Well, this is neat: Malware activity from Autel scantool

OVERKILL · Mar 17, 2024

dubber09 said:
Lol, not China, USA.

Not from automotive scan tools (that didn't exist) they weren't, lol.

I'm not QUITE sure of the point you are attempting to make here, but would appreciate some clarification if it isn't too much effort, as it doesn't REALLY seem to be related to the topic of this thread, which is an internet-connected automotive scan tool apparently containing code or an IC that's programmed to access a malicious domain in China.

dubber09 · Mar 17, 2024

The point is that USA was collecting 'telemetry' from VAX computers that were at least sold abroad back in late 70s and there were back doors implemented back then. We just cannot expect 'clean' electronics anymore regardless where they come from.

OVERKILL · Mar 17, 2024

dubber09 said:
The point is that USA was collecting 'telemetry' from VAX computers that were at least sold abroad back in late 70s and there were back doors implemented back then. We just cannot expect 'clean' electronics anymore regardless where they come from.

Thank you! Yes, that's been going on for many decades.

Wasn't the CIA somewhat recently caught tapping the phone of Angela Merkel? Historically, these sorts of things were reserved for higher value targets worthy of surveillance and collecting data on, however more and more we are seeing vulnerabilities, back doors and the like in consumer-grade devices and the purpose is... different, particularly when it comes to botnets, skimming banking and credit card information and selling it on the black market, ID theft...etc.

It's one thing when an American buys a consumer electronic device from a wholly Chinese company and then we later learn that these devices are being hijacked by Chinese cyber terrorists:

It's quite another when it's an automotive scan tool from a reputable company containing a malicious IC (not saying that's the case here, we don't have that info, but it's a possibility).

Do you remember the compromised IC in the Supermicro motherboards? @Rand reminded me of that gem of a story:
Supermicro spy chips, the sequel: It really, really happened, and with bad BIOS and more, insists Bloomberg • The Register

JHZR2 · Mar 18, 2024

OVERKILL said:
When I say "phone home" in this instance I don't mean back to Autel:
View attachment 208879
View attachment 208880

So what are they doing then? Under the false claim of getting updates, they’re giving your home address and vin number so next time it connects they can steal your HDD data?!?

OVERKILL · Mar 18, 2024

JHZR2 said:
So what are they doing then? Under the false claim of getting updates, they’re giving your home address and vin number so next time it connects they can steal your HDD data?!?

No idea, I don't have access to the tool, would be interested to find out, it's accessing a domain that's known to be used for botnets. I'm not sure as to the level of access that tool has, but if it can write things to the modules, there's also potential to infect the vehicle.

bullwinkle · Mar 18, 2024

Sounds like Autel is OUT if one is scan tool shopping… Makes one wonder what other IOT devices have these back doors built in!

JHZR2 · Mar 18, 2024

bullwinkle said:
Sounds like Autel is OUT if one is scan tool shopping… Makes one wonder what other IOT devices have these back doors built in!

Doubt hf or any other Chinese option is valid. Even the us brands may be suspect.

Well, this is neat: Malware activity from Autel scantool

OVERKILL

$100 Site Donor 2021

dubber09

OVERKILL

$100 Site Donor 2021

JHZR2

OVERKILL

$100 Site Donor 2021

bullwinkle

JHZR2

Similar threads