Imagine malware, capable of infecting a vehicle's network of computers, virtually undetectable, and capable of infecting a laptop-based diagnostic tool through an interface? Even more incredible is the capability of infecting a nearby vehicle--a process called air-gapping--and turning control over to a remote host. Dark Tech Investigations is accepting applications. The technician of the future will have her hands full, combating malware-induced issues. This, of course, is a work of fiction. A fictional investigation that occurred in a fictional place by two fictional investigators. Names have been changed.

On a limited-access roadway in McLean, Virginia, beyond a "Warning" sign identifying a restricted government installation, a four-bay service facility sits in the middle of a cu-de-sac, performing routine maintenance on government vehicles. There is a lower level, however, called "Building 17," that won't even appear in the darkest corners of the Dark Web.
It was in this facility that a vehicle driven by a high-ranking US official was in a bay, under examination by a team of technicians. After unsuccessful attempts to diagnose why the driver experienced runaway acceleration, ineffective braking and steering, members of Dark Tech Investigations were called in. Together, Mike and Ben had over 80 years of experience in automotive and computer technology.
They reviewed the work history: an oil change and tire rotation were the only services performed on the vehicle. A thorough visual inspection revealed no discernible problems. There were no add-on components or systems. The only reason the driver survived was because the vehicle ran out of fuel. Attempts to shift the runaway vehicle into park were ineffective, as were attempts to turn the ignition to OFF.
When a factory scan tool was installed, the investigators observed more phenomena that seemed straight out of a science fiction thriller. Diagnostic fault codes appeared and disappeared. There were blank spots where certain data PIDS should have been. Federal investigators introduced an antivirus program that proved ineffective. The infection persisted, almost like a strain of bacteria that's able to survive extreme antibiotic therapies. Even with every computer replaced, the infection returned. Computer forensics has been crucial in the conviction of terrorists, murderers and other undesirables; but malware introduced for the purpose of controlling vehicles is a new threat to the government experts.
Mike and Ben attempted to recreate the drivability concern and they were successful. The vehicle exhibited runaway acceleration while on the lift. Braking and steering systems were affected. We attempted to record the running data but the critical data streams wouldn't record! That was impossible! Until they discovered that their diagnostic tool became infected! This was the stuff of urban legend; the advanced, persistent threat equivalent of a Sasquatch sighting. This malware had the ability to use high-frequency transmissions to bridge air gaps. Ben and Mike used a CAN payload attack called DARK NEMESIS to search, locate and annihilate the malware. And they were successful. The scan tool and associated software had to be decontaminated. "It is feasible to use high-frequency sounds broadcast over speakers to send network packets," Ben said. Our laptop became infected. And then another laptop became infected.

,

 We determined that the malware possessed high-frequency networking capability after seeing encrypted data packets being sent to and from our infected laptop that had no network connection with--but was in close proximity to--a nearby clean machine. The data packets were transmitted even when the laptop had its Wi-Fi and Bluetooth cards removed! Mike and Ben even disconnected the laptop's power cord so it ran only on battery power to rule out the possibility that it was getting signals over the electrical connection. Nope--our special forensic tools showed the packets kept flowing over the air-gapped laptop. When Mike removed the laptop's internal speaker and microphone, the packets suddenly stopped.
Here is the real nightmare: the infected vehicle was able to infect another nearby vehicle. Now that is in the realm of Dark Technology. Vehicles infecting vehicles, just by being in close proximity with each other, such as in traffic, or in a parking lot. How do you fight that?