Well, this is neat: Malware activity from Autel scantool

[OVERKILL]

The pics he posted, calling home to China:

The tool:

And his statement:

I don’t buy the clone stuff. This wasn’t cheap and from a reputable supplier

As I've been saying recently, it's only going to get worse as cyberthreats get more complex and "smart devices", as well as connected electronics, often coming from China, become more prolific.

 

[SC Maintenance]

I would like to say I am shocked. Unfortunately I am not.

 

[Trav]

False positive? These tools have to contact home base to get updates etc. The more I think about it is this really a problem?

 

[OVERKILL]

False positive? These tools have to contact home base to get updates etc. The more I think about it is this really a problem?

When I say "phone home" in this instance I don't mean back to Autel:

 

[SC Maintenance]

Well known that a lot of CCP IC's have this functionality built in to them. Completely possible that Autel has nothing to do with it. However anyone that uses a CCP chip knows this. This is why they continue to put varios sanctions on CCP chip manufacture in the name of homeland security. It is in fact a threat.

 

[OVERKILL]

Well known that a lot of CCP IC's have this functionality built in to them. Completely possible that Autel has nothing to do with it. However anyone that uses a CCP chip knows this. This is why they continue to put varios sanctions on CCP chip manufacture in the name of homeland security. It is in fact a threat.

Yup, exactly.

Also, for those who might be wary of the source, Daniel Cuthbert is:

Blackhat/Brucon Review Board & UK Government Cyber Security Advisory Board

This isn't some nobody posting nonsense on twitter for the lul's, he's an SME.

Slight tangent, but the device he's using for his home firewall is "Firewalla", who sell complete solutions at pretty reasonable prices:
Firewalla Products | Firewalla

Pretty comparable price-wise to Ubiquiti.

 

[terry274]

Slight tangent, but the device he's using for his home firewall is "Firewalla", who sell complete solutions at pretty reasonable prices:
Firewalla Products | Firewalla

I considered purchasing a Firewalla before I built my OPNsense box. I decided on the DIY route because it was less expensive and my primary reason at the time was to learn about firewalls and networking.
I think I came in under $150 by purchasing a used computer from Goodwill and a Ruckus access point and network card from Ebay.

 

[Owen Lucas]

Something similar happened to a $2000 Bosch Rexroth Torque Wrench used in factories, except it’s screen disable with malware.

Network-Connected Torque Wrench Used in Factories Is Vulnerable to Ransomware

An attack on Bosch wrenches could lead factory operators to think they properly fastened screws on a car when in fact the bolts are too loose or too tight, resulting in mechanical failure.

www.pcmag.com

 

[terry274]

I had a Chinese robot vacuum. It stayed in constant communication with mainland China according to the DNS logs on my firewall.

 

[Rand]

Something similar happened to a $2000 Bosch Rexroth Torque Wrench used in factories, except it’s screen disable with malware.

Network-Connected Torque Wrench Used in Factories Is Vulnerable to Ransomware

An attack on Bosch wrenches could lead factory operators to think they properly fastened screws on a car when in fact the bolts are too loose or too tight, resulting in mechanical failure.

www.pcmag.com

I'm not sure that is similar but it is disturbing.

 

[terry274]

I'm not sure that is similar but it is disturbing.

Yeah, the Autel shipped from the factory with the malware built in. The Bosch was just hacked.

 

[redhat]

Kinda on/off topic but @OVERKILL or anyone else, do you all know of any open source or even maybe subscription service products that you could spin up on a VM and watch/filter traffic in and out of your network? Beyond an adblocker like Pihole.

Is Alienvault still relevant?

 

[OVERKILL]

Kinda on/off topic but @OVERKILL or anyone else, do you all know of any open source or even maybe subscription service products that you could spin up on a VM and watch/filter traffic in and out of your network? Beyond an adblocker like Pihole.

Is Alienvault still relevant?

Sounds like you want a transparent firewall?

Not going transparent, you can achieve that on the perimeter with PFsense/OPNsense and ntopng, unless you are looking for even more detailed information than it provides?

 

[OVERKILL]

Kinda on/off topic but @OVERKILL or anyone else, do you all know of any open source or even maybe subscription service products that you could spin up on a VM and watch/filter traffic in and out of your network? Beyond an adblocker like Pihole.

Is Alienvault still relevant?

Should also add, this is the detail my UDM SE provides (beyond my PiHole):

 

[redhat]

Thank you. That’s an awesome infographic from the UDM.

 

[dumkid]

I have an Autel scan tool, I've never plugged it into a computer though.

 

[dubber09]

Nothing new, VAX mainframes were doing this in late 70s already.

 

[OVERKILL]

Thank you. That’s an awesome infographic from the UDM.

And, you don't even need the UDM to get this functionality, as they have this puppy now:
Compact UniFi Cloud Gateways - Ubiquiti

 

[OVERKILL]

Nothing new, VAX mainframes were doing this in late 70s already.

They were sending data to China from automotive scan tools? I don't think so... I worked on VAX when I was 13/14.

 

[dubber09]

Lol, not China, USA.