampa to learn, so it is logical to hack into the easier, more plentiful, systems if you want to increase the odds of getting in.
The percentage of Linux, Unix, Apple OS, other OS in the hands of those that will open up for off-shore princes needing a place to deposit their national funds is piddling.
It is the same reason that Toyota Camry is at or near the top of thieves lists. They aren't any less secure than any other car, but it's stolen more often because there are more of them and more parts for all those other Camrys are needed.

Win 98 is no doubt even less secure than XP, but I don't think anyone is actively searching ways to hack in to the dozen or so 98SE machines still in use...
tadawson is offline   Reply With Quote
Old November 20th, 2015, 18:10   #13
Lug_Nut
TDIClub Enthusiast
Pre-Forum Veteran Member
 
Lug_Nut's Avatar
 
Join Date: Jun 1998
Location: Sterling, Massachusetts. USA
Fuel Economy: 116 mpg(e), 36 mpg gas, 100 mpg combined
Default

Quote:
Originally Posted by tadawson View Post
Most of the core systems in business IT are *nix, because that *IS* where the money is, and they want to keep it.
- Tim
Businesses like banks and retailers and restaurant chains?
I've had my financial information compromised by security breaches, and they weren't mine. The breaches were instead at the same businesses that are "safer" because they run "*nix" with full time IT staff to assure that there aren't breaches.
No, they were targeted exactly because "that's where the money is."
__________________
If the quantity of carbonic acid increases in geometric progression,
the augmentation of the temperature will increase nearly in arithmetic progression.

Svante Arrhenius 1896

Cogito ergo soy (I think, therefore: Biodiesel)
Lug_Nut is offline   Reply With Quote
Old November 20th, 2015, 22:57   #14
tadawson
Veteran Member
 
Join Date: Jun 2013
Location: Lewisville, TX
Default

Typical breaches like that happen on the Win* boxes at the edge, compromising access credentials, not an outright hack of the secure machine . . . same net result to the poor bugger who was affected, unfortunately. We have not, however, seen one of those core systems taken down, which confirms that security in the data center is working.

- Tim
tadawson is offline   Reply With Quote
Old June 5th, 2017, 09:46   #15
Jetta_Pilot
Veteran Member
 
Jetta_Pilot's Avatar
 
Join Date: Apr 2005
Location: West Hill, Ont. Mexico mid October 2018 to end of April 2019
Default

Of course the whole malware problem is moot if you use a dedicated older laptop running XP Pro for the VCDS and nothing else !
__________________
All LED interior bulbs. Several VCDS mods. Darker window tint. EVO skid-plate. Malone Stage 2, Malone DSG tune. Winpower Projector headlights. Angel eyes. LED DRL's. 24mm H&R rear sway bar. Phase 1 & Phase 2 done.
Jetta_Pilot is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
VCDS computer? tinnmann Ontario 5 October 8th, 2015 19:51
Vcds psa tjsean0308 OBD Scanners 3 October 4th, 2015 00:29
VCDS like software for Jeep Wrangler JASONP OBD Scanners 4 May 28th, 2015 06:21
Need someon willing to hook up there vcds software to my mkv ParaCAD South Eastern USA 0 March 13th, 2015 11:12
VCDS Software out of date SledDawg2 OBD Scanners 15 July 26th, 2013 13:04


All times are GMT -7. The time now is 02:27.


Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Copyright - TDIClub Online LTD - 2017
Contact Us | Privacy Statement | Forum Rules | Disclaimer
TDIClub Online Ltd (TDIClub.com) is not affiliated with the VWoA or VWAG and is supported by contributions from viewers like you.
1996 - 2017, All Rights Reserved
Page generated in 0.16922 seconds with 10 queries
[Output: 137.64 Kb. compressed to 115.85 Kb. by saving 21.78 Kb. (15.83%)]