GM, Chrysler and even Tesla had security flaws in their automobiles exposed and it began a chain reaction of researchers trying to hack into vehicles computer systems. Now, new research shows that the vehicle diagnostics and software upgrade equipment used by car dealerships and mechanic shops could be used to spread malware.

“At the Derbycon hacker conference in Louisville, Kentucky last week, security consultant Craig Smith presented a tool designed to find security vulnerabilities in equipment that’s used by mechanics and dealerships to update car software and run vehicle diagnostics, and sold by companies like Snap-On and Bosch,” according to Wired.

In order to fight against the possible spread of malware, Smith designed a tool that helps detect and fix bugs in these systems. In what would be a very special case, a hacker could bring a car that is infected with malware to the dealership. The machines used to check that vehicle could then become compromised with malware and that’s where a chain reaction could occur between all the other vehicles at the dealership or auto-shop.

“Once you compromise a dealership, you’d have a lot of control,” says Smith, who founded the open source car hacking group Open Garages, and wrote the Car Hacker’s Handbook, according to the report. 

“You could create a malicious car…The worst case would be a virus-like system where a car pulls in, infects the dealership, and the dealership then spreads that infection to all the other cars.”

Special case scenario or not the hack is possible and poses a threat to all auto dealerships. This makes it increasingly harder to trust dealerships but more important outlines the many ways in which many auto-dealers and mechanical workshops are not prepared to deal with such hacks.

Read the full story.