08 Jun 2017
When you think about it, hospitals are pretty dangerous places. Everyone one with a serious illness is gathered in one place and are frequently visited by healthy people who go back into the regular world. Even if a healthy person doesn’t have someone to visit at the hospital, they’ll have to go at some point to see a doctor. You can see why it’s so important for hospital staff and visitors to thoroughly wash their hands and be hygienic. But this blog is devoted to computer viruses, not real viruses, so what does hospital hygiene have to do with cybersecurity?
Even though hospitals are major targets for cyberattacks, they’re not what we are talking about today. We’re talking about auto dealerships. Auto dealerships are just like hospitals for cars. Anytime a car needs maintenance or has a problem that needs to be fixed, they’re taken to an auto dealership for repair, just like a person with a hospital. Of course, mechanics aren’t washing their hands between every job because cars can’t get viruses like people can. At least they couldn’t in the past. Every day cars with Wi-Fi hotspots, remote parking abilities, and vehicle to vehicle technology are rolling off the line and onto the lot. Cars are more computer than torque today, and that means they are susceptible to viruses. Which turns the average car dealership service department into a hospital. If one car comes in and its malware infected computer is connected to the dealership network not only will their network be infected but every car that’s brought into the dealership and connects to the same network will be sent out carrying the virus.
Just like a contagious virus in a hospital.
And it’s not going to get any easier for car dealerships either. Driverless cars are on the horizon, which means that car dealerships will need to employ tech professionals if they already haven’t. And that’s only to maintain cars and keep them safe, not to protect the dealership’s network from hackers. Dealerships are not only great places to spread viruses, but they handle sensitive information just like any other business. Customer’s names, addresses, phone numbers, and payment information are all given to dealerships by customers under the condition that they will be kept safe. If a dealership fails to do that, the customers will stop coming.
Now you might think this is all speculation and what if, but cybersecurity professionals have already proven that it’s possible. In 2015, Craig Smith presented a device called the ODB GW that used vulnerabilities in the devices that mechanics use to update the software in cars. Smith’s device worked by appearing to be the port behind the dashboard that mechanics connect to, but actually connected the mechanics to a PC that uploaded malware. The kick is that the device only cost Smith $20 to build. Fortunately, Smith was presenting the device to warn people, but that doesn’t change the fact that people have created ways to hack car dealerships.
Auto dealers can’t just shut down their service departments or their payment centers, so they only have one choice: Get with the times or be left behind. Every business should have an IT professional on speed dial, but with the amount of technology being pumped into cars, auto dealers should seriously reconsider the amount of cybersecurity measures they have in place. That could mean anything from a simple audit to hiring a cybersecurity firm that specializes in auto dealerships, it depends on the size of the dealership and amount of security measures already in place. If auto dealers want to keep the cars they service safe and healthy, there’s no debate that they need to get serious about their cybersecurity.