“These (mechanics) tool have the codes to read and write firmware and if it is compromised by a malicious car it can modify the firmware of other cars that come in afterwards,” Smith told Vulture South at the Nullcon security conference in Goa, India.

Smith’s mechanic malware compromises of learning, simulation, and attack modes. Learning mode monitors network communications between the mechanic’s computer and a car, and identifies potential modules. Those modules that diagnosis tools successfully contact are lit up in blue, and the findings are saved to an .ini configuration file along with captured packets.

Source: Mechanic computers used to pwn cars in new model-agnostic attack