Posted on 01/21/2015 4:41:43 PM PST by nascarnation
It was a mere two months ago that Israeli cyber-security researchers hacked into a device that plugs into the diagnostic port of a car and determined they could remotely control the vehicle from anywhere in the world. At the time, the simulated attack seemed like the automotive version of a canary in a coal mine. If researchers could breach this one device, perhaps other aftermarket products that plug into diagnostic ports were also vulnerable?
In short order, another cyber-security firm now reports finding serious flaws in a device used by more than 2 million motorists.
Researchers at Florida-based Digital Bond Labs say they have uncovered major problems in a device that Progressive Insurance uses to measure the driving habits of participating customers. By reverse-engineering the dongle, they gained access to a network that allows control of critical vehicle functions, like steering, braking and throttle inputs.
"What we found with this device was that it was designed with no security features," Dale Peterson, founder and CEO of Digital Bond Labs, tells Autoblog. "It wasn't even based on basic security coding practices. ... It's a house that has no doors, no windows and no fences, with valuables inside."
Peterson emphasized this was not a case of researchers exploiting a weakness in the dongle's security; it was simply that no security existed.
ping
No more yankey-my-wanky. The Dongle needs food.
I started seeing those ads maybe a year ago with that floosie, Flo.
I couldn’t believe they were thinking anyone would want a device on their vehicle which allowed their insurance company to spy on them.
Impossible.
Apparently 2 Million volunteered for a small discount
Most people will willingly go into death camps if they are told a good enough story
Another “progressive” idea with unintended consequences.
Car Hacking..according to Flo she says “Nailed It”
Even before this story broke, there’s no way I will give my insurance company access to this information, no matter how funny Flo is.
The issue in NOT with the “Dongle”, Progressive’s or otherwise. The problem is that the OBD II port was developed without security features. The need was to download data. Think of it as an automotive USB port.
I run the Android App, “Torque”, to pull data from my car’s ECU onto my phone.
http://torque-bhp.com/ “Measure the performance of your vehicle”
I have one also (DashCommand) but when the interface box is not plugged in, no big deal.
However, I guess that the Progressive dongle does provide 2-way communication with the ODBII port, negating the need for the hacker to physically connect to the car.
For openers, no conservative in their right mind would do business with an insurance company owned by a left wing Obama supporter.
Also, when I contemplated changing auto insurance carriers a couple of years ago, I found several other well known insurance carriers quoting rates that were a good bit lower than the Progressive quote, and I have an excellent driving record.
Lastly, I would not care how much of a discount they offered, I would never have one of these “big brother” devices installed in my auto.
Sue those lefties put of existence!
Where do you connect your phone? Is the connection a standard USB connection?
How? Braking, throttle, anything else electronic, yes. Maybe using the antilock brake system, or traction control to slow one wheel or the other can affect direction of travel, but outright turning it? Not likely.
A lot of vehicles have electronic boosted power steering these days which interfaces with the computer. That’s how they do the unassisted parallel parking feature.
http://en.wikipedia.org/wiki/Intelligent_Parking_Assist_System
You plug a module (15 bucks on Amazon) into the vehicle OBD diag connector. It communicates with the phone via wifi.
Search for ELM327 module.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.