Two Million Cars Using Wireless Insurance Dongle Vulnerable to Hacking

January 21, 2015 – 8:58 PM

2015 will be a year more smarter than 2014 with smarter mobile devices, smarter home appliances, and yes Smarter Automobiles. Nowadays, there are a number of automobiles companies offering vehicles that run on a mostly drive-by-wire system, meaning that a majority of the controls are electronically controlled, from instrument cluster to steering, brakes, and accelerator as well.

No doubt these systems makes your driving experience better, but at the same time they also increase the risk of getting hacked.

According to a recent research, an electronic dongle used to plugged into the on-board diagnostic port of more than two million cars and trucks contains few security weaknesses that makes them vulnerable to wireless attacks, resulting in taking control of the entire vehicle.

Since 2008, US-based Progressive Insurance has used the SnapShot device in more than two million vehicles. The little device monitors and tracks users’ driving behavior by collecting vehicle location and speed records, in order to help determine if they qualify for lower rates.

However, the security researcher Corey Thuen has revealed that the dongle is insecure and performs no validation or signing of firmware updates. It has no secure boot mechanism, no cellular communications authentication, and uses no secure communications protocols, possibly putting the lives of people inside the vehicle in danger.

Source:
http://thehackernews.com/2015/01/progressive-snapshot-device-hacking-car.html