PSA: Keep your VCDS computer up to date and use antimalware software

bhtooefr

TDIClub Enthusiast, ToofTek Inventor
Joined
Oct 16, 2005
Location
Newark, OH
TDI
None
Earlier this month, three Hungarian researchers did a talk at Hacktivity 2015 on potential attacks against cars by installing malware on PCs used to do OBD diagnostics. They used an Audi TT in the proof of concept, running VCDS (although they didn't name it - probably because, for "a few tens of dollars", they were likely running a pirated version) on the PC in question, and demonstrated that they could silently do things like disable airbags. They did not directly attack VCDS, but rather performed replay attacks based the communications that VCDS would make, sitting in between VCDS and the FTDI driver with their malware.

This is not something to panic about, but there are some things that would be wise to consider in light of this.
  • Ensure that any computer that touches a car's data link connector is receiving regular security updates. (Read: stop running XP, it's time to upgrade!) This includes phones and tablets, too, if you're using VCDS Mobile, Torque, or any other diagnostic product. (Read: keep that old tablet that's stuck on Android 4.0 far away from your car's data link connector, and I'd honestly be leery of any iOS devices that can't run iOS 9, based on Apple's current security policies of only reliably supporting the current version of an OS.)
  • Ensure that you have antimalware software installed on any computer that touches a car's DLC. Microsoft offers Security Essentials for Windows Vista and 7, and Windows Defender is included with Windows 8 and 10.
  • If you absolutely must use a machine that no longer has security updates available (for instance, a machine running Windows XP) for car diagnostics, make sure that the machine is never connected to any networks, and do not connect untrusted media (thumb drives and the like) to it.
 

Uwe

Vendor , w/Business number
Joined
Feb 24, 2000
Location
Lansdale, PA, USA
If you're worried about VCDS, check the digital signatures on the EXE and DLL files. Right-click -> Properties -> Digital Signatures tab. Double-click Ross-Tech's signature. If the signature is OK, you can be pretty confident someone hasn't replaced 'em with anything sketchy.





-Uwe-
 

bluesmoker

Veteran Member
Joined
Jun 7, 2006
Location
Maple Ridge, B.C.
TDI
2004 pd 5 speed tip
Earlier this month, three Hungarian researchers did a talk at Hacktivity 2015 on potential attacks against cars by installing malware on PCs used to do OBD diagnostics. They used an Audi TT in the proof of concept, running VCDS (although they didn't name it - probably because, for "a few tens of dollars", they were likely running a pirated version) on the PC in question, and demonstrated that they could silently do things like disable airbags. They did not directly attack VCDS, but rather performed replay attacks based the communications that VCDS would make, sitting in between VCDS and the FTDI driver with their malware.

This is not something to panic about, but there are some things that would be wise to consider in light of this.
  • Ensure that any computer that touches a car's data link connector is receiving regular security updates. (Read: stop running XP, it's time to upgrade!) This includes phones and tablets, too, if you're using VCDS Mobile, Torque, or any other diagnostic product. (Read: keep that old tablet that's stuck on Android 4.0 far away from your car's data link connector, and I'd honestly be leery of any iOS devices that can't run iOS 9, based on Apple's current security policies of only reliably supporting the current version of an OS.)
  • Ensure that you have antimalware software installed on any computer that touches a car's DLC. Microsoft offers Security Essentials for Windows Vista and 7, and Windows Defender is included with Windows 8 and 10.
  • If you absolutely must use a machine that no longer has security updates available (for instance, a machine running Windows XP) for car diagnostics, make sure that the machine is never connected to any networks, and do not connect untrusted media (thumb drives and the like) to it.
xp is supported until 2019 as it is used as an embedded OS in banks ect

a simple change to a registry value will allow critical updates until 2019

The hack, as reported by ZDNet, fools Microsoft into thinking the system is running Windows Embedded POSReady 2009, a variant of XP that's used by ATMs and cash registers. Those systems will keep getting security updates until 2019.

All XP users need to do is create a text file with the following contents:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady]

"Installed"=dword:00000001

Then, change the file extension from “.txt” to “.reg,” and run the file in Windows Explorer. Opening Windows Update at this point should reveal several new security updates.

http://www.pcworld.com/article/2310...-hack-keeps-the-security-updates-rolling.html
 

bhtooefr

TDIClub Enthusiast, ToofTek Inventor
Joined
Oct 16, 2005
Location
Newark, OH
TDI
None
Doing that is against any license agreements, and Microsoft may have ways to detect and block that.
 

tadawson

Veteran Member
Joined
Jun 14, 2013
Location
Lewisville, TX
TDI
2013 Passat TDI SEL, 2015 Passat TDI SEL
And I could care less myself . . . Windows has a net value to me very close to zero, even if my copy is legal and legit. It's not like you are stealing a license, but rather refusing the involuntary screwing of 'planned obsolesence' . . .Myself, I'm not worried .. . .the license is legal, the updates of questionable value, and worst case, you simply upgrade . . .pretty hard to lose here . . .

- Tim
 

JSWTDI09

Top Post Dawg
Joined
Jan 31, 2009
Location
Las Vegas, Nevada
TDI
2009 JSW TDI (gone but not forgotten)
This advise: Keep your (VCDS) computer up to date and use antimalware software

..should apply to all computers whether they run Windows, Android, an Apple OS, a Unix variant, or whatever. There is nothing particularly vulnerable about Windows, VCDS, or VWs that does not also apply to any other program or system. Any computer is a potential target for malware and any dll (or other executable) can be altered. Believing that you are safe is one of the most dangerous thing you can do. This PSA is not really about VCDS (except that someone hacked a version of it), it is good advice for every computer in the world (and this often includes your phone).

Have Fun!

Don
 

tadawson

Veteran Member
Joined
Jun 14, 2013
Location
Lewisville, TX
TDI
2013 Passat TDI SEL, 2015 Passat TDI SEL
Ah, no . . . Windows is massively more vulnerable than a *nix system . . . . do a little reasearch. In just about every challenge, Windows boxes fall in hours, and *nix takes days, if they succeed at all. About the only folks that may actually believe that Win* is competitive with regard to seucrity is theMS marketing dept . . . Commercial *nix serves most major enterprise systems, including internet front ends and portals, and for most variants, there are none of the third party security packages, because they are just inherently secure.

- Tim
 
Last edited:

Lug_Nut

TDIClub Enthusiast, Pre-Forum Veteran Member
Joined
Jun 20, 1998
Location
Sterling, Massachusetts. USA
TDI
none, 2014 Chevy Volt, 1988 Bolens DGT1700H
What tadawson paraphrases is "I rob banks because that's where the money is."
MS has a majority of machines, and the simplest for mommy and grampa to learn, so it is logical to hack into the easier, more plentiful, systems if you want to increase the odds of getting in.
The percentage of Linux, Unix, Apple OS, other OS in the hands of those that will open up for off-shore princes needing a place to deposit their national funds is piddling.
It is the same reason that Toyota Camry is at or near the top of thieves lists. They aren't any less secure than any other car, but it's stolen more often because there are more of them and more parts for all those other Camrys are needed.

Win 98 is no doubt even less secure than XP, but I don't think anyone is actively searching ways to hack in to the dozen or so 98SE machines still in use...
 

bhtooefr

TDIClub Enthusiast, ToofTek Inventor
Joined
Oct 16, 2005
Location
Newark, OH
TDI
None
The other thing with Windows 98 is that it doesn't have much that's exploitable that's running by default, whereas XP has a ton of network services running by default. This means that, at least in some attack scenarios, 98 may well be more secure.
 

JSWTDI09

Top Post Dawg
Joined
Jan 31, 2009
Location
Las Vegas, Nevada
TDI
2009 JSW TDI (gone but not forgotten)
When I made my comments above, I was not intending for this to become a discussion of the security merits of various operating systems. My only point was that there is no such thing as a completely safe computer. Malware can be written for any computer system. Granted, some may be easier to write or have more potential targets but ANY computer security can be breached if you have the desire and the right knowledge. Therefore any (and every) computer should be protected as well as possible. There is no one more vulnerable that a person who believes themselves to be completely safe.

Have Fun!

Don
 

tadawson

Veteran Member
Joined
Jun 14, 2013
Location
Lewisville, TX
TDI
2013 Passat TDI SEL, 2015 Passat TDI SEL
Not at all, and a feeble attempt to defend trash. Most of the core systems in business IT are *nix, because that *IS* where the money is, and they want to keep it. MS is a consumer targeted platform that is far more interested in useless cutesy stuff than security, and thus, is a design that has numerous gaps that MS is either unwilling or incapable of fixing. What other platform do you know that supports an entire industry (anti virus) simply because they can't/won't get it right in the first place?

And 'offshore princes' is not a software security issue - that is a 'deficient between the ears' issue, that no design can fix . . I'm talking about actual OS security . . .

- Tim

What tadawson paraphrases is "I rob banks because that's where the money is."
MS has a majority of machines, and the simplest for mommy and grampa to learn, so it is logical to hack into the easier, more plentiful, systems if you want to increase the odds of getting in.
The percentage of Linux, Unix, Apple OS, other OS in the hands of those that will open up for off-shore princes needing a place to deposit their national funds is piddling.
It is the same reason that Toyota Camry is at or near the top of thieves lists. They aren't any less secure than any other car, but it's stolen more often because there are more of them and more parts for all those other Camrys are needed.

Win 98 is no doubt even less secure than XP, but I don't think anyone is actively searching ways to hack in to the dozen or so 98SE machines still in use...
 

Lug_Nut

TDIClub Enthusiast, Pre-Forum Veteran Member
Joined
Jun 20, 1998
Location
Sterling, Massachusetts. USA
TDI
none, 2014 Chevy Volt, 1988 Bolens DGT1700H
Most of the core systems in business IT are *nix, because that *IS* where the money is, and they want to keep it.
- Tim
Businesses like banks and retailers and restaurant chains?
I've had my financial information compromised by security breaches, and they weren't mine. The breaches were instead at the same businesses that are "safer" because they run "*nix" with full time IT staff to assure that there aren't breaches.
No, they were targeted exactly because "that's where the money is."
 

tadawson

Veteran Member
Joined
Jun 14, 2013
Location
Lewisville, TX
TDI
2013 Passat TDI SEL, 2015 Passat TDI SEL
Typical breaches like that happen on the Win* boxes at the edge, compromising access credentials, not an outright hack of the secure machine . . . same net result to the poor bugger who was affected, unfortunately. We have not, however, seen one of those core systems taken down, which confirms that security in the data center is working.

- Tim
 

BobnOH

not-a-mechanic
Joined
May 29, 2004
Location
central Ohio
TDI
New Beetle 2003 manual
Of course the whole malware problem is moot if you use a dedicated older laptop running XP Pro for the VCDS and nothing else !:)
Don't we wish. If it never connects to the internet chances are better at remaining clean, but it can be infected if any device like a USB stick, flash drive cd, floppy are present.
A lot of folks still use XP and Microsoft no longer supports it.
The bad thing about the various malware is it floats thru the email chain, propagates and is hard to spot.
Best to create a bootable cd that can run an off-line (no windows) scan with an updated definitions file.
 

Jetta_Pilot

Top Post Dawg
Joined
Apr 14, 2005
Location
West Hill, Ont. Nov.12th in Mexico till April 22nd
TDI
2015 Passat Highline TDI Candy White (SEL Premium) long gone 2002 Jetta TDI
Don't we wish. If it never connects to the internet chances are better at remaining clean, but it can be infected if any device like a USB stick, flash drive cd, floppy are present.
A lot of folks still use XP and Microsoft no longer supports it.
The bad thing about the various malware is it floats thru the email chain, propagates and is hard to spot.
Best to create a bootable cd that can run an off-line (no windows) scan with an updated definitions file.
Read what I stated again !!!!!!!!

Of course the whole malware problem is moot if you use a dedicated older laptop running XP Pro for the VCDS and nothing else !
 

BobnOH

not-a-mechanic
Joined
May 29, 2004
Location
central Ohio
TDI
New Beetle 2003 manual
Read what I stated again !!!!!!!!

Of course the whole malware problem is moot if you use a dedicated older laptop running XP Pro for the VCDS and nothing else !
No I'm not gonna read that again.
Did I disagree? Didn't mean too, you were correct. Repeated info with a bit of background, so I thought.
For some nothing else doesn't necessarily mean sans interweb....
My "don't we wish" comment was in reference to Microsoft and their software policy.
 
Last edited:
Top