OIL PAN OR MALWARE?

 

 

It was a very busy weekend. After returning from an unexpected trip I helped a friend out whose car developed an oil leak that I quickly diagnosed as a stripped drain plug bolt. Oil-pan replacement would total about $800 in labor and parts, but Larry’s household budget couldn’t afford the cost of the repair.

I called Larry and offered to repair the existing pan for about $130, and Larry was elated with the news. I raised the car up on the hoist. Sometimes a simple thread chaser would restore the threads, but not on the Larry’s car. It would take a little more effort.

I listened to an Oldies radio station while working. The songs of the 1960s era set a pretty good tempo for me to work by—not too fast, not too slow.

I greased the ream that would cut through the damaged threads; the grease would help the ream’s progress and also capture the metal shavings.

After reaming through the damaged threads, I carefully plucked the stray shavings from the hole with needle-nose pliers. Next, I replaced the ream with a spring-loaded tap and added more grease. I twisted the tap a half-turn, and then backed it out one-quarter of a turn. This would break the chips and ensure a clean set of threads.

When the tap moved freely, I knew that the threads had been cut properly. I used a flapper wheel on a drill to remove loose paint and machining marks. After degreasing the surface of the oil pan, I sprayed flat black paint onto it.

I installed a magnetized replacement drain plug with a nylon sealing washer, lowered the vehicle, added oil and checked for leaks.

Larry would be happy. The total job would cost him considerably less than if I replaced the pan.

This was relaxing—much more than investigating yet another 2017 SUV that was brought in to a facility in Washington, D.C on Saturday. The vehicle experienced runaway acceleration an faulty brakes. Data bus decoding and a special malware “flushing” technique I found to be successful eliminated the threat. The question was asked how to take future preventative measures against the introduction of malware into a vehicle’s network.

It was suggested by one of their experts to filter the CAN data bus traffic with the introduction of a firewall that would detect such malware, but I suggested it would be impractical. When safety data is transmitted to an onboard ECU, even microseconds count. I’ve been working on using a program that builds a white-list of all binaries, processes, scripts and network behavior that the manufacturer of the ECU intended the computer to have. Anything that is not on the white-list is then blocked.

The last time I was called to investigate resulted in developing a program to detect “droppers,” which are malware components designed to install malware (or a back door) through a gateway module. The malware code is sometimes dumped into a single-stage dropper in such a fashion as to avoid detection; or the dropper might download the malware to the gateway once activated by the ignition wake-up signal. This is a two-stage dropper.

Quite some time ago when I began these investigations, I came up with “Firefly,” which, when introduced through the diagnostic connector, would leave “markers” that would leave a complete audit trail of the source and the path of the malware.

I like the simpler, relaxing repair. Give me an oil pan plug anytime.